The following Fedora EPEL 10.2 Security updates need testing:
Age URL
6 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-1701844e6f
nextcloud-32.0.3-1.el10_2
2 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-633e14145a
roundcubemail-1.6.12-1.el10_2
The following builds have been pushed to Fedora EPEL 10.2 updates-testing
btop-1.4.5-1.el10_2
chromium-143.0.7499.146-1.el10_2
python-beautifulsoup4-4.14.3-1.el10_2
radicale-3.5.10-1.el10_2
rust-reqwest-retry-0.8.0-1.el10_2
rust-reqwest-retry0.7-0.7.0-1.el10_2
rust-retry-policies-0.5.1-1.el10_2
rust-retry-policies0.4-0.4.0-1.el10_2
rust-rustls-pki-types-1.13.2-1.el10_2
rust-rustyline-17.0.2-1.el10_2
rust-rustyline-derive-0.11.1-1.el10_2
rust-rustyline-derive0.10-0.10.0-1.el10_2
rust-rustyline14-14.0.0-1.el10_2
singularity-ce-4.3.6-1.el10_2
Details about builds:
================================================================================
btop-1.4.5-1.el10_2 (FEDORA-EPEL-2025-d1c99269fb)
Modern and colorful command line resource monitor that shows usage and stats
--------------------------------------------------------------------------------
Update Information:
update to 1.4.5
--------------------------------------------------------------------------------
ChangeLog:
--------------------------------------------------------------------------------
================================================================================
chromium-143.0.7499.146-1.el10_2 (FEDORA-EPEL-2025-bb24e345ff)
A WebKit (Blink) powered web browser that Google doesn't want you to use
--------------------------------------------------------------------------------
Update Information:
Update to 143.0.7499.146
* High CVE-2025-14765: Use after free in WebGPU
* High CVE-2025-14766: Out of bounds read and write in V8
* Force dark mode when auto dark mode web content is on
--------------------------------------------------------------------------------
ChangeLog:
* Wed Dec 17 2025 Than Ngo <[email protected]> - 143.0.7499.146-1
- Update to 143.0.7499.146
* High CVE-2025-14765: Use after free in WebGPU
* High CVE-2025-14766: Out of bounds read and write in V8
- Force dark mode when auto dark mode web content is on
- Remove omnibox-next-Improve-cutout-mouse-handling-for-Wayla patch, as it's
merged
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2423106 - CVE-2025-14765 chromium: Chromium: Use after free in
WebGPU allows remote attacker to exploit heap corruption [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2423106
[ 2 ] Bug #2423107 - CVE-2025-14765 chromium: Chromium: Use after free in
WebGPU allows remote attacker to exploit heap corruption [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2423107
[ 3 ] Bug #2423110 - CVE-2025-14766 chromium: Google Chrome V8: Out-of-bounds
read and write leads to heap corruption [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2423110
[ 4 ] Bug #2423111 - CVE-2025-14766 chromium: Google Chrome V8: Out-of-bounds
read and write leads to heap corruption [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2423111
--------------------------------------------------------------------------------
================================================================================
python-beautifulsoup4-4.14.3-1.el10_2 (FEDORA-EPEL-2025-a21868c9a8)
HTML/XML parser for quick-turnaround applications like screen-scraping
--------------------------------------------------------------------------------
Update Information:
Update to latest upstream release beautifulsoup 4.14.3
--------------------------------------------------------------------------------
ChangeLog:
* Fri Dec 5 2025 Terje Rosten <[email protected]> - 4.14.3-1
- 4.14.3
* Mon Sep 29 2025 Terje Rosten <[email protected]> - 4.14.2-1
- 4.14.2
* Sun Sep 28 2025 Terje Rosten <[email protected]> - 4.14.0-1
- 4.14.0
* Fri Sep 19 2025 Python Maint <[email protected]> - 4.13.5-2
- Rebuilt for Python 3.14.0rc3 bytecode
* Sun Aug 24 2025 Terje Rosten <[email protected]> - 4.13.5-1
- 4.13.5
* Fri Aug 15 2025 Python Maint <[email protected]> - 4.13.4-6
- Rebuilt for Python 3.14.0rc2 bytecode
* Fri Jul 25 2025 Fedora Release Engineering <[email protected]> -
4.13.4-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
* Tue Jun 3 2025 Python Maint <[email protected]> - 4.13.4-4
- Rebuilt for Python 3.14
* Mon Jun 2 2025 Python Maint <[email protected]> - 4.13.4-3
- Bootstrap for Python 3.14
* Tue May 27 2025 LumÃr Balhar <[email protected]> - 4.13.4-2
- Skip tests not compatible with Python 3.14 (rhbz#2368745)
* Wed Apr 23 2025 Terje Rosten <[email protected]> - 4.13.4-1
- 4.13.4
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2419156 - python-beautifulsoup4-4.14.3 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2419156
--------------------------------------------------------------------------------
================================================================================
radicale-3.5.10-1.el10_2 (FEDORA-EPEL-2025-d572686166)
A simple CalDAV (calendar) and CardDAV (contact) server
--------------------------------------------------------------------------------
Update Information:
Update to 3.5.10
--------------------------------------------------------------------------------
ChangeLog:
* Thu Dec 18 2025 Peter Bieringer <[email protected]> - 3.5.10-1
- Update to 3.5.10
--------------------------------------------------------------------------------
================================================================================
rust-reqwest-retry-0.8.0-1.el10_2 (FEDORA-EPEL-2025-53f1fe5fb8)
Retry middleware for reqwest
--------------------------------------------------------------------------------
Update Information:
Update rust-retry-policies to 0.5 and rust-reqwest-retry to 0.8, adding compat
packages for the time being.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Dec 18 2025 Benjamin A. Beasley <[email protected]> - 0.8.0-1
- Update to version 0.8.0; Fixes RHBZ#2417278
* Fri Jul 25 2025 Fedora Release Engineering <[email protected]> -
0.7.0-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2366213 - rust-retry-policies-0.5.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2366213
[ 2 ] Bug #2417278 - rust-reqwest-retry-0.8.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2417278
--------------------------------------------------------------------------------
================================================================================
rust-reqwest-retry0.7-0.7.0-1.el10_2 (FEDORA-EPEL-2025-53f1fe5fb8)
Retry middleware for reqwest
--------------------------------------------------------------------------------
Update Information:
Update rust-retry-policies to 0.5 and rust-reqwest-retry to 0.8, adding compat
packages for the time being.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Dec 18 2025 Benjamin A. Beasley <[email protected]> - 0.7.0-1
- Initial compat package
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2366213 - rust-retry-policies-0.5.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2366213
[ 2 ] Bug #2417278 - rust-reqwest-retry-0.8.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2417278
--------------------------------------------------------------------------------
================================================================================
rust-retry-policies-0.5.1-1.el10_2 (FEDORA-EPEL-2025-53f1fe5fb8)
Collection of plug-and-play retry policies for Rust projects
--------------------------------------------------------------------------------
Update Information:
Update rust-retry-policies to 0.5 and rust-reqwest-retry to 0.8, adding compat
packages for the time being.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Dec 18 2025 Benjamin A. Beasley <[email protected]> - 0.5.1-1
- Update to version 0.5.1; Fixes RHBZ#2366213
* Fri Jul 25 2025 Fedora Release Engineering <[email protected]> -
0.4.0-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
* Tue May 13 2025 Benjamin A. Beasley <[email protected]> - 0.4.0-6
- Re-generate with rust2rpm 27
* Tue May 13 2025 Benjamin A. Beasley <[email protected]> - 0.4.0-5
- Remove no-longer-necessary .rpmlintrc file
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2366213 - rust-retry-policies-0.5.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2366213
[ 2 ] Bug #2417278 - rust-reqwest-retry-0.8.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2417278
--------------------------------------------------------------------------------
================================================================================
rust-retry-policies0.4-0.4.0-1.el10_2 (FEDORA-EPEL-2025-53f1fe5fb8)
Collection of plug-and-play retry policies for Rust projects
--------------------------------------------------------------------------------
Update Information:
Update rust-retry-policies to 0.5 and rust-reqwest-retry to 0.8, adding compat
packages for the time being.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Dec 18 2025 Benjamin A. Beasley <[email protected]> - 0.4.0-1
- Initial compat package
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2366213 - rust-retry-policies-0.5.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2366213
[ 2 ] Bug #2417278 - rust-reqwest-retry-0.8.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2417278
--------------------------------------------------------------------------------
================================================================================
rust-rustls-pki-types-1.13.2-1.el10_2 (FEDORA-EPEL-2025-bcc51e1a8f)
Shared types for the rustls PKI ecosystem
--------------------------------------------------------------------------------
Update Information:
Update to version 1.13.2.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Dec 18 2025 Fabio Valentini <[email protected]> - 1.13.2-1
- Update to version 1.13.2; Fixes RHBZ#2419306
--------------------------------------------------------------------------------
================================================================================
rust-rustyline-17.0.2-1.el10_2 (FEDORA-EPEL-2025-6d378daa74)
Readline implementation based on Antirez's Linenoise
--------------------------------------------------------------------------------
Update Information:
Update the rustyline crate to version 17.0.2 and the rustyline-derive crate to
version 0.11.1.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Dec 18 2025 Fabio Valentini <[email protected]> - 17.0.2-1
- Update to version 17.0.2; Fixes RHBZ#2268230
--------------------------------------------------------------------------------
================================================================================
rust-rustyline-derive-0.11.1-1.el10_2 (FEDORA-EPEL-2025-6d378daa74)
Rustyline derive macros (Completer, Helper, Hinter, Highlighter)
--------------------------------------------------------------------------------
Update Information:
Update the rustyline crate to version 17.0.2 and the rustyline-derive crate to
version 0.11.1.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Dec 18 2025 Fabio Valentini <[email protected]> - 0.11.1-1
- Update to version 0.11.1; Fixes RHBZ#2326528
--------------------------------------------------------------------------------
================================================================================
rust-rustyline-derive0.10-0.10.0-1.el10_2 (FEDORA-EPEL-2025-6d378daa74)
Rustyline derive macros (Completer, Helper, Hinter, Highlighter)
--------------------------------------------------------------------------------
Update Information:
Update the rustyline crate to version 17.0.2 and the rustyline-derive crate to
version 0.11.1.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Dec 18 2025 Fabio Valentini <[email protected]> - 0.10.0-1
- Initial import (rustyline-derive 0.10 compat package)
--------------------------------------------------------------------------------
================================================================================
rust-rustyline14-14.0.0-1.el10_2 (FEDORA-EPEL-2025-6d378daa74)
Readline implementation based on Antirez's Linenoise
--------------------------------------------------------------------------------
Update Information:
Update the rustyline crate to version 17.0.2 and the rustyline-derive crate to
version 0.11.1.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Dec 18 2025 Fabio Valentini <[email protected]> - 14.0.0-1
- Initial import (rustyline 14 compat package)
--------------------------------------------------------------------------------
================================================================================
singularity-ce-4.3.6-1.el10_2 (FEDORA-EPEL-2025-f671db26fe)
Application and environment virtualization
--------------------------------------------------------------------------------
Update Information:
Upgrade to 4.3.6 upstream version.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Dec 18 2025 David Trudgian <[email protected]> - 4.3.6-1
- Upgrade to 4.3.6 upstream version.
- Fixes CVE-2025-67499
--------------------------------------------------------------------------------
--
_______________________________________________
epel-devel mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/[email protected]
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
