The following Fedora EPEL 9 Security updates need testing:
Age URL
30 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-9a55de96db
xpdf-4.06-1.el9
6 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-c9895b0a25
python3.11-ldap-epel-3.4.5-1.el9
2 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-0d5788d77e
roundcubemail-1.5.12-1.el9
0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-54c41ca693
singularity-ce-4.3.6-1.el9
0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-ae30e66e01
chromium-143.0.7499.146-1.el9
The following builds have been pushed to Fedora EPEL 9 updates-testing
HepMC3-3.3.1-7.el9
gdu-5.32.0-1.el9
intel-vpl-gpu-rt-25.4.5-1.el9
js-jsroot-7.10.1-1.el9
libvpl-2.16.0-1.el9
libvpl-tools-1.5.0-1.el9
pythia8-8.3.16-1.el9
root-6.38.00-3.el9
ruby-build-20251218-2.el9
tmt-1.64.0-1.el9
Details about builds:
================================================================================
HepMC3-3.3.1-7.el9 (FEDORA-EPEL-2025-aaace928cd)
C++ Event Record for Monte Carlo Generators
--------------------------------------------------------------------------------
Update Information:
ROOT 6.38.00
js-jsroot 7.10.1
pythia8 8.3.16
HepMC3 (rebuilt for root 6.38)
--------------------------------------------------------------------------------
ChangeLog:
* Thu Dec 11 2025 Mattias Ellert <[email protected]> - 3.3.1-7
- Rebuild for root 6.38
- Drop obsolete work-around for ppc64le on EPEL 7
* Fri Sep 19 2025 Python Maint <[email protected]> - 3.3.1-6
- Rebuilt for Python 3.14.0rc3 bytecode
* Fri Aug 15 2025 Python Maint <[email protected]> - 3.3.1-5
- Rebuilt for Python 3.14.0rc2 bytecode
* Wed Jul 23 2025 Fedora Release Engineering <[email protected]> -
3.3.1-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2416990 - root-6.38.00 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2416990
--------------------------------------------------------------------------------
================================================================================
gdu-5.32.0-1.el9 (FEDORA-EPEL-2025-204f4ee0f5)
Fast disk usage analyzer with console interface written in Go
--------------------------------------------------------------------------------
Update Information:
Update to 5.32.0
--------------------------------------------------------------------------------
ChangeLog:
* Fri Dec 19 2025 Mikel Olasagasti Uranga <[email protected]> - 5.32.0-1
- Update to 5.32.0 - Closes rhbz#2416550
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2398344 - CVE-2025-47910 gdu: CrossOriginProtection bypass in
net/http [epel-9]
https://bugzilla.redhat.com/show_bug.cgi?id=2398344
[ 2 ] Bug #2398988 - CVE-2025-47906 gdu: Unexpected paths returned from
LookPath in os/exec [epel-9]
https://bugzilla.redhat.com/show_bug.cgi?id=2398988
[ 3 ] Bug #2407530 - CVE-2025-58189 gdu: go crypto/tls ALPN negotiation error
contains attacker controlled information [epel-9]
https://bugzilla.redhat.com/show_bug.cgi?id=2407530
[ 4 ] Bug #2408984 - CVE-2025-61723 gdu: Quadratic complexity when parsing
some invalid inputs in encoding/pem [epel-9]
https://bugzilla.redhat.com/show_bug.cgi?id=2408984
[ 5 ] Bug #2409927 - CVE-2025-58185 gdu: Parsing DER payload can cause memory
exhaustion in encoding/asn1 [epel-9]
https://bugzilla.redhat.com/show_bug.cgi?id=2409927
[ 6 ] Bug #2410865 - CVE-2025-58188 gdu: Panic when validating certificates
with DSA public keys in crypto/x509 [epel-9]
https://bugzilla.redhat.com/show_bug.cgi?id=2410865
--------------------------------------------------------------------------------
================================================================================
intel-vpl-gpu-rt-25.4.5-1.el9 (FEDORA-EPEL-2025-7b800042f8)
Intel Video Processing Library (Intel VPL) GPU Runtime
--------------------------------------------------------------------------------
Update Information:
Updated Intel libraries.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Dec 19 2025 Simone Caronni <[email protected]> - 25.4.5-1
- Update to 25.4.5
* Mon Sep 29 2025 Simone Caronni <[email protected]> - 25.3.4-1
- Update to 25.3.4
* Mon Aug 25 2025 Simone Caronni <[email protected]> - 25.3.2-1
- Update to 25.3.2
* Thu Jul 24 2025 Fedora Release Engineering <[email protected]> -
25.2.6-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
* Fri Jul 11 2025 Simone Caronni <[email protected]> - 25.2.6-2
- Upload sources to lookaside cache
* Tue Jul 8 2025 Androniychuk, Pavel <[email protected]> - 25.2.6-1
- Update to version 25.2.6
* Mon Jun 23 2025 Simone Caronni <[email protected]> - 25.2.5-1
- Update to 25.2.5
* Wed Apr 16 2025 Simone Caronni <[email protected]> - 25.1.3-1
- Update to 25.1.3.
* Fri Jan 17 2025 Fedora Release Engineering <[email protected]> -
24.4.4-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
* Fri Dec 27 2024 Simone Caronni <[email protected]> - 24.4.4-1
- Update to 24.4.4.
* Thu Nov 28 2024 Simone Caronni <[email protected]> - 24.3.4-1
- Update to 24.3.4.
* Tue Sep 10 2024 Simone Caronni <[email protected]> - 24.3.3-1
- Update to 24.3.3.
* Mon Aug 5 2024 Simone Caronni <[email protected]> - 24.3.1-1
- Update to 24.3.1.
* Thu Jul 18 2024 Fedora Release Engineering <[email protected]> -
24.2.4-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
* Tue Jun 4 2024 Simone Caronni <[email protected]> - 24.2.4-1
- Update to 24.2.4.
* Thu May 23 2024 Simone Caronni <[email protected]> - 24.2.3-1
- Update to 24.2.3.
* Sat May 4 2024 Simone Caronni <[email protected]> - 24.2.2-2
- Require libvpl 2.11.0 for building.
* Sat May 4 2024 Simone Caronni <[email protected]> - 24.2.2-1
- Rename from oneVPL-intel-gpu.
- Update to 24.2.2.
--------------------------------------------------------------------------------
================================================================================
js-jsroot-7.10.1-1.el9 (FEDORA-EPEL-2025-aaace928cd)
JavaScript ROOT - Interactive numerical data analysis graphics
--------------------------------------------------------------------------------
Update Information:
ROOT 6.38.00
js-jsroot 7.10.1
pythia8 8.3.16
HepMC3 (rebuilt for root 6.38)
--------------------------------------------------------------------------------
ChangeLog:
* Tue Dec 9 2025 Mattias Ellert <[email protected]> - 7.10.1-1
- Update to version 7.10.1
* Thu Jul 24 2025 Fedora Release Engineering <[email protected]> -
7.9.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2416990 - root-6.38.00 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2416990
--------------------------------------------------------------------------------
================================================================================
libvpl-2.16.0-1.el9 (FEDORA-EPEL-2025-7b800042f8)
Intel Video Processing Library
--------------------------------------------------------------------------------
Update Information:
Updated Intel libraries.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Dec 19 2025 Simone Caronni <[email protected]> - 1:2.16.0-1
- Update to 2.16.0
* Thu Jul 24 2025 Fedora Release Engineering <[email protected]> -
1:2.15.0-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
libvpl-tools-1.5.0-1.el9 (FEDORA-EPEL-2025-7b800042f8)
Intel Video Processing Library (Intel VPL) Tools
--------------------------------------------------------------------------------
Update Information:
Updated Intel libraries.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Dec 19 2025 Simone Caronni <[email protected]> - 1.5.0-1
- Update to 1.5.0
--------------------------------------------------------------------------------
================================================================================
pythia8-8.3.16-1.el9 (FEDORA-EPEL-2025-aaace928cd)
Pythia Event Generator for High Energy Physics
--------------------------------------------------------------------------------
Update Information:
ROOT 6.38.00
js-jsroot 7.10.1
pythia8 8.3.16
HepMC3 (rebuilt for root 6.38)
--------------------------------------------------------------------------------
ChangeLog:
* Fri Dec 12 2025 Mattias Ellert <[email protected]> - 8.3.16-1
- Update to version 8.3.16
* Fri Jul 25 2025 Fedora Release Engineering <[email protected]> -
8.3.15-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2416990 - root-6.38.00 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2416990
--------------------------------------------------------------------------------
================================================================================
root-6.38.00-3.el9 (FEDORA-EPEL-2025-aaace928cd)
Numerical data analysis framework
--------------------------------------------------------------------------------
Update Information:
ROOT 6.38.00
js-jsroot 7.10.1
pythia8 8.3.16
HepMC3 (rebuilt for root 6.38)
--------------------------------------------------------------------------------
ChangeLog:
* Thu Dec 18 2025 Mattias Ellert <[email protected]> - 6.38.00-3
- Don't install the python modules twice
- Fix Requires and Provides in the python3-root rpm
* Thu Dec 11 2025 Mattias Ellert <[email protected]> - 6.38.00-2
- Skip RPATH using -DCMAKE_SKIP_INSTALL_RPATH:BOOL=ON (replaces
previously used root specific -Drpath:BOOL=OFF no longer available)
- Backport fixes to python module
- Rebuild for pythia8 8.3.16
* Tue Dec 9 2025 Mattias Ellert <[email protected]> - 6.38.00-1
- Update to 6.38.00
- Removed subpackages: root-proof, root-proof-bench, root-proof-player,
root-proof-sessionviewer, root-sql-mysql, root-sql-odbc, root-sql-pgsql
- New subpackages: root-geom-checker, root-gui-treemap,
root-tree-ntuple-browse, root-histv7
- JsMVA python (sub)module dropped from python3-root package
- Compile minuit2 with Open MP support
- Dropped patches: 7
- New patches: 4
* Wed Oct 29 2025 Stephen Gallagher <[email protected]> - 6.36.04-4
- Rebuild for libarrow 22
* Thu Oct 9 2025 Jaroslav Å karvada <[email protected]> - 6.36.04-3
- Rebuilt for new graphviz
* Fri Sep 19 2025 Python Maint <[email protected]> - 6.36.04-2
- Rebuilt for Python 3.14.0rc3 bytecode
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2416990 - root-6.38.00 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2416990
--------------------------------------------------------------------------------
================================================================================
ruby-build-20251218-2.el9 (FEDORA-EPEL-2025-0ed2e292fa)
Compile and install Ruby
--------------------------------------------------------------------------------
Update Information:
Update to 20251218 and include https://github.com/rbenv/ruby-build/pull/2576 to
support https://fedoraproject.org/wiki/Changes/droppingOfCertPemFile
Update to 20251217
--------------------------------------------------------------------------------
ChangeLog:
* Thu Dec 18 2025 Mikel Olasagasti Uranga <[email protected]> - 20251218-2
- Patch: support tls-ca-bundle.pem out of the box
* Thu Dec 18 2025 Packit <[email protected]> - 20251218-1
- Update to 20251218 upstream release
- Resolves: rhbz#2423509
* Wed Dec 17 2025 Packit <[email protected]> - 20251217-1
- Update to 20251217 upstream release
- Resolves: rhbz#2415417
--------------------------------------------------------------------------------
================================================================================
tmt-1.64.0-1.el9 (FEDORA-EPEL-2025-6c73bfff22)
Test Management Tool
--------------------------------------------------------------------------------
Update Information:
Automatic update for tmt-1.64.0-1.el9.
Changelog for tmt
* Thu Dec 18 2025 Packit <[email protected]> - 1.64.0-1
- Update to 1.64.0 upstream release
--------------------------------------------------------------------------------
ChangeLog:
* Thu Dec 18 2025 Packit <[email protected]> - 1.64.0-1
- Update to 1.64.0 upstream release
--------------------------------------------------------------------------------
--
_______________________________________________
epel-devel mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/[email protected]
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
