[EPEL-devel] Fedora EPEL 9 updates-testing report

Mon, 22 Dec 2025 17:31:56 -0800 

The following Fedora EPEL 9 Security updates need testing:
 Age  URL
  33  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-9a55de96db   
xpdf-4.06-1.el9
   5  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-0d5788d77e   
roundcubemail-1.5.12-1.el9
   3  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-54c41ca693   
singularity-ce-4.3.6-1.el9
   2  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-204f4ee0f5   
gdu-5.32.0-1.el9
   1  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-6a38045e00   
gobuster-3.8.2-1.el9


The following builds have been pushed to Fedora EPEL 9 updates-testing

    duc-1.4.6-1.el9
    golang-github-evanw-esbuild-0.27.2-1.el9
    java-latest-openjdk-25.0.1.0.8-0.3.el9
    podman-tui-1.10.0-2.el9
    rust-supports-hyperlinks-3.2.0-1.el9
    rust-tree-sitter-racket-0.24.7-1.el9
    tmt-1.64.0-2.el9

Details about builds:


================================================================================
 duc-1.4.6-1.el9 (FEDORA-EPEL-2025-a9a40c69d3)
 Disk usage tools
--------------------------------------------------------------------------------
Update Information:

Update to 1.4.6: fixes CVE-2025-13654
--------------------------------------------------------------------------------
ChangeLog:

* Wed Dec 17 2025 Jens Petersen <[email protected]> - 1.4.6-1
- Update to 1.4.6: fixes CVE-2025-13654
* Wed Jul 23 2025 Fedora Release Engineering <[email protected]> - 
1.4.5-8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
* Thu Jan 16 2025 Fedora Release Engineering <[email protected]> - 
1.4.5-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
* Fri Sep  6 2024 Jens Petersen <[email protected]> - 1.4.5-6
- epel8 only has glfw (vulkan-devel) for x86_64 (#2310132)
* Wed Jul 17 2024 Fedora Release Engineering <[email protected]> - 
1.4.5-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #2423078 - CVE-2025-13654 duc: duc: Stack Buffer Overflow in 
buffer_get function [epel-9]
        https://bugzilla.redhat.com/show_bug.cgi?id=2423078
--------------------------------------------------------------------------------


================================================================================
 golang-github-evanw-esbuild-0.27.2-1.el9 (FEDORA-EPEL-2025-5d980b71b1)
 Fast JavaScript bundler and minifier
--------------------------------------------------------------------------------
Update Information:

Initial EPEL 9 package (fedora#2361107)
--------------------------------------------------------------------------------
ChangeLog:

* Mon Dec 22 2025 W. Michael Petullo <[email protected]> - 0.27.2-1
- Initial EPEL 9 package (fedora#2361107)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #2361107 - Request golang-github-evanw-esbuild for epel9
        https://bugzilla.redhat.com/show_bug.cgi?id=2361107
--------------------------------------------------------------------------------


================================================================================
 java-latest-openjdk-25.0.1.0.8-0.3.el9 (FEDORA-EPEL-2025-cdd4ef72e7)
 OpenJDK 25 Runtime Environment
--------------------------------------------------------------------------------
Update Information:

Enabled system crypto policy setup
--------------------------------------------------------------------------------
ChangeLog:

* Fri Dec 19 2025 Jiri Vanek <[email protected]> - 1:25.0.1.0.8-5
- RPMAUTOSPEC: unresolvable merge
--------------------------------------------------------------------------------


================================================================================
 podman-tui-1.10.0-2.el9 (FEDORA-EPEL-2025-aec4175816)
 Podman Terminal User Interface
--------------------------------------------------------------------------------
Update Information:

release 1.10.0
--------------------------------------------------------------------------------
ChangeLog:

* Mon Dec 22 2025 Navid Yaghoobi <[email protected]> - 1.10.0-1
- Release 1.10.0
* Fri Oct 10 2025 Alejandro Sáez <[email protected]> - 1.9.0-2
- rebuild
* Sat Oct  4 2025 Navid Yaghoobi <[email protected]> - 1.9.0-1
- Release v1.9.0
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #2398370 - CVE-2025-47910 podman-tui: CrossOriginProtection bypass 
in net/http [epel-9]
        https://bugzilla.redhat.com/show_bug.cgi?id=2398370
  [ 2 ] Bug #2399018 - CVE-2025-47906 podman-tui: Unexpected paths returned 
from LookPath in os/exec [epel-9]
        https://bugzilla.redhat.com/show_bug.cgi?id=2399018
  [ 3 ] Bug #2407556 - CVE-2025-58189 podman-tui: go crypto/tls ALPN 
negotiation error contains attacker controlled information [epel-9]
        https://bugzilla.redhat.com/show_bug.cgi?id=2407556
  [ 4 ] Bug #2408555 - CVE-2025-61725 podman-tui: Excessive CPU consumption in 
ParseAddress in net/mail [epel-9]
        https://bugzilla.redhat.com/show_bug.cgi?id=2408555
  [ 5 ] Bug #2409011 - CVE-2025-61723 podman-tui: Quadratic complexity when 
parsing some invalid inputs in encoding/pem [epel-9]
        https://bugzilla.redhat.com/show_bug.cgi?id=2409011
  [ 6 ] Bug #2409957 - CVE-2025-58185 podman-tui: Parsing DER payload can cause 
memory exhaustion in encoding/asn1 [epel-9]
        https://bugzilla.redhat.com/show_bug.cgi?id=2409957
  [ 7 ] Bug #2410891 - CVE-2025-58188 podman-tui: Panic when validating 
certificates with DSA public keys in crypto/x509 [epel-9]
        https://bugzilla.redhat.com/show_bug.cgi?id=2410891
  [ 8 ] Bug #2420572 - CVE-2025-47913 podman-tui: 
golang.org/x/crypto/ssh/agent: SSH client panic due to unexpected 
SSH_AGENT_SUCCESS [epel-9]
        https://bugzilla.redhat.com/show_bug.cgi?id=2420572
--------------------------------------------------------------------------------


================================================================================
 rust-supports-hyperlinks-3.2.0-1.el9 (FEDORA-EPEL-2025-1836d9ad24)
 Detects whether a terminal supports rendering hyperlinks
--------------------------------------------------------------------------------
Update Information:

term: detect Zed's intergrated terminal (#8)
--------------------------------------------------------------------------------
ChangeLog:

* Mon Dec 22 2025 Michel Lind <[email protected]> - 3.2.0-1
- Update to version 3.2.0; Fixes RHBZ#2422974
* Fri Jul 25 2025 Fedora Release Engineering <[email protected]> - 
3.1.0-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
* Sun Jan 19 2025 Fedora Release Engineering <[email protected]> - 
3.1.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #2422974 - rust-supports-hyperlinks-3.2.0 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=2422974
--------------------------------------------------------------------------------


================================================================================
 rust-tree-sitter-racket-0.24.7-1.el9 (FEDORA-EPEL-2025-765b80b6ed)
 Racket parser for tree-sitter
--------------------------------------------------------------------------------
Update Information:

Initial release
--------------------------------------------------------------------------------
ChangeLog:

* Mon Dec 22 2025 Michel Lind <[email protected]> - 0.24.7-1
- Initial package; Resolves: RHBZ#2421759
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #2421759 - Review Request: rust-tree-sitter-racket - Racket parser 
for tree-sitter
        https://bugzilla.redhat.com/show_bug.cgi?id=2421759
--------------------------------------------------------------------------------


================================================================================
 tmt-1.64.0-2.el9 (FEDORA-EPEL-2025-6814a0a7ee)
 Test Management Tool
--------------------------------------------------------------------------------
Update Information:

Update tmt to 1.64.0-2.fc42
Automatic update for tmt-1.64.0-1.el9.
Changelog for tmt
* Thu Dec 18 2025 Packit <[email protected]> - 1.64.0-1
- Update to 1.64.0 upstream release
--------------------------------------------------------------------------------
ChangeLog:

* Mon Dec 22 2025 Cristian Le <[email protected]> - 1.64.0-2
- Limit pomdan-machine dependency to available arches
* Thu Dec 18 2025 Packit <[email protected]> - 1.64.0-1
- Update to 1.64.0 upstream release
--------------------------------------------------------------------------------



-- 
_______________________________________________
epel-devel mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/[email protected]
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Reply via email to