The following Fedora EPEL 8 Security updates need testing:
Age URL
33 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-5b2095e2c2
xpdf-4.06-1.el8
3 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-079c79139b
singularity-ce-4.3.6-1.el8
The following builds have been pushed to Fedora EPEL 8 updates-testing
duc-1.4.6-1.el8
java-latest-openjdk-25.0.1.0.8-0.3.el8
openssl3-3.5.1-6.2.el8
Details about builds:
================================================================================
duc-1.4.6-1.el8 (FEDORA-EPEL-2025-72d375c0cf)
Disk usage tools
--------------------------------------------------------------------------------
Update Information:
Update to 1.4.6: fixes CVE-2025-13654
--------------------------------------------------------------------------------
ChangeLog:
* Wed Dec 17 2025 Jens Petersen <[email protected]> - 1.4.6-1
- Update to 1.4.6: fixes CVE-2025-13654
* Wed Jul 23 2025 Fedora Release Engineering <[email protected]> -
1.4.5-8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
* Thu Jan 16 2025 Fedora Release Engineering <[email protected]> -
1.4.5-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2423077 - CVE-2025-13654 duc: duc: Stack Buffer Overflow in
buffer_get function [epel-8]
https://bugzilla.redhat.com/show_bug.cgi?id=2423077
--------------------------------------------------------------------------------
================================================================================
java-latest-openjdk-25.0.1.0.8-0.3.el8 (FEDORA-EPEL-2025-568c2b961a)
OpenJDK 25 Runtime Environment
--------------------------------------------------------------------------------
Update Information:
Enabled system crypto policy setup
--------------------------------------------------------------------------------
ChangeLog:
* Fri Dec 19 2025 Jiri Vanek <[email protected]> - 1:25.0.1.0.8-5
- RPMAUTOSPEC: unresolvable merge
--------------------------------------------------------------------------------
================================================================================
openssl3-3.5.1-6.2.el8 (FEDORA-EPEL-2025-120a455170)
Utilities from the general purpose cryptography library with TLS implementation
--------------------------------------------------------------------------------
Update Information:
FIPS provider, inadvertently enabled when merging in changes from c9s, now
disabled.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Dec 22 2025 Michel Lind <[email protected]> - 3.5.1-6.2
- Disable FIPS support, should not be in EPEL
Resolves: RHBZ#2421797
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2421797 - openssl3-3.5.1-6.1.el8 introduces unresolvable
dependency on fips-provider-so
https://bugzilla.redhat.com/show_bug.cgi?id=2421797
--------------------------------------------------------------------------------
--
_______________________________________________
epel-devel mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/[email protected]
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
