The following Fedora EPEL 10.1 Security updates need testing:
Age URL
5 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-0f3555a691
singularity-ce-4.3.6-1.el10_1
4 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-b930b2950e
gdu-5.32.0-1.el10_1
The following builds have been pushed to Fedora EPEL 10.1 updates-testing
baresip-4.4.0-1.el10_1
libre-4.4.0-1.el10_1
webkitgtk-2.50.4-2.el10_1
Details about builds:
================================================================================
baresip-4.4.0-1.el10_1 (FEDORA-EPEL-2025-5c2303291d)
Modular SIP user-agent with audio and video support
--------------------------------------------------------------------------------
Update Information:
Baresip v4.4.0 (2025-12-23)
call: remove SDP label attribute (not used)
pulse: cast usec to fit print format
menu: cleanup dialdir params
menu: add cuser parameter to dialdir command
README: update documentation
cmake: remove g726 module from default list
ci: remove unused packages
config: sync config template and example
menu: free allocated cparam_call at the end of cmd_answerdir
ci: update coverage job
menu, cparam: initialize stack variable, free memory
account: update account parameters template and example
libre v4.4.0 (2025-12-23)
fmt: add pl_alloc_dup()
tools: add genfir python script from librem
test: av1 obu print
genfir: upgrade to python 3
test: add negative conf tests
turn: add channel peer mutex locking
test: remove h265 fragment handling
test: add testing of re_text2pcap_trace()
dd: change dd_print() to struct re_printf *pf and add test
rtp, stun/msg: doxygen fixes
trace: add trace line handler
trace: deref id after new trace handler
test: add testing of dbg module
aumix: implement aumix_source_set_id
dns: check memory allocation in get_resolv_dns()
test: check errors in turn_thread() test
test: remove rotate from mock DNS-server
test: check re_main_timeout() return value in test_rtp_listen_priv()
h265,test: improve testing and usage of h265_nal_print()
test: more testing of IPv6 protocol
stun: remove PADDING attribute
stun: remove natbd strings (deprecated)
--------------------------------------------------------------------------------
ChangeLog:
* Wed Dec 24 2025 Robert Scheck <[email protected]> 4.4.0-1
- Upgrade to 4.4.0 (#2424559)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2424559 - baresip-4.4.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2424559
[ 2 ] Bug #2424568 - libre-4.4.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2424568
--------------------------------------------------------------------------------
================================================================================
libre-4.4.0-1.el10_1 (FEDORA-EPEL-2025-5c2303291d)
Generic library for real-time communications
--------------------------------------------------------------------------------
Update Information:
Baresip v4.4.0 (2025-12-23)
call: remove SDP label attribute (not used)
pulse: cast usec to fit print format
menu: cleanup dialdir params
menu: add cuser parameter to dialdir command
README: update documentation
cmake: remove g726 module from default list
ci: remove unused packages
config: sync config template and example
menu: free allocated cparam_call at the end of cmd_answerdir
ci: update coverage job
menu, cparam: initialize stack variable, free memory
account: update account parameters template and example
libre v4.4.0 (2025-12-23)
fmt: add pl_alloc_dup()
tools: add genfir python script from librem
test: av1 obu print
genfir: upgrade to python 3
test: add negative conf tests
turn: add channel peer mutex locking
test: remove h265 fragment handling
test: add testing of re_text2pcap_trace()
dd: change dd_print() to struct re_printf *pf and add test
rtp, stun/msg: doxygen fixes
trace: add trace line handler
trace: deref id after new trace handler
test: add testing of dbg module
aumix: implement aumix_source_set_id
dns: check memory allocation in get_resolv_dns()
test: check errors in turn_thread() test
test: remove rotate from mock DNS-server
test: check re_main_timeout() return value in test_rtp_listen_priv()
h265,test: improve testing and usage of h265_nal_print()
test: more testing of IPv6 protocol
stun: remove PADDING attribute
stun: remove natbd strings (deprecated)
--------------------------------------------------------------------------------
ChangeLog:
* Wed Dec 24 2025 Robert Scheck <[email protected]> 4.4.0-1
- Upgrade to 4.4.0 (#2424568)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2424559 - baresip-4.4.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2424559
[ 2 ] Bug #2424568 - libre-4.4.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2424568
--------------------------------------------------------------------------------
================================================================================
webkitgtk-2.50.4-2.el10_1 (FEDORA-EPEL-2025-d6b84c209d)
GTK web content engine library
--------------------------------------------------------------------------------
Update Information:
Merge remote-tracking branch 'origin/f43' into epel10.1
--------------------------------------------------------------------------------
ChangeLog:
* Tue Dec 16 2025 Tomas Popela <[email protected]> - 2.50.4-1
- Update to 2.50.4
* Thu Dec 4 2025 Michael Catanzaro <[email protected]> - 2.50.3-1
- Update to 2.50.3
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2416448 - CVE-2025-43421 webkitgtk: Processing maliciously crafted
web content may lead to an unexpected process crash [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2416448
[ 2 ] Bug #2416965 - CVE-2025-13502 webkitgtk: WebKitGTK / WPE WebKit:
Out-of-bounds read and integer underflow vulnerability leading to DoS [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2416965
[ 3 ] Bug #2418579 - CVE-2025-13947 webkitgtk: WebKitGTK: Remote
user-assisted information disclosure via file drag-and-drop [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2418579
[ 4 ] Bug #2418860 - CVE-2025-43458 webkitgtk: Processing maliciously crafted
web content may lead to an unexpected process crash [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2418860
[ 5 ] Bug #2418864 - CVE-2025-66287 webkitgtk: Processing maliciously crafted
web content may lead to an unexpected process crash [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2418864
[ 6 ] Bug #2423167 - CVE-2025-43529 webkitgtk: webkitgtk: Use-after-free due
to improper memory management [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2423167
[ 7 ] Bug #2423289 - CVE-2025-43501 webkitgtk: Processing maliciously crafted
web content may lead to an unexpected process crash [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2423289
[ 8 ] Bug #2423293 - CVE-2025-43531 webkitgtk: Processing maliciously crafted
web content may lead to an unexpected process crash [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2423293
[ 9 ] Bug #2423299 - CVE-2025-43535 webkitgtk: Processing maliciously crafted
web content may lead to an unexpected process crash [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2423299
[ 10 ] Bug #2423303 - CVE-2025-43536 webkitgtk: Processing maliciously
crafted web content may lead to an unexpected process crash [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2423303
[ 11 ] Bug #2423307 - CVE-2025-43541 webkitgtk: Processing maliciously
crafted web content may lead to an unexpected Safari crash [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2423307
--------------------------------------------------------------------------------
--
_______________________________________________
epel-devel mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/[email protected]
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
