The following Fedora EPEL 10.2 Security updates need testing:
Age URL
3 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-a6032e771d
yarnpkg-1.22.22-16.el10_2
3 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-5e2a143387
python-python-multipart-0.0.22-1.el10_2
3 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-5e00b7a772
java-latest-openjdk-26.0.0.0.32-0.0.1.ea.el10_2
java-latest-openjdk-portable-26.0.0.0.32-0.1.ea.rolling.el8
0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-3aa83c53c2
chromium-144.0.7559.109-1.el10_2
The following builds have been pushed to Fedora EPEL 10.2 updates-testing
node-exporter-1.10.2-3.el10_2
partio-1.20.0-1.el10_2
plantuml-1.2026.1-1.el10_2
rust-fs-err-3.2.2-1.el10_2
rust-whoami-2.1.0-1.el10_2
uv-0.9.28-1.el10_2
Details about builds:
================================================================================
node-exporter-1.10.2-3.el10_2 (FEDORA-EPEL-2026-16236dd947)
Exporter for machine metrics
--------------------------------------------------------------------------------
Update Information:
Update to 1.10.2
Update was blocked by a ppc64 issue, but a workaround has been found.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jan 30 2026 Alejandro Sáez <[email protected]> - 1.10.2-3
- Fix race condition
* Fri Jan 16 2026 Fedora Release Engineering <[email protected]> -
1.10.2-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
* Thu Dec 4 2025 Mikel Olasagasti Uranga <[email protected]> - 1.10.2-1
- Update to 1.10.2 - Closes rhbz#2406209 rhbz#2408331 rhbz#2409804
rhbz#2410754 rhbz#2411650
* Fri Oct 10 2025 Alejandro Sáez <[email protected]> - 1.9.1-4
- rebuild
* Fri Aug 15 2025 Maxwell G <[email protected]> - 1.9.1-3
- Rebuild for golang-1.25.0
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2398304 - CVE-2025-47910 node-exporter: CrossOriginProtection
bypass in net/http [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2398304
[ 2 ] Bug #2398367 - CVE-2025-47910 node-exporter: CrossOriginProtection
bypass in net/http [epel-9]
https://bugzilla.redhat.com/show_bug.cgi?id=2398367
[ 3 ] Bug #2398940 - CVE-2025-47906 node-exporter: Unexpected paths returned
from LookPath in os/exec [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2398940
[ 4 ] Bug #2407489 - CVE-2025-58189 node-exporter: go crypto/tls ALPN
negotiation error contains attacker controlled information [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2407489
[ 5 ] Bug #2408941 - CVE-2025-61723 node-exporter: Quadratic complexity when
parsing some invalid inputs in encoding/pem [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2408941
[ 6 ] Bug #2409883 - CVE-2025-58185 node-exporter: Parsing DER payload can
cause memory exhaustion in encoding/asn1 [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2409883
[ 7 ] Bug #2410823 - CVE-2025-58188 node-exporter: Panic when validating
certificates with DSA public keys in crypto/x509 [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2410823
[ 8 ] Bug #2423985 - [Minor Incident] CVE-2025-52881 node-exporter: container
escape and denial of service due to arbitrary write gadgets and procfs write
redirects [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2423985
--------------------------------------------------------------------------------
================================================================================
partio-1.20.0-1.el10_2 (FEDORA-EPEL-2026-8c8dfb537c)
Library for manipulating common animation particle
--------------------------------------------------------------------------------
Update Information:
Update to 1.20.0
--------------------------------------------------------------------------------
ChangeLog:
* Sat Jan 31 2026 Luya Tshimbalanga <[email protected]> - 1.20.0-1
- Update to 1.20.0
--------------------------------------------------------------------------------
================================================================================
plantuml-1.2026.1-1.el10_2 (FEDORA-EPEL-2026-09328dbf0d)
Program to generate UML diagram from a text description
--------------------------------------------------------------------------------
Update Information:
Update to version 1.2026.1
--------------------------------------------------------------------------------
ChangeLog:
* Sat Jan 31 2026 blinxen <[email protected]> - 1:1.2026.1-1
- Update to verison 1.2026.1 (rhbz#2428317)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2430307 - CVE-2026-0858 plantuml: PlantUML: Arbitrary script
execution via Stored Cross-Site Scripting in GraphViz diagrams [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2430307
[ 2 ] Bug #2430308 - CVE-2026-0858 plantuml: PlantUML: Arbitrary script
execution via Stored Cross-Site Scripting in GraphViz diagrams [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2430308
[ 3 ] Bug #2430309 - CVE-2026-0858 plantuml: PlantUML: Arbitrary script
execution via Stored Cross-Site Scripting in GraphViz diagrams [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2430309
[ 4 ] Bug #2430310 - CVE-2026-0858 plantuml: PlantUML: Arbitrary script
execution via Stored Cross-Site Scripting in GraphViz diagrams [epel-9]
https://bugzilla.redhat.com/show_bug.cgi?id=2430310
--------------------------------------------------------------------------------
================================================================================
rust-fs-err-3.2.2-1.el10_2 (FEDORA-EPEL-2026-581a30d5c9)
Drop-in replacement for std::fs with more helpful error messages
--------------------------------------------------------------------------------
Update Information:
uv 0.9.28
https://github.com/astral-sh/uv/releases/tag/0.9.28
https://github.com/astral-sh/uv/releases/tag/0.9.27
rust-whoami 2.1.0
https://github.com/ardaku/whoami/releases/tag/v2.1.0
https://github.com/ardaku/whoami/releases/tag/v2.0.3
https://github.com/ardaku/whoami/releases/tag/v2.0.2
https://github.com/ardaku/whoami/releases/tag/v2.0.1
https://github.com/ardaku/whoami/releases/tag/v2.0.0
rust-fs-err 3.2.2
https://github.com/andrewhickman/fs-err/blob/3.2.2/CHANGELOG.md
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jan 27 2026 Benjamin A. Beasley <[email protected]> - 3.2.2-1
- Update to version 3.2.2; Fixes RHBZ#2415196
* Sat Jan 17 2026 Fedora Release Engineering <[email protected]> -
3.1.3-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2415196 - rust-fs-err-3.2.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2415196
[ 2 ] Bug #2426952 - rust-whoami-2.1.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2426952
[ 3 ] Bug #2433149 - uv-0.9.28 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2433149
--------------------------------------------------------------------------------
================================================================================
rust-whoami-2.1.0-1.el10_2 (FEDORA-EPEL-2026-581a30d5c9)
Rust library for getting information about the current user and environment
--------------------------------------------------------------------------------
Update Information:
uv 0.9.28
https://github.com/astral-sh/uv/releases/tag/0.9.28
https://github.com/astral-sh/uv/releases/tag/0.9.27
rust-whoami 2.1.0
https://github.com/ardaku/whoami/releases/tag/v2.1.0
https://github.com/ardaku/whoami/releases/tag/v2.0.3
https://github.com/ardaku/whoami/releases/tag/v2.0.2
https://github.com/ardaku/whoami/releases/tag/v2.0.1
https://github.com/ardaku/whoami/releases/tag/v2.0.0
rust-fs-err 3.2.2
https://github.com/andrewhickman/fs-err/blob/3.2.2/CHANGELOG.md
--------------------------------------------------------------------------------
ChangeLog:
* Thu Jan 29 2026 Benjamin A. Beasley <[email protected]> - 2.1.0-1
- Update to version 2.1.0; Fixes RHBZ#2426952
* Sat Jan 17 2026 Fedora Release Engineering <[email protected]> -
1.6.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2415196 - rust-fs-err-3.2.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2415196
[ 2 ] Bug #2426952 - rust-whoami-2.1.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2426952
[ 3 ] Bug #2433149 - uv-0.9.28 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2433149
--------------------------------------------------------------------------------
================================================================================
uv-0.9.28-1.el10_2 (FEDORA-EPEL-2026-581a30d5c9)
An extremely fast Python package installer and resolver, written in Rust
--------------------------------------------------------------------------------
Update Information:
uv 0.9.28
https://github.com/astral-sh/uv/releases/tag/0.9.28
https://github.com/astral-sh/uv/releases/tag/0.9.27
rust-whoami 2.1.0
https://github.com/ardaku/whoami/releases/tag/v2.1.0
https://github.com/ardaku/whoami/releases/tag/v2.0.3
https://github.com/ardaku/whoami/releases/tag/v2.0.2
https://github.com/ardaku/whoami/releases/tag/v2.0.1
https://github.com/ardaku/whoami/releases/tag/v2.0.0
rust-fs-err 3.2.2
https://github.com/andrewhickman/fs-err/blob/3.2.2/CHANGELOG.md
--------------------------------------------------------------------------------
ChangeLog:
* Thu Jan 29 2026 Benjamin A. Beasley <[email protected]> - 0.9.28-1
- Update to 0.9.28 (close RHBZ#2433149)
* Thu Jan 29 2026 Benjamin A. Beasley <[email protected]> - 0.9.27-1
- Update to 0.9.27
* Sat Jan 17 2026 Fedora Release Engineering <[email protected]> -
0.9.26-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2415196 - rust-fs-err-3.2.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2415196
[ 2 ] Bug #2426952 - rust-whoami-2.1.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2426952
[ 3 ] Bug #2433149 - uv-0.9.28 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2433149
--------------------------------------------------------------------------------
--
_______________________________________________
epel-devel mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/[email protected]
Do not reply to spam, report it:
https://forge.fedoraproject.org/infra/tickets/issues/new
