The following Fedora EPEL 10.1 Security updates need testing:
Age URL
5 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-e148a6bb84
python3.13-3.13.12-1.el10_1
0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-aba9cbc84b
apptainer-1.4.5-3.el10_1
The following builds have been pushed to Fedora EPEL 10.1 updates-testing
chromium-145.0.7632.75-1.el10_1
converseen-0.15.1.3-1.el10_1
deskflow-1.26.0-1.el10_1
gh-2.87.0-2.el10_1
libmodbus-3.1.11-4.el10_1
parallel-20260122-1.el10_1
pspg-5.8.16-1.el10_1
python-empy-4.2.1-1.el10_1
rust-thiserror-2.0.18-1.el10_1
rust-thiserror-impl-2.0.18-1.el10_1
Details about builds:
================================================================================
chromium-145.0.7632.75-1.el10_1 (FEDORA-EPEL-2026-c1f2ed019e)
A WebKit (Blink) powered web browser that Google doesn't want you to use
--------------------------------------------------------------------------------
Update Information:
Update to 145.0.7632.75
CVE-2026-2441: Use after free in CSS
CVE-2026-2313: Use after free in CSS
CVE-2026-2314: Heap buffer overflow in Codecs
CVE-2026-2315: Inappropriate implementation in WebGPU
CVE-2026-2316: Insufficient policy enforcement in Frames
CVE-2026-2317: Inappropriate implementation in Animation
CVE-2026-2318: Inappropriate implementation in PictureInPicture
CVE-2026-2319: Race in DevTools
CVE-2026-2320: Inappropriate implementation in File input
CVE-2026-2321: Use after free in Ozone
CVE-2026-2322: Inappropriate implementation in File input
CVE-2026-2323: Inappropriate implementation in Downloads
--------------------------------------------------------------------------------
ChangeLog:
* Sat Feb 14 2026 Than Ngo <[email protected]> - 145.0.7632.75-1
- Update to 145.0.7632.75
* CVE-2026-2441: Use after free in CSS
* Thu Feb 12 2026 Than Ngo <[email protected]> - 145.0.7632.45-1
- Update to 145.0.7632.45
* CVE-2026-2313: Use after free in CSS
* CVE-2026-2314: Heap buffer overflow in Codecs
* CVE-2026-2315: Inappropriate implementation in WebGPU
* CVE-2026-2316: Insufficient policy enforcement in Frames
* CVE-2026-2317: Inappropriate implementation in Animation
* CVE-2026-2318: Inappropriate implementation in PictureInPicture
* CVE-2026-2319: Race in DevTools
* CVE-2026-2320: Inappropriate implementation in File input
* CVE-2026-2321: Use after free in Ozone
* CVE-2026-2322: Inappropriate implementation in File input
* CVE-2026-2323: Inappropriate implementation in Downloads
--------------------------------------------------------------------------------
================================================================================
converseen-0.15.1.3-1.el10_1 (FEDORA-EPEL-2026-8e9013afd6)
A batch image conversion tool written in C++ with Qt5 and Magick++
--------------------------------------------------------------------------------
Update Information:
update to 0.15.1.3 fixes rhbz#2419167
--------------------------------------------------------------------------------
ChangeLog:
* Wed Feb 18 2026 Filipe Rosset <[email protected]> - 0.15.1.3-1
- update to 0.15.1.3 fixes rhbz#2419167
* Fri Jan 16 2026 Fedora Release Engineering <[email protected]> -
0.15.1.2-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
* Fri Jan 16 2026 Fedora Release Engineering <[email protected]> -
0.15.1.2-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2419167 - converseen-0.15.1.3 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2419167
--------------------------------------------------------------------------------
================================================================================
deskflow-1.26.0-1.el10_1 (FEDORA-EPEL-2026-57eafb3724)
Share mouse and keyboard between multiple computers over the network
--------------------------------------------------------------------------------
Update Information:
Update to 1.26.0
--------------------------------------------------------------------------------
ChangeLog:
* Wed Feb 18 2026 Neal Gompa <[email protected]> - 1.26.0-1
- Update to 1.26.0
* Fri Jan 16 2026 Fedora Release Engineering <[email protected]> -
1.25.0-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
* Fri Jan 16 2026 Fedora Release Engineering <[email protected]> -
1.25.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2387482 - [abrt] deskflow: deskflow::sslCertFingerprint():
deskflow killed by SIGABRT
https://bugzilla.redhat.com/show_bug.cgi?id=2387482
[ 2 ] Bug #2440257 - deskflow-1.26.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2440257
--------------------------------------------------------------------------------
================================================================================
gh-2.87.0-2.el10_1 (FEDORA-EPEL-2026-bf5db954a9)
GitHub's official command line tool
--------------------------------------------------------------------------------
Update Information:
Update to 2.87.0
--------------------------------------------------------------------------------
ChangeLog:
* Wed Feb 18 2026 Mikel Olasagasti Uranga <[email protected]> - 2.87.0-2
- Drop patch included in 2.87.0
* Wed Feb 18 2026 Packit <[email protected]> - 2.87.0-1
- Update to 2.87.0 upstream release
- Resolves: rhbz#2440729
* Mon Feb 2 2026 Maxwell G <[email protected]> - 2.86.0-3
- Rebuild for https://fedoraproject.org/wiki/Changes/golang1.26
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2432189 - CVE-2026-23831 gh: Rekor denial of service [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2432189
[ 2 ] Bug #2433098 - CVE-2026-23991 gh: go-tuf client DoS via malformed
server response [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2433098
[ 3 ] Bug #2433100 - CVE-2026-23992 gh: go-tuf improperly validates the
configured threshold for delegations [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2433100
[ 4 ] Bug #2433529 - CVE-2026-24117 gh: Rekor Server-Side Request Forgery
(SSRF) [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2433529
[ 5 ] Bug #2433566 - CVE-2026-24137 gh: sigstore legacy TUF client allows for
arbitrary file writes with target cache path traversal [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2433566
[ 6 ] Bug #2434243 - CVE-2026-24686 gh: go-tuf Path Traversal in TAP 4
Multirepo Client Allows Arbitrary File Write via Malicious Repository Names
[epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2434243
--------------------------------------------------------------------------------
================================================================================
libmodbus-3.1.11-4.el10_1 (FEDORA-EPEL-2026-b99ee99bc5)
A Modbus library
--------------------------------------------------------------------------------
Update Information:
Build libmodbus for 10.1
--------------------------------------------------------------------------------
ChangeLog:
* Thu Jul 24 2025 Fedora Release Engineering <[email protected]> -
3.1.11-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
* Mon Jan 20 2025 Fedora Release Engineering <[email protected]> -
3.1.11-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
* Fri Jan 17 2025 Fedora Release Engineering <[email protected]> -
3.1.11-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
* Thu Oct 24 2024 Eric Sandeen <[email protected]> - 3.1.11-1
- New upstream version
- manpages are sadly removed from upstream
* Mon Sep 2 2024 Miroslav Suchý <[email protected]> - 3.1.7-6
- convert license to SPDX
* Thu Jul 18 2024 Fedora Release Engineering <[email protected]> -
3.1.7-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
* Thu Jan 25 2024 Fedora Release Engineering <[email protected]> -
3.1.7-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Sun Jan 21 2024 Fedora Release Engineering <[email protected]> -
3.1.7-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
parallel-20260122-1.el10_1 (FEDORA-EPEL-2026-2b024687c8)
Shell tool for executing jobs in parallel
--------------------------------------------------------------------------------
Update Information:
update to parallel-20260122
--------------------------------------------------------------------------------
ChangeLog:
* Wed Feb 18 2026 Filipe Rosset <[email protected]> - 20260122-1
- update to parallel-20260122
* Fri Jan 16 2026 Fedora Release Engineering <[email protected]> -
20251122-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2424806 - parallel-20260122 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2424806
--------------------------------------------------------------------------------
================================================================================
pspg-5.8.16-1.el10_1 (FEDORA-EPEL-2026-174882c74f)
A unix pager optimized for psql
--------------------------------------------------------------------------------
Update Information:
https://github.com/okbob/pspg/releases/tag/5.8.16
https://github.com/okbob/pspg/releases/tag/5.8.15
https://github.com/okbob/pspg/releases/tag/5.8.14
https://github.com/okbob/pspg/releases/tag/5.8.13
https://github.com/okbob/pspg/releases/tag/5.8.12
--------------------------------------------------------------------------------
ChangeLog:
* Wed Feb 18 2026 Pavel Raiskup <[email protected]> - 5.8.16-1
- https://github.com/okbob/pspg/releases/tag/5.8.16
- https://github.com/okbob/pspg/releases/tag/5.8.15
- https://github.com/okbob/pspg/releases/tag/5.8.14
- https://github.com/okbob/pspg/releases/tag/5.8.13
- https://github.com/okbob/pspg/releases/tag/5.8.12
* Sat Jan 17 2026 Fedora Release Engineering <[email protected]> -
5.8.11-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
* Fri Jul 25 2025 Fedora Release Engineering <[email protected]> -
5.8.11-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2269797 - pspg-5.8.16 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2269797
--------------------------------------------------------------------------------
================================================================================
python-empy-4.2.1-1.el10_1 (FEDORA-EPEL-2026-8db0727b20)
A powerful and robust template system for Python
--------------------------------------------------------------------------------
Update Information:
update to 4.2.1 fixes rhbz#2437668
http://www.alcyone.com/software/empy/ANNOUNCE.html#changes
4.2.1 (2026 Feb 8)
codecs.open is deprecated as of Python 3.14, so use open instead in binary mode;
better proxy and module finder management using sys module; uniform attachment
and detachment of plugins; converted and expanded documentation to Furo theme;
better Java exception printing under Jython; add preinitializers,
postinitialiers, and requirements for testing; additions to named escapes; add
SimpleToken token factory.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Feb 18 2026 Filipe Rosset <[email protected]> - 4.2.1-1
- update to 4.2.1 fixes rhbz#2437668
* Sat Jan 17 2026 Fedora Release Engineering <[email protected]> - 4.2-9
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2437668 - python-empy-4.2.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2437668
--------------------------------------------------------------------------------
================================================================================
rust-thiserror-2.0.18-1.el10_1 (FEDORA-EPEL-2026-56b09211bf)
Derive(Error)
--------------------------------------------------------------------------------
Update Information:
Update the thiserror and thiserror-impl crates to version 2.0.18.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Feb 18 2026 Fabio Valentini <[email protected]> - 2.0.18-1
- Update to version 2.0.18; Fixes RHBZ#2430705
* Sat Jan 17 2026 Fedora Release Engineering <[email protected]> -
2.0.17-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
rust-thiserror-impl-2.0.18-1.el10_1 (FEDORA-EPEL-2026-56b09211bf)
Implementation detail of the thiserror crate
--------------------------------------------------------------------------------
Update Information:
Update the thiserror and thiserror-impl crates to version 2.0.18.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Feb 18 2026 Fabio Valentini <[email protected]> - 2.0.18-1
- Update to version 2.0.18; Fixes RHBZ#2430706
* Sat Jan 17 2026 Fedora Release Engineering <[email protected]> -
2.0.17-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
--------------------------------------------------------------------------------
--
_______________________________________________
epel-devel mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/[email protected]
Do not reply to spam, report it:
https://forge.fedoraproject.org/infra/tickets/issues/new
