The following Fedora EPEL 10.2 Security updates need testing:
Age URL
4 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-5b9362f703
chezmoi-2.69.4-1.el10_2
4 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-3bd48780b4
chromium-145.0.7632.116-1.el10_2
2 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-36a72373e7
perl-Net-CIDR-0.27-1.el10_2
The following builds have been pushed to Fedora EPEL 10.2 updates-testing
apt-3.1.16-2.el10_2
castxml-0.7.0-1.el10_2
mock-6.7-1.el10_2
mock-core-configs-44.2-1.el10_2
pie-1.3.9-1.el10_2
python-astropy-iers-data-0.2026.3.2.0.47.4-1.el10_2
rust-deranged-0.5.8-1.el10_2
rust-libz-rs-sys-0.6.3-1.el10_2
rust-tower-test-0.4.0-12.el10_2
rust-zlib-rs-0.6.3-1.el10_2
stow-2.4.1-4.el10_2
xq-1.4.0-2.el10_2
Details about builds:
================================================================================
apt-3.1.16-2.el10_2 (FEDORA-EPEL-2026-fe0b2cfb66)
Command-line package manager for Debian packages
--------------------------------------------------------------------------------
Update Information:
Update to latest upstream release apt 3.1.16
--------------------------------------------------------------------------------
ChangeLog:
* Tue Feb 17 2026 Terje Rosten <[email protected]> - 3.1.16-2
- Backport 3.1.16 to epel9
* Tue Feb 17 2026 Packit <[email protected]> - 3.1.16-1
- Update to version 3.1.16
- Resolves: rhbz#2440372
* Mon Feb 16 2026 Terje Rosten <[email protected]> - 3.1.15-2
- Rebuild due to so name bump
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2440372 - apt-3.1.16 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2440372
--------------------------------------------------------------------------------
================================================================================
castxml-0.7.0-1.el10_2 (FEDORA-EPEL-2026-997a026653)
C-family abstract syntax tree XML output tool
--------------------------------------------------------------------------------
Update Information:
CastXML 0.7.0
--------------------------------------------------------------------------------
ChangeLog:
* Tue Mar 3 2026 Mattias Ellert <[email protected]> - 0.7.0-1
- Update to version 0.7.0
* Fri Jan 16 2026 Fedora Release Engineering <[email protected]> -
0.6.13-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
* Fri Jan 16 2026 Fedora Release Engineering <[email protected]> -
0.6.13-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
* Mon Nov 24 2025 Mattias Ellert <[email protected]> - 0.6.13-2
- Rebuild for llvm/clang 20 (EPEL 8/9)
- Rebuild for llvm/clang 21 (fedora 43/44)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2442773 - castxml-0.7.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2442773
--------------------------------------------------------------------------------
================================================================================
mock-6.7-1.el10_2 (FEDORA-EPEL-2026-26c005639a)
Builds packages inside chroots
--------------------------------------------------------------------------------
Update Information:
https://rpm-software-management.github.io/mock/Release-Notes-6.7
--------------------------------------------------------------------------------
ChangeLog:
* Tue Mar 3 2026 Pavel Raiskup <[email protected]> 6.7-1
- mock: Use umask 0022 instead of 0002 to avoid strange permissions
([email protected])
- expand_spec plugin: generating expanded-spec.txt in postdeps hook
([email protected])
- do not fail (not just) hermetic builds for missing resolv.conf
- use skopeo for hermetic bootstrap images ([email protected])
- support yum for hermetic build ([email protected])
- allow access to the buildroot binary RPMs even in hermetic builds
([email protected])
- adapt mock to Changes/droppingOfCertPemFile
- file_util: improve rmtree performance (#1672) (Gerasimov.N.V)
- disable traceLog() wrapper (will be removed)
- `mock --scrub=all` now correctly backs up successful builds from the
buildroot ([email protected])
- update subscription-manager instructions ([email protected])
- configs: Switch openSUSE Tumbleweed to DNF5 ([email protected])
- depend on DNF5 for EL11+ distributions ([email protected])
- depend on DNF5 for Mageia 10+ and Cauldron ([email protected])
- select personality for RISC-V DNF transactions
- document --scrub=bootstrap ([email protected])
- unbreq supports `--isolation=simple` and `--no-bootstrap-chroot`
([email protected])
- unbreq plugin no longer crashes for `(foo if bar)` build deps
([email protected])
- unbreq performance has been significantly improved through caching
([email protected])
- unbreq logs standard outputs of failed commands
([email protected])
--------------------------------------------------------------------------------
================================================================================
mock-core-configs-44.2-1.el10_2 (FEDORA-EPEL-2026-26c005639a)
Mock core config files basic chroots
--------------------------------------------------------------------------------
Update Information:
https://rpm-software-management.github.io/mock/Release-Notes-6.7
--------------------------------------------------------------------------------
ChangeLog:
* Tue Mar 3 2026 Pavel Raiskup <[email protected]> 44.2-1
- Switch openSUSE Tumbleweed to DNF5 ([email protected])
--------------------------------------------------------------------------------
================================================================================
pie-1.3.9-1.el10_2 (FEDORA-EPEL-2026-0a84457748)
PHP Installer for Extensions
--------------------------------------------------------------------------------
Update Information:
Version 1.3.9
fix inability to provide sudo prompt when using "pie install" on a PHP project
--------------------------------------------------------------------------------
ChangeLog:
* Tue Mar 3 2026 Remi Collet <[email protected]> - 1.3.9-1
- update to 1.3.9
--------------------------------------------------------------------------------
================================================================================
python-astropy-iers-data-0.2026.3.2.0.47.4-1.el10_2
(FEDORA-EPEL-2026-6ed59899cf)
IERS Earth Rotation and Leap Second tables for the astropy core package
--------------------------------------------------------------------------------
Update Information:
Automatic update for python-astropy-iers-data-0.2026.3.2.0.47.4-1.el10_2.
Changelog for python-astropy-iers-data
* Mon Mar 02 2026 Packit <[email protected]> - 0.2026.3.2.0.47.4-1
- Update to 0.2026.3.2.0.47.4 upstream release
- Resolves: rhbz#2441852
--------------------------------------------------------------------------------
ChangeLog:
* Mon Mar 2 2026 Packit <[email protected]> - 0.2026.3.2.0.47.4-1
- Update to 0.2026.3.2.0.47.4 upstream release
- Resolves: rhbz#2441852
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2441852 - python-astropy-iers-data-0.2026.3.2.0.47.4 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2441852
--------------------------------------------------------------------------------
================================================================================
rust-deranged-0.5.8-1.el10_2 (FEDORA-EPEL-2026-50b16a67b2)
Ranged integers
--------------------------------------------------------------------------------
Update Information:
Update to version 0.5.8.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Feb 24 2026 Fabio Valentini <[email protected]> - 0.5.8-1
- Update to version 0.5.8; Fixes RHBZ#2438817
* Sat Jan 17 2026 Fedora Release Engineering <[email protected]> -
0.5.5-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
rust-libz-rs-sys-0.6.3-1.el10_2 (FEDORA-EPEL-2026-c650f42a19)
Memory-safe zlib implementation written in rust
--------------------------------------------------------------------------------
Update Information:
Update rust-zlib-rs and rust-libz-rs-sys to 0.6.3, fixing a bug that could
result in non-deterministic output.
Donât mark README.md as documentation since itâs used in compiling
--------------------------------------------------------------------------------
ChangeLog:
* Mon Mar 2 2026 Benjamin A. Beasley <[email protected]> - 0.6.3-1
- Update to version 0.6.3; Fixes RHBZ#2443815
* Mon Feb 23 2026 Benjamin A. Beasley <[email protected]> - 0.6.2-2
- Donât mark README.md as documentation since itâs used in compiling
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2443803 - rust-zlib-rs-0.6.3 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2443803
[ 2 ] Bug #2443815 - rust-libz-rs-sys-0.6.3 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2443815
--------------------------------------------------------------------------------
================================================================================
rust-tower-test-0.4.0-12.el10_2 (FEDORA-EPEL-2026-bbad2322b9)
Utilities for writing client and server Service tests
--------------------------------------------------------------------------------
Update Information:
Initial import after package un-retirement.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Mar 3 2026 Fabio Valentini <[email protected]> - 0.4.0-12
- Re-import after un-retirement (#2437453)
--------------------------------------------------------------------------------
================================================================================
rust-zlib-rs-0.6.3-1.el10_2 (FEDORA-EPEL-2026-c650f42a19)
Memory-safe zlib implementation written in rust
--------------------------------------------------------------------------------
Update Information:
Update rust-zlib-rs and rust-libz-rs-sys to 0.6.3, fixing a bug that could
result in non-deterministic output.
Donât mark README.md as documentation since itâs used in compiling
--------------------------------------------------------------------------------
ChangeLog:
* Mon Mar 2 2026 Benjamin A. Beasley <[email protected]> - 0.6.3-1
- Update to version 0.6.3; Fixes RHBZ#2443803
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2443803 - rust-zlib-rs-0.6.3 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2443803
[ 2 ] Bug #2443815 - rust-libz-rs-sys-0.6.3 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2443815
--------------------------------------------------------------------------------
================================================================================
stow-2.4.1-4.el10_2 (FEDORA-EPEL-2026-e73bbc9207)
Manage the installation of software packages from source
--------------------------------------------------------------------------------
Update Information:
Initial EPEL 10 release
--------------------------------------------------------------------------------
ChangeLog:
* Sat Jan 17 2026 Fedora Release Engineering <[email protected]> -
2.4.1-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
* Fri Jul 25 2025 Fedora Release Engineering <[email protected]> -
2.4.1-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
* Sun Jan 19 2025 Fedora Release Engineering <[email protected]> -
2.4.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
* Mon Nov 11 2024 Michel Lind <[email protected]> - 2.4.1-1
- Update to 2.4.1 upstream release
- Resolves: rhbz#2310764
* Sat Jul 20 2024 Fedora Release Engineering <[email protected]> -
2.4.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
* Mon Apr 22 2024 Packit <[email protected]> - 2.4.0-1
- Update to 2.4.0 upstream release
- Resolves: rhbz#2273895
* Mon Apr 22 2024 Michel Lind <[email protected]> - 2.3.1-17
- Use SPDX license expression
* Mon Apr 22 2024 Michel Lind <[email protected]> - 2.3.1-16
- Enable Packit
* Sat Jan 27 2024 Fedora Release Engineering <[email protected]> -
2.3.1-12
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2426715 - Please branch and build stow in epel10
https://bugzilla.redhat.com/show_bug.cgi?id=2426715
--------------------------------------------------------------------------------
================================================================================
xq-1.4.0-2.el10_2 (FEDORA-EPEL-2026-a96c428ab5)
Command-line XML and HTML beautifier and content extractor
--------------------------------------------------------------------------------
Update Information:
Update to 1.4.0
--------------------------------------------------------------------------------
ChangeLog:
* Fri Feb 27 2026 Packit <[email protected]> - 1.4.0-1
- Update to 1.4.0 upstream release
- Resolves: rhbz#2443356
* Tue Feb 3 2026 Maxwell G <[email protected]> - 1.3.0-9
- Rebuild for https://fedoraproject.org/wiki/Changes/golang1.26
* Sat Jan 17 2026 Fedora Release Engineering <[email protected]> -
1.3.0-8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
* Fri Oct 10 2025 Alejandro Sáez <[email protected]> - 1.3.0-7
- rebuild
* Fri Aug 15 2025 Maxwell G <[email protected]> - 1.3.0-6
- Rebuild for golang-1.25.0
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2398315 - CVE-2025-47910 xq: CrossOriginProtection bypass in
net/http [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2398315
[ 2 ] Bug #2398953 - CVE-2025-47906 xq: Unexpected paths returned from
LookPath in os/exec [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2398953
[ 3 ] Bug #2407501 - CVE-2025-58189 xq: go crypto/tls ALPN negotiation error
contains attacker controlled information [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2407501
[ 4 ] Bug #2408953 - CVE-2025-61723 xq: Quadratic complexity when parsing
some invalid inputs in encoding/pem [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2408953
[ 5 ] Bug #2409895 - CVE-2025-58185 xq: Parsing DER payload can cause memory
exhaustion in encoding/asn1 [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2409895
[ 6 ] Bug #2410835 - CVE-2025-58188 xq: Panic when validating certificates
with DSA public keys in crypto/x509 [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2410835
--------------------------------------------------------------------------------
--
_______________________________________________
epel-devel mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/[email protected]
Do not reply to spam, report it:
https://forge.fedoraproject.org/infra/tickets/issues/new
