-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-84de1534b1 2026-02-06 01:09:06.041469+00:00 --------------------------------------------------------------------------------
Name : openqa Product : Fedora 42 Version : 5^20250711git28a0214 Release : 4.fc42 URL : http://os-autoinst.github.io/openQA/ Summary : OS-level automated testing framework Description : openQA is a testing framework that allows you to test GUI applications on one hand and bootloader and kernel on the other. In both cases, it is difficult to script tests and verify the output. Output can be a popup window or it can be an error in early boot even before init is executed. openQA is an automated test tool that makes it possible to test the whole installation process of an operating system. It uses virtual machines to reproduce the process, check the output (both serial console and screen) in every step and send the necessary keystrokes and commands to proceed to the next. openQA can check whether the system can be installed, whether it works properly in 'live' mode, whether applications work or whether the system responds as expected to different installation options and commands. Even more importantly, openQA can run several combinations of tests for every revision of the operating system, reporting the errors detected for each combination of hardware configuration, installation options and variant of the operating system. -------------------------------------------------------------------------------- Update Information: This update bumps the bundled lodash to 4.17.23 to ensure openQA is protected against CVE-2025-13465. It likely was not vulnerable in any case, though, as I don't believe the vulnerable codepaths were exposed by openQA's use of lodash. -------------------------------------------------------------------------------- ChangeLog: * Mon Jan 26 2026 Adam Williamson <[email protected]> - 5^20250711git28a0214-4 - Backport PR #6920 to fix RHBZ #2432984 (CVE-2025-13465) -------------------------------------------------------------------------------- References: [ 1 ] Bug #2432984 - CVE-2025-13465 openqa: prototype pollution in _.unset and _.omit functions [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2432984 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-84de1534b1' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/[email protected] Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
