The following Fedora EPEL 9 Security updates need testing:
Age URL
5 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-75d8605b8c
stb-0^20241002git31707d1-4.el9
The following builds have been pushed to Fedora EPEL 9 updates-testing
distribution-gpg-keys-1.107-1.el9
kiwi-stackbuild-plugin-1.0.10-1.el9
lest-1.35.2-2.el9
opendbx-1.4.6-38.el9
optional-lite-3.6.0-2.el9
pam-u2f-1.3.1-1.el9
root-6.34.02-3.el9
vaultwarden-1.32.7-2.el9
Details about builds:
================================================================================
distribution-gpg-keys-1.107-1.el9 (FEDORA-EPEL-2025-6e3e716be9)
GPG keys of various Linux distributions
--------------------------------------------------------------------------------
Update Information:
Automatic update for distribution-gpg-keys-1.107-1.el9.
Changelog for distribution-gpg-keys
* Wed Jan 15 2025 Miroslav Suchý <[email protected]> 1.107-1
- Add Fedora 44 key
- Update Mageia gpg key
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jan 15 2025 Miroslav Suchý <[email protected]> 1.107-1
- Add Fedora 44 key
- Update Mageia gpg key
--------------------------------------------------------------------------------
================================================================================
kiwi-stackbuild-plugin-1.0.10-1.el9 (FEDORA-EPEL-2025-acca7b8f9f)
KIWI - Stack Build Plugin
--------------------------------------------------------------------------------
Update Information:
Initial package
--------------------------------------------------------------------------------
ChangeLog:
* Fri Nov 15 2024 Neal Gompa <[email protected]> - 1.0.10-1
- Initial package
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2326479 - Review Request: kiwi-stackbuild-plugin - KIWI - Stack
Build Plugin
https://bugzilla.redhat.com/show_bug.cgi?id=2326479
--------------------------------------------------------------------------------
================================================================================
lest-1.35.2-2.el9 (FEDORA-EPEL-2025-7b4cacd42e)
Tiny C++11 test framework
--------------------------------------------------------------------------------
Update Information:
Initial package for lest and optional-lite.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jan 8 2025 Benjamin A. Beasley <[email protected]> - 1.35.2-2
- Backport to EPEL8/9 (no %conf section support)
* Wed Jan 8 2025 Benjamin A. Beasley <[email protected]> - 1.35.2-1
- Initial package (close RHBZ#2335942)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2335942 - Review Request: lest - Tiny C++11 test framework
https://bugzilla.redhat.com/show_bug.cgi?id=2335942
[ 2 ] Bug #2336142 - Review Request: optional-lite - Represent optional
(nullable) objects and pass them by value
https://bugzilla.redhat.com/show_bug.cgi?id=2336142
--------------------------------------------------------------------------------
================================================================================
opendbx-1.4.6-38.el9 (FEDORA-EPEL-2025-3ec8e745e6)
Lightweight but extensible database access library written in C
--------------------------------------------------------------------------------
Update Information:
Fix FTBFS
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jan 15 2025 Jonathan Wright <[email protected]> - 1.4.6-38
- Fix FTBFS
- Modernize spec
* Thu Jul 18 2024 Fedora Release Engineering <[email protected]> -
1.4.6-37
- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
* Thu Jan 25 2024 Fedora Release Engineering <[email protected]> -
1.4.6-36
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Sun Jan 21 2024 Fedora Release Engineering <[email protected]> -
1.4.6-35
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Thu Jul 20 2023 Fedora Release Engineering <[email protected]> -
1.4.6-34
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
* Tue Feb 21 2023 Florian Weimer <[email protected]> - 1.4.6-33
- Port to C99
- Run autoreconf during build, due to configure.ac change.
* Thu Jan 19 2023 Fedora Release Engineering <[email protected]> -
1.4.6-32
- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2261420 - opendbx: FTBFS in Fedora rawhide/f40
https://bugzilla.redhat.com/show_bug.cgi?id=2261420
[ 2 ] Bug #2301010 - opendbx: FTBFS in Fedora rawhide/f41
https://bugzilla.redhat.com/show_bug.cgi?id=2301010
--------------------------------------------------------------------------------
================================================================================
optional-lite-3.6.0-2.el9 (FEDORA-EPEL-2025-7b4cacd42e)
Represent optional (nullable) objects and pass them by value
--------------------------------------------------------------------------------
Update Information:
Initial package for lest and optional-lite.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jan 15 2025 Benjamin A. Beasley <[email protected]> - 3.6.0-2
- Backport to EPEL8/9
* Tue Jan 14 2025 Benjamin A. Beasley <[email protected]> - 3.6.0-1
- Initial package (close RHBZ#2336142)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2335942 - Review Request: lest - Tiny C++11 test framework
https://bugzilla.redhat.com/show_bug.cgi?id=2335942
[ 2 ] Bug #2336142 - Review Request: optional-lite - Represent optional
(nullable) objects and pass them by value
https://bugzilla.redhat.com/show_bug.cgi?id=2336142
--------------------------------------------------------------------------------
================================================================================
pam-u2f-1.3.1-1.el9 (FEDORA-EPEL-2025-b1223174a4)
Implements PAM authentication over U2F
--------------------------------------------------------------------------------
Update Information:
pam-u2f fix to resolve CVE-2025-23013 (Partial Authentication Bypass). CVSS
score 7.3
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jan 14 2025 Gary Buhrmaster <[email protected]> - 1.3.1-1
- Update to 1.3.1 - resolves rhbz#2337634
* Thu Jul 18 2024 Fedora Release Engineering <[email protected]> -
1.3.0-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
* Thu Jan 25 2024 Fedora Release Engineering <[email protected]> -
1.3.0-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Sun Jan 21 2024 Fedora Release Engineering <[email protected]> -
1.3.0-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Mon Oct 30 2023 Gary Buhrmaster <[email protected]> - 1.3.0-3
- Perform deglobing of files per packaging guidelines
* Thu Jul 20 2023 Fedora Release Engineering <[email protected]> -
1.3.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2338113 - CVE-2025-23013 pam-u2f: Partial Authentication Bypass in
pam-u2f Software Package [epel-9]
https://bugzilla.redhat.com/show_bug.cgi?id=2338113
--------------------------------------------------------------------------------
================================================================================
root-6.34.02-3.el9 (FEDORA-EPEL-2025-aa5db6866a)
Numerical data analysis framework
--------------------------------------------------------------------------------
Update Information:
Minor fixes.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jan 15 2025 Mattias Ellert <[email protected]> - 6.34.02-3
- Don't add dependencies on root-roofit-multiprocess and root-roofit-zmq
to root-roofit-core for EPEL builds
* Sun Jan 12 2025 Mattias Ellert <[email protected]> - 6.34.02-2
- Adjust stressGraphics.ref
- Build for EPEL 10
- Disable the R interface for EPEL 10 (R not yet abailable)
- Enable uring support for EPEL 9 (supported in kernel since RHEL 9.3)
--------------------------------------------------------------------------------
================================================================================
vaultwarden-1.32.7-2.el9 (FEDORA-EPEL-2025-90c1787ffb)
Unofficial Bitwarden compatible server
--------------------------------------------------------------------------------
Update Information:
Update to 1.32.7
Fix CVE-2024-56335
Fix CVE-2024-55226
Fix CVE-2024-55225
Fix CVE-2024-55224
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jan 15 2025 Jonathan Wright <[email protected]> - 1.32.7-2
- fix build on el9 with rust 1.79
* Fri Jan 3 2025 Jonathan Wright <[email protected]> - 1.32.7-1
- update to 1.32.7 rhbz#2322181
- Fix CVE-2024-56335
* Tue Oct 22 2024 Jonathan Wright <[email protected]> - 1.32.2-1
- update to 1.32.2 rhbz#2316657
* Sun Aug 11 2024 Jonathan Wright <[email protected]> - 1.32.0-1
- update to 1.32.0 rhbz#2304045
Resolves CVE-2024-39924
Resolves CVE-2024-39925
Resolves CVE-2024-39926
* Fri Aug 2 2024 Jonathan Wright <[email protected]> - 1.31.0-2
- Exclude s390x and ppc64le
* Fri Jul 19 2024 Jonathan Wright <[email protected]> - 1.31.0-1
- update to 1.31.0 rhbz#2297149
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2333595 - CVE-2024-56335 vaultwarden: Privilege escalation allows
organization groups to be updated/deleted if their UUID is known in vaultwarden
[epel-9]
https://bugzilla.redhat.com/show_bug.cgi?id=2333595
[ 2 ] Bug #2336825 - CVE-2024-55226 vaultwarden: uthenticated reflected XSS
vulnerability [epel-9]
https://bugzilla.redhat.com/show_bug.cgi?id=2336825
[ 3 ] Bug #2336829 - CVE-2024-55225 vaultwarden: user spoofing via crafted
authorization request [epel-9]
https://bugzilla.redhat.com/show_bug.cgi?id=2336829
[ 4 ] Bug #2336833 - CVE-2024-55224 vaultwarden: arbitrary code execution via
injecting a crafted payload into the username field of an e-mail message
[epel-9]
https://bugzilla.redhat.com/show_bug.cgi?id=2336833
--------------------------------------------------------------------------------
--
_______________________________________________
epel-devel mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/[email protected]
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
