The following Fedora EPEL 9 Security updates need testing:
Age URL
5 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-e177aa0ddf
pam-u2f-1.3.2-1.el9
The following builds have been pushed to Fedora EPEL 9 updates-testing
composer-2.8.5-1.el9
davix-0.8.8-1.el9
lest-1.35.2-2.el9
optional-lite-3.6.0-2.el9
packit-1.0.0-1.el9
rust-fixedbitset-0.5.7-1.el9
rust-fixedbitset0.4-0.4.2-1.el9
rust-itertools-0.14.0-1.el9
rust-itertools0.13-0.13.0-1.el9
rust-petgraph-0.7.1-1.el9
rust-petgraph0.6-0.6.5-1.el9
rust-procfs-0.17.0-6.el9
rust-ron-0.8.1-4.el9
rust-rspec-1.0.0-13.el9
rust-test-case-3.3.1-5.el9
rust-vt100-0.15.2-6.el9
variant-lite-2.0.0-2.el9
vaultwarden-1.32.7-4.el9
vaultwarden-web-2024.6.2c-1.el9
Details about builds:
================================================================================
composer-2.8.5-1.el9 (FEDORA-EPEL-2025-9e10255e86)
Dependency Manager for PHP
--------------------------------------------------------------------------------
Update Information:
Version 2.8.5 - 2025-01-21
Added build provenance attestation so you can also now download and verify phar
files from GitHub releases:
Fixed unsupported funding values causing parse errors in packages (#12247)
Fixed support for a few newer funding formats (#12257)
Fixed InstalledVersions regression from 2.8.4 when reload() is used (#12269)
Fixed psr-0/psr-4 rules having unstable order in vendor/composer/autoload*.php
(#12263)
Fixed a few warnings happening incorrectly in edge cases (#12284, #12268,
#12283)
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jan 21 2025 Remi Collet <[email protected]> - 2.8.5-1
- update to 2.8.5
--------------------------------------------------------------------------------
================================================================================
davix-0.8.8-1.el9 (FEDORA-EPEL-2025-fcc464bc44)
Toolkit for HTTP-based file management
--------------------------------------------------------------------------------
Update Information:
New upstream release 0.8.8
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jan 21 2025 Mihai Patrascoiu <[email protected]> - 0.8.8-1
- New upstream release 0.8.8
- Align specfile with upstream (including whitespace from tabs to spaces)
* Thu Jan 16 2025 Fedora Release Engineering <[email protected]> -
0.8.7-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
* Thu Oct 31 2024 Mattias Ellert <[email protected]> - 0.8.7-4
- Rebuild for gsoap 2.8.135 (Fedora 42)
- Drop EPEL 7 specific instructions (EOL)
- Update License tag
* Wed Aug 28 2024 Miroslav Suchý <[email protected]> - 0.8.7-3
- convert license to SPDX
* Wed Jul 17 2024 Fedora Release Engineering <[email protected]> -
0.8.7-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
lest-1.35.2-2.el9 (FEDORA-EPEL-2025-7b4cacd42e)
Tiny C++11 test framework
--------------------------------------------------------------------------------
Update Information:
Initial packages for lest, optional-lite, and variant-lite.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jan 8 2025 Benjamin A. Beasley <[email protected]> - 1.35.2-2
- Backport to EPEL8/9 (no %conf section support)
* Wed Jan 8 2025 Benjamin A. Beasley <[email protected]> - 1.35.2-1
- Initial package (close RHBZ#2335942)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2335942 - Review Request: lest - Tiny C++11 test framework
https://bugzilla.redhat.com/show_bug.cgi?id=2335942
[ 2 ] Bug #2336142 - Review Request: optional-lite - Represent optional
(nullable) objects and pass them by value
https://bugzilla.redhat.com/show_bug.cgi?id=2336142
[ 3 ] Bug #2338399 - Review Request: variant-lite - Represent a type-safe
union
https://bugzilla.redhat.com/show_bug.cgi?id=2338399
--------------------------------------------------------------------------------
================================================================================
optional-lite-3.6.0-2.el9 (FEDORA-EPEL-2025-7b4cacd42e)
Represent optional (nullable) objects and pass them by value
--------------------------------------------------------------------------------
Update Information:
Initial packages for lest, optional-lite, and variant-lite.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jan 15 2025 Benjamin A. Beasley <[email protected]> - 3.6.0-2
- Backport to EPEL8/9
* Tue Jan 14 2025 Benjamin A. Beasley <[email protected]> - 3.6.0-1
- Initial package (close RHBZ#2336142)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2335942 - Review Request: lest - Tiny C++11 test framework
https://bugzilla.redhat.com/show_bug.cgi?id=2335942
[ 2 ] Bug #2336142 - Review Request: optional-lite - Represent optional
(nullable) objects and pass them by value
https://bugzilla.redhat.com/show_bug.cgi?id=2336142
[ 3 ] Bug #2338399 - Review Request: variant-lite - Represent a type-safe
union
https://bugzilla.redhat.com/show_bug.cgi?id=2338399
--------------------------------------------------------------------------------
================================================================================
packit-1.0.0-1.el9 (FEDORA-EPEL-2025-dd562d3a19)
A tool for integrating upstream projects with Fedora operating system
--------------------------------------------------------------------------------
Update Information:
Automatic update for packit-1.0.0-1.el9.
Changelog for packit
* Mon Jan 20 2025 Packit <[email protected]> - 1.0.0-1
- Job type `build` removed after deprecation, is now `copr_build`.
- Job type `production_build` removed after deprecation, is now
`upstream_koji_build`.
- Key `upstream_project_name` removed after deprecation, is now
`upstream_package_name`.
- Key `synced_files` removed after deprecation, is now `files_to_sync`.
- Resolves: rhbz#2338988
--------------------------------------------------------------------------------
ChangeLog:
* Mon Jan 20 2025 Packit <[email protected]> - 1.0.0-1
- Job type `build` removed after deprecation, is now `copr_build`.
- Job type `production_build` removed after deprecation, is now
`upstream_koji_build`.
- Key `upstream_project_name` removed after deprecation, is now
`upstream_package_name`.
- Key `synced_files` removed after deprecation, is now `files_to_sync`.
- Resolves: rhbz#2338988
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2338988 - packit-1.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2338988
--------------------------------------------------------------------------------
================================================================================
rust-fixedbitset-0.5.7-1.el9 (FEDORA-EPEL-2025-35309c1e20)
Simple bitset collection
--------------------------------------------------------------------------------
Update Information:
Update the petgraph crate to version 0.7.2 and add a compat package for version
0.6.
Update the fixedbitset crate to version 0.5.7 and add a compat package for
version 0.4.
Update the itertools crate to version 0.14.0 and add a compat package for
version 0.13.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Jan 20 2025 Benjamin A. Beasley <[email protected]> - 0.5.7-1
- Update to version 0.5.7; Fixes RHBZ#2266178
* Sun Jan 19 2025 Fedora Release Engineering <[email protected]> -
0.4.2-8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
* Fri Jul 19 2024 Fedora Release Engineering <[email protected]> -
0.4.2-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
* Fri Jan 26 2024 Fedora Release Engineering <[email protected]> -
0.4.2-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Sun Aug 6 2023 Fabio Valentini <[email protected]> - 0.4.2-5
- Regenerate with rust2rpm v24
* Fri Jul 21 2023 Fedora Release Engineering <[email protected]> -
0.4.2-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
rust-fixedbitset0.4-0.4.2-1.el9 (FEDORA-EPEL-2025-35309c1e20)
Simple bitset collection
--------------------------------------------------------------------------------
Update Information:
Update the petgraph crate to version 0.7.2 and add a compat package for version
0.6.
Update the fixedbitset crate to version 0.5.7 and add a compat package for
version 0.4.
Update the itertools crate to version 0.14.0 and add a compat package for
version 0.13.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jan 21 2025 Fabio Valentini <[email protected]> - 0.4.2-1
- Initial import (fixedbitset 0.4 compat package)
--------------------------------------------------------------------------------
================================================================================
rust-itertools-0.14.0-1.el9 (FEDORA-EPEL-2025-35309c1e20)
Extra iterator adaptors, iterator methods, free functions, and macros
--------------------------------------------------------------------------------
Update Information:
Update the petgraph crate to version 0.7.2 and add a compat package for version
0.6.
Update the fixedbitset crate to version 0.5.7 and add a compat package for
version 0.4.
Update the itertools crate to version 0.14.0 and add a compat package for
version 0.13.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Jan 20 2025 Benjamin A. Beasley <[email protected]> - 0.14.0-1
- Update to version 0.14.0; Fixes RHBZ#2335056
* Sun Jan 19 2025 Fedora Release Engineering <[email protected]> -
0.13.0-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
* Fri Jul 19 2024 Fedora Release Engineering <[email protected]> -
0.13.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
rust-itertools0.13-0.13.0-1.el9 (FEDORA-EPEL-2025-35309c1e20)
Extra iterator adaptors, iterator methods, free functions, and macros
--------------------------------------------------------------------------------
Update Information:
Update the petgraph crate to version 0.7.2 and add a compat package for version
0.6.
Update the fixedbitset crate to version 0.5.7 and add a compat package for
version 0.4.
Update the itertools crate to version 0.14.0 and add a compat package for
version 0.13.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jan 21 2025 Fabio Valentini <[email protected]> - 0.13.0-1
- Initial import (itertools 0.13 compat package)
--------------------------------------------------------------------------------
================================================================================
rust-petgraph-0.7.1-1.el9 (FEDORA-EPEL-2025-35309c1e20)
Graph data structure library
--------------------------------------------------------------------------------
Update Information:
Update the petgraph crate to version 0.7.2 and add a compat package for version
0.6.
Update the fixedbitset crate to version 0.5.7 and add a compat package for
version 0.4.
Update the itertools crate to version 0.14.0 and add a compat package for
version 0.13.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Jan 20 2025 Benjamin A. Beasley <[email protected]> - 0.7.1-1
- Update to version 0.7.1; Fixes RHBZ#2334959
* Sun Jan 19 2025 Fedora Release Engineering <[email protected]> -
0.6.5-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
rust-petgraph0.6-0.6.5-1.el9 (FEDORA-EPEL-2025-35309c1e20)
Graph data structure library
--------------------------------------------------------------------------------
Update Information:
Update the petgraph crate to version 0.7.2 and add a compat package for version
0.6.
Update the fixedbitset crate to version 0.5.7 and add a compat package for
version 0.4.
Update the itertools crate to version 0.14.0 and add a compat package for
version 0.13.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jan 21 2025 Fabio Valentini <[email protected]> - 0.6.5-1
- Initial import (petgraph 0.6 compat package)
--------------------------------------------------------------------------------
================================================================================
rust-procfs-0.17.0-6.el9 (FEDORA-EPEL-2025-634b4b6018)
Interface to the linux procfs pseudo-filesystem
--------------------------------------------------------------------------------
Update Information:
Remove dev-dependency on failure, omitting a single integration test
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jan 21 2025 Benjamin A. Beasley <[email protected]> - 0.17.0-6
- Remove dev-dependency on failure, omitting a single integration test
* Sun Jan 19 2025 Fedora Release Engineering <[email protected]> -
0.17.0-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
rust-ron-0.8.1-4.el9 (FEDORA-EPEL-2025-916d5d0d2c)
Rusty Object Notation
--------------------------------------------------------------------------------
Update Information:
Update base64 to 0.22
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jan 21 2025 Benjamin A. Beasley <[email protected]> - 0.8.1-4
- Update base64 to 0.22
* Sun Jan 19 2025 Fedora Release Engineering <[email protected]> -
0.8.1-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
* Sat Jul 20 2024 Fedora Release Engineering <[email protected]> -
0.8.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
rust-rspec-1.0.0-13.el9 (FEDORA-EPEL-2025-21bbac1807)
Write Rspec-like tests with stable rust
--------------------------------------------------------------------------------
Update Information:
Bump time dependency from 0.2 to 0.3 to avoid pulling in (some) obsolete compat
packages.
--------------------------------------------------------------------------------
ChangeLog:
* Sun Jan 19 2025 Fedora Release Engineering <[email protected]> -
1.0.0-13
- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
* Sat Oct 5 2024 Fabio Valentini <[email protected]> - 1.0.0-12
- Bump time dependency from 0.2 to 0.3
--------------------------------------------------------------------------------
================================================================================
rust-test-case-3.3.1-5.el9 (FEDORA-EPEL-2025-ca771b1a87)
Procedural macro attribute for generating parametrized test cases
--------------------------------------------------------------------------------
Update Information:
Update itertools dev-dependency to 0.14 (and allow 0.13)
--------------------------------------------------------------------------------
ChangeLog:
* Mon Jan 20 2025 Benjamin A. Beasley <[email protected]> - 3.3.1-5
- Update itertools dev-dependency to 0.14 (and allow 0.13)
* Sun Jan 19 2025 Fedora Release Engineering <[email protected]> -
3.3.1-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
* Sat Jul 20 2024 Fedora Release Engineering <[email protected]> -
3.3.1-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
* Sat Jan 27 2024 Fedora Release Engineering <[email protected]> -
3.3.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
rust-vt100-0.15.2-6.el9 (FEDORA-EPEL-2025-bf0d3629f8)
Library for parsing terminal data
--------------------------------------------------------------------------------
Update Information:
Drop a number of unused dev-dependencies
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jan 21 2025 Benjamin A. Beasley <[email protected]> - 0.15.2-6
- Drop a number of unused dev-dependencies
* Sun Jan 19 2025 Fedora Release Engineering <[email protected]> -
0.15.2-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
* Sat Jul 20 2024 Fedora Release Engineering <[email protected]> -
0.15.2-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
* Sat Jan 27 2024 Fedora Release Engineering <[email protected]> -
0.15.2-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
variant-lite-2.0.0-2.el9 (FEDORA-EPEL-2025-7b4cacd42e)
Represent a type-safe union
--------------------------------------------------------------------------------
Update Information:
Initial packages for lest, optional-lite, and variant-lite.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jan 21 2025 Benjamin A. Beasley <[email protected]> - 2.0.0-2
- Backport to EPEL8/9
* Tue Jan 21 2025 Benjamin A. Beasley <[email protected]> - 2.0.0-1
- Initial package (close RHBZ#2338399)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2335942 - Review Request: lest - Tiny C++11 test framework
https://bugzilla.redhat.com/show_bug.cgi?id=2335942
[ 2 ] Bug #2336142 - Review Request: optional-lite - Represent optional
(nullable) objects and pass them by value
https://bugzilla.redhat.com/show_bug.cgi?id=2336142
[ 3 ] Bug #2338399 - Review Request: variant-lite - Represent a type-safe
union
https://bugzilla.redhat.com/show_bug.cgi?id=2338399
--------------------------------------------------------------------------------
================================================================================
vaultwarden-1.32.7-4.el9 (FEDORA-EPEL-2025-cd95859e4b)
Unofficial Bitwarden compatible server
--------------------------------------------------------------------------------
Update Information:
fix VW_VERSION in compiled code, patch security issues
Update to 1.32.7
Fix CVE-2024-56335
Fix CVE-2024-55226
Fix CVE-2024-55225
Fix CVE-2024-55224
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jan 21 2025 Jonathan Wright <[email protected]> - 1.32.7-4
- Set VW_VERSION env var during build and install rhbz#2338534
* Sun Jan 19 2025 Fedora Release Engineering <[email protected]> -
1.32.7-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
* Wed Jan 15 2025 Jonathan Wright <[email protected]> - 1.32.7-2
- fix build on el9 with rust 1.79
* Fri Jan 3 2025 Jonathan Wright <[email protected]> - 1.32.7-1
- update to 1.32.7 rhbz#2322181
- Fix CVE-2024-56335
* Tue Oct 22 2024 Jonathan Wright <[email protected]> - 1.32.2-1
- update to 1.32.2 rhbz#2316657
* Sun Aug 11 2024 Jonathan Wright <[email protected]> - 1.32.0-1
- update to 1.32.0 rhbz#2304045
Resolves CVE-2024-39924
Resolves CVE-2024-39925
Resolves CVE-2024-39926
* Fri Aug 2 2024 Jonathan Wright <[email protected]> - 1.31.0-2
- Exclude s390x and ppc64le
* Fri Jul 19 2024 Jonathan Wright <[email protected]> - 1.31.0-1
- update to 1.31.0 rhbz#2297149
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2307705 - vaultwarden: FTBFS in Fedora 40 and 39
https://bugzilla.redhat.com/show_bug.cgi?id=2307705
[ 2 ] Bug #2333595 - CVE-2024-56335 vaultwarden: Privilege escalation allows
organization groups to be updated/deleted if their UUID is known in vaultwarden
[epel-9]
https://bugzilla.redhat.com/show_bug.cgi?id=2333595
[ 3 ] Bug #2333596 - CVE-2024-56335 vaultwarden: Privilege escalation allows
organization groups to be updated/deleted if their UUID is known in vaultwarden
[fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2333596
[ 4 ] Bug #2333597 - CVE-2024-56335 vaultwarden: Privilege escalation allows
organization groups to be updated/deleted if their UUID is known in vaultwarden
[fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2333597
[ 5 ] Bug #2336825 - CVE-2024-55226 vaultwarden: uthenticated reflected XSS
vulnerability [epel-9]
https://bugzilla.redhat.com/show_bug.cgi?id=2336825
[ 6 ] Bug #2336826 - CVE-2024-55226 vaultwarden: uthenticated reflected XSS
vulnerability [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2336826
[ 7 ] Bug #2336827 - CVE-2024-55226 vaultwarden: uthenticated reflected XSS
vulnerability [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2336827
[ 8 ] Bug #2336829 - CVE-2024-55225 vaultwarden: user spoofing via crafted
authorization request [epel-9]
https://bugzilla.redhat.com/show_bug.cgi?id=2336829
[ 9 ] Bug #2336830 - CVE-2024-55225 vaultwarden: user spoofing via crafted
authorization request [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2336830
[ 10 ] Bug #2336831 - CVE-2024-55225 vaultwarden: user spoofing via crafted
authorization request [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2336831
[ 11 ] Bug #2336833 - CVE-2024-55224 vaultwarden: arbitrary code execution
via injecting a crafted payload into the username field of an e-mail message
[epel-9]
https://bugzilla.redhat.com/show_bug.cgi?id=2336833
[ 12 ] Bug #2336834 - CVE-2024-55224 vaultwarden: arbitrary code execution
via injecting a crafted payload into the username field of an e-mail message
[fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2336834
[ 13 ] Bug #2336835 - CVE-2024-55224 vaultwarden: arbitrary code execution
via injecting a crafted payload into the username field of an e-mail message
[fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2336835
--------------------------------------------------------------------------------
================================================================================
vaultwarden-web-2024.6.2c-1.el9 (FEDORA-EPEL-2025-de2f3af67b)
Web vault for vaultwarden
--------------------------------------------------------------------------------
Update Information:
update to 2024.6.2c
--------------------------------------------------------------------------------
ChangeLog:
* Thu Jan 16 2025 Jonathan Wright <[email protected]> - 2024.6.2c-1
- update to 2024.6.2c
--------------------------------------------------------------------------------
--
_______________________________________________
epel-devel mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/[email protected]
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
