The following Fedora EPEL 9 Security updates need testing:
Age URL
6 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-7feb10dac5
trafficserver-9.2.9-1.el9
2 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-e78841c77e
python-django4.2-4.2.20-1.el9
The following builds have been pushed to Fedora EPEL 9 updates-testing
radare2-5.9.8-7.el9
rust-cargo_toml-0.22.1-1.el9
rust-jiff-0.2.4-1.el9
rust-onefetch-2.23.1-3.el9
rust-onefetch-manifest-2.23.1-3.el9
yamllint-1.36.0-1.el9
Details about builds:
================================================================================
radare2-5.9.8-7.el9 (FEDORA-EPEL-2025-b3b0248eac)
The reverse engineering framework
--------------------------------------------------------------------------------
Update Information:
fix CVE-2024-56737, CVE-2025-56737, CVE-2025-1864
Fix CVE-2025-1744 and CVE-2025-1864
--------------------------------------------------------------------------------
ChangeLog:
* Tue Mar 11 2025 Michal Ambroz <[email protected]> - 5.9.8-7
- fix CVE-2024-56737
* Fri Mar 7 2025 Michal Ambroz <[email protected]> - 5.9.8-6
- fix CVE-2025-1744 and CVE-2025-1864
* Sat Jan 18 2025 Fedora Release Engineering <[email protected]> -
5.9.8-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2334774 - CVE-2024-56737 radare2: heap-based buffer overflow
[epel-8]
https://bugzilla.redhat.com/show_bug.cgi?id=2334774
[ 2 ] Bug #2334775 - CVE-2024-56737 radare2: heap-based buffer overflow
[epel-9]
https://bugzilla.redhat.com/show_bug.cgi?id=2334775
[ 3 ] Bug #2334777 - CVE-2024-56737 radare2: heap-based buffer overflow
[fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2334777
[ 4 ] Bug #2334779 - CVE-2024-56737 radare2: heap-based buffer overflow
[fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2334779
[ 5 ] Bug #2348976 - CVE-2025-1744 radare2: Out-of-bounds Write in radare2
[epel-8]
https://bugzilla.redhat.com/show_bug.cgi?id=2348976
[ 6 ] Bug #2348977 - CVE-2025-1744 radare2: Out-of-bounds Write in radare2
[epel-9]
https://bugzilla.redhat.com/show_bug.cgi?id=2348977
[ 7 ] Bug #2348978 - CVE-2025-1744 radare2: Out-of-bounds Write in radare2
[fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2348978
[ 8 ] Bug #2348979 - CVE-2025-1744 radare2: Out-of-bounds Write in radare2
[fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2348979
[ 9 ] Bug #2349508 - CVE-2025-1864 radare2: Buffer Overflow and Potential
Code Execution in Radare2 [epel-8]
https://bugzilla.redhat.com/show_bug.cgi?id=2349508
[ 10 ] Bug #2349509 - CVE-2025-1864 radare2: Buffer Overflow and Potential
Code Execution in Radare2 [epel-9]
https://bugzilla.redhat.com/show_bug.cgi?id=2349509
[ 11 ] Bug #2349510 - CVE-2025-1864 radare2: Buffer Overflow and Potential
Code Execution in Radare2 [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2349510
[ 12 ] Bug #2349511 - CVE-2025-1864 radare2: Buffer Overflow and Potential
Code Execution in Radare2 [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2349511
--------------------------------------------------------------------------------
================================================================================
rust-cargo_toml-0.22.1-1.el9 (FEDORA-EPEL-2025-5b4b4002ea)
Cargo.toml struct definitions for parsing with Serde
--------------------------------------------------------------------------------
Update Information:
Update rust-cargo_toml from 0.21.0 to 0.22.1.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Mar 11 2025 Benjamin A. Beasley <[email protected]> - 0.22.1-1
- Update to 0.22.1 (close RHBZ#2350957)
* Sun Jan 19 2025 Fedora Release Engineering <[email protected]> -
0.21.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2350957 - rust-cargo_toml-0.22.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2350957
--------------------------------------------------------------------------------
================================================================================
rust-jiff-0.2.4-1.el9 (FEDORA-EPEL-2025-90c2f27633)
Date-time library that encourages you to jump into the pit of success
--------------------------------------------------------------------------------
Update Information:
https://github.com/BurntSushi/jiff/blob/0.2.4/CHANGELOG.md#024-2025-03-10
https://github.com/BurntSushi/jiff/blob/0.2.3/CHANGELOG.md#023-2025-03-07
--------------------------------------------------------------------------------
ChangeLog:
* Tue Mar 11 2025 Benjamin A. Beasley <[email protected]> - 0.2.4-1
- Update to 0.2.4 (close RHBZ#2351235)
* Sun Mar 9 2025 Benjamin A. Beasley <[email protected]> - 0.2.3-2
- Do more dev-dependency patching with tomcli
* Sun Mar 9 2025 Benjamin A. Beasley <[email protected]> - 0.2.3-1
- Update to 0.2.3 (close RHBZ#2350480)
* Sun Mar 9 2025 Benjamin A. Beasley <[email protected]> - 0.2.2-1
- Update to 0.2.2
- Patch out features for static timezone databases
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2350480 - rust-jiff-0.2.3 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2350480
[ 2 ] Bug #2351235 - rust-jiff-0.2.4 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2351235
--------------------------------------------------------------------------------
================================================================================
rust-onefetch-2.23.1-3.el9 (FEDORA-EPEL-2025-5b4b4002ea)
Command-line Git information tool
--------------------------------------------------------------------------------
Update Information:
Update rust-cargo_toml from 0.21.0 to 0.22.1.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Mar 11 2025 Benjamin A. Beasley <[email protected]> - 2.23.1-3
- Rebuilt with rust-cargo_toml 0.22.1; updated License expression
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2350957 - rust-cargo_toml-0.22.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2350957
--------------------------------------------------------------------------------
================================================================================
rust-onefetch-manifest-2.23.1-3.el9 (FEDORA-EPEL-2025-5b4b4002ea)
Detect and parse manifest files
--------------------------------------------------------------------------------
Update Information:
Update rust-cargo_toml from 0.21.0 to 0.22.1.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Mar 11 2025 Benjamin A. Beasley <[email protected]> - 2.23.1-3
- Update cargo_toml from 0.21.0 to 0.22.1
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2350957 - rust-cargo_toml-0.22.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2350957
--------------------------------------------------------------------------------
================================================================================
yamllint-1.36.0-1.el9 (FEDORA-EPEL-2025-4975a38085)
A linter for YAML files
--------------------------------------------------------------------------------
Update Information:
Update to latest upstream version
--------------------------------------------------------------------------------
ChangeLog:
* Tue Mar 11 2025 Adrien Vergé <[email protected]> - 1.36.0-1
- Update to latest upstream version
--------------------------------------------------------------------------------
--
_______________________________________________
epel-devel mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/[email protected]
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
