The following Fedora EPEL 9 Security updates need testing:
Age URL
5 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-5c25fd8e2d
roundcubemail-1.5.10-1.el9
5 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-1994b4dec7
seamonkey-2.53.21-1.el9
4 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-f9b95079ea
yarnpkg-1.22.22-8.el9
1 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-66a01bfb0d
valkey-8.0.3-3.el9
The following builds have been pushed to Fedora EPEL 9 updates-testing
objfw-1.3.2-1.el9
python-django4.2-4.2.22-1.el9
xrootd-s3-http-0.4.1-2.el9
Details about builds:
================================================================================
objfw-1.3.2-1.el9 (FEDORA-EPEL-2025-102942d0f2)
Portable, lightweight framework for the Objective-C language
--------------------------------------------------------------------------------
Update Information:
Update to 1.3.2
Update to 1.3.1
--------------------------------------------------------------------------------
ChangeLog:
* Sun Jun 8 2025 Jonathan Schleifer <[email protected]> - 1.3.2-1
- Update to 1.3.2
* Sat Jun 7 2025 Jonathan Schleifer <[email protected]> - 1.3.1-1
- Update to 1.3.1
--------------------------------------------------------------------------------
================================================================================
python-django4.2-4.2.22-1.el9 (FEDORA-EPEL-2025-ead5908650)
A high-level Python Web framework
--------------------------------------------------------------------------------
Update Information:
Fixes CVE-2025-32873: Denial-of-service possibility in strip_tags()
Fixes CVE-2025-48432: Potential log injection via unescaped request path
--------------------------------------------------------------------------------
ChangeLog:
* Sun Jun 8 2025 Michel Lind <[email protected]> - 4.2.22-1
- Update to version 4.2.22
- Fixes CVE-2025-32873: Denial-of-service possibility in strip_tags()
- Fixes CVE-2025-48432: Potential log injection via unescaped request path
- Revert pyproject conversion; we don't need it and don't have the needed
version
- Rebase Python 3.13 patch
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2365041 - CVE-2025-32873 python-django4.2: Django StripTags Denial
of Service [epel-9]
https://bugzilla.redhat.com/show_bug.cgi?id=2365041
--------------------------------------------------------------------------------
================================================================================
xrootd-s3-http-0.4.1-2.el9 (FEDORA-EPEL-2025-359e7a1dd4)
S3/HTTP filesystem plugins for XRootD
--------------------------------------------------------------------------------
Update Information:
xrootd S3 http 0.4.1
--------------------------------------------------------------------------------
ChangeLog:
* Sun Jun 8 2025 Mattias Ellert <[email protected]> - 0.4.1-2
- Fix broken glob filter
* Sat Jun 7 2025 Mattias Ellert <[email protected]> - 0.4.1-1
- Update to version 0.4.1
* Sun Mar 9 2025 Mattias Ellert <[email protected]> - 0.2.1-2
- Add -DLIB_INSTALL_DIR to cmake command
--------------------------------------------------------------------------------
--
_______________________________________________
epel-devel mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/[email protected]
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
