The following Fedora EPEL 9 Security updates need testing:
Age URL
4 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-b73f867b3a
lemonldap-ng-2.21.3-1.el9
4 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-73b3fd3fe3
perl-Cpanel-JSON-XS-4.40-1.el9
0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-2f117a9b68
chromium-140.0.7339.127-1.el9
The following builds have been pushed to Fedora EPEL 9 updates-testing
arpwatch-3.8-6.el9
baresip-4.1.0-1.el9
libre-4.1.0-1.el9
podman-tui-1.8.0-2.el9
prometheus-podman-exporter-1.18.1-1.el9
Details about builds:
================================================================================
arpwatch-3.8-6.el9 (FEDORA-EPEL-2025-86e612639d)
Network monitoring tools for tracking IP addresses on a network
--------------------------------------------------------------------------------
Update Information:
Generate ethercodes.dat from latest oui.csv
--------------------------------------------------------------------------------
ChangeLog:
* Sat Sep 13 2025 Benjamin A. Beasley <[email protected]> - 14:3.8-6
- Generate ethercodes.dat from latest oui.csv
--------------------------------------------------------------------------------
================================================================================
baresip-4.1.0-1.el9 (FEDORA-EPEL-2025-faeddc1665)
Modular SIP user-agent with audio and video support
--------------------------------------------------------------------------------
Update Information:
Baresip v4.1.0 (2025-09-10)
package: Fix not working libdir
ci: temporary workaround for choco openssl failure
call: add getter call state name
play: set audio path to config
ci: update actions/checkout@v5
audio: avoid tx underruns if ausrc delivers small audio frames
test: ua - event_handler remove unused variables
test: ua - fix index for domain_add
jbuf: adaptive playout time calculation
config: fix video_jitter_buffer_size and add deprecation warnings
ua: avoid duplicates of URI params
gst: fix crash on shutdown
ua: avoid suffix for contact user if possible
doc: update jbuf settings in examples
uag: avoid peer-to-peer calls to registered accounts
message: log when UA is not found for incoming MESSAGE
ci/build/macos: use ffmpeg 7
test: convert some define values to enum
readme: update list of platforms and compilers
test: fix some pylint warnings in ccheck
jbuf: remove payload type from struct, only set not read
libre v4.1.0 (2025-09-10)
ci: temporary workaround for choco openssl failure
test: add support for IPv6 on UDP-test
ci: enable Windows testing when OpenSSL is disabled
websock: remove unused peer member
test: add testing of udp_rxsz_set() and udp_sockbuf_set()
ci/build: select xcode version 16.2
udp: combine udp_recv_helper() and udp_recv_packet()
test: add support for UDP multicast test
ci: update actions/checkout@v5
uri: remove uri_escape_user()
uri: remove some unused escape functions
test: add support for IPv6 and TURN
test: add support for testing more DTLS-SRTP suites
dtls: remove dtls_set_handlers() -- unused
tls: remove tls_set_certificate_der() -- unused
test: set low MTU in DTLS-test
test: add support for TURN mock-server authentication
tls: tls_set_resumption() -- change const enum to enum
ci/abi: bump old abi
ci/coverage: bump min coverage
--------------------------------------------------------------------------------
ChangeLog:
* Sat Sep 13 2025 Robert Scheck <[email protected]> 4.1.0-1
- Upgrade to 4.1.0 (#2394394)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2394384 - libre-4.1.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2394384
[ 2 ] Bug #2394394 - baresip-4.1.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2394394
--------------------------------------------------------------------------------
================================================================================
libre-4.1.0-1.el9 (FEDORA-EPEL-2025-faeddc1665)
Generic library for real-time communications
--------------------------------------------------------------------------------
Update Information:
Baresip v4.1.0 (2025-09-10)
package: Fix not working libdir
ci: temporary workaround for choco openssl failure
call: add getter call state name
play: set audio path to config
ci: update actions/checkout@v5
audio: avoid tx underruns if ausrc delivers small audio frames
test: ua - event_handler remove unused variables
test: ua - fix index for domain_add
jbuf: adaptive playout time calculation
config: fix video_jitter_buffer_size and add deprecation warnings
ua: avoid duplicates of URI params
gst: fix crash on shutdown
ua: avoid suffix for contact user if possible
doc: update jbuf settings in examples
uag: avoid peer-to-peer calls to registered accounts
message: log when UA is not found for incoming MESSAGE
ci/build/macos: use ffmpeg 7
test: convert some define values to enum
readme: update list of platforms and compilers
test: fix some pylint warnings in ccheck
jbuf: remove payload type from struct, only set not read
libre v4.1.0 (2025-09-10)
ci: temporary workaround for choco openssl failure
test: add support for IPv6 on UDP-test
ci: enable Windows testing when OpenSSL is disabled
websock: remove unused peer member
test: add testing of udp_rxsz_set() and udp_sockbuf_set()
ci/build: select xcode version 16.2
udp: combine udp_recv_helper() and udp_recv_packet()
test: add support for UDP multicast test
ci: update actions/checkout@v5
uri: remove uri_escape_user()
uri: remove some unused escape functions
test: add support for IPv6 and TURN
test: add support for testing more DTLS-SRTP suites
dtls: remove dtls_set_handlers() -- unused
tls: remove tls_set_certificate_der() -- unused
test: set low MTU in DTLS-test
test: add support for TURN mock-server authentication
tls: tls_set_resumption() -- change const enum to enum
ci/abi: bump old abi
ci/coverage: bump min coverage
--------------------------------------------------------------------------------
ChangeLog:
* Sat Sep 13 2025 Robert Scheck <[email protected]> 4.1.0-1
- Upgrade to 4.1.0 (#2394384)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2394384 - libre-4.1.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2394384
[ 2 ] Bug #2394394 - baresip-4.1.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2394394
--------------------------------------------------------------------------------
================================================================================
podman-tui-1.8.0-2.el9 (FEDORA-EPEL-2025-7f41f3a963)
Podman Terminal User Interface
--------------------------------------------------------------------------------
Update Information:
podman-tui release 1.8.0
--------------------------------------------------------------------------------
ChangeLog:
* Sat Sep 13 2025 Navid Yaghoobi <[email protected]> - 1.8.0-1
- Release v1.8.0
* Fri Aug 15 2025 Maxwell G <[email protected]> - 1.7.0-3
- Rebuild for golang-1.25.0
* Fri Jul 25 2025 Fedora Release Engineering <[email protected]> -
1.7.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2391605 - CVE-2025-58058 podman-tui: github.com/ulikunitz/xz leaks
memory [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2391605
[ 2 ] Bug #2391613 - CVE-2025-58058 podman-tui: github.com/ulikunitz/xz leaks
memory [epel-9]
https://bugzilla.redhat.com/show_bug.cgi?id=2391613
[ 3 ] Bug #2391638 - CVE-2025-58058 podman-tui: github.com/ulikunitz/xz leaks
memory [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2391638
[ 4 ] Bug #2391670 - CVE-2025-58058 podman-tui: github.com/ulikunitz/xz leaks
memory [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2391670
--------------------------------------------------------------------------------
================================================================================
prometheus-podman-exporter-1.18.1-1.el9 (FEDORA-EPEL-2025-7ecff8a55d)
Prometheus exporter for podman environment
--------------------------------------------------------------------------------
Update Information:
prometheus-podman-exporter v1.18.1
--------------------------------------------------------------------------------
ChangeLog:
* Sat Sep 13 2025 Navid Yaghoobi <[email protected]> - 1.18.1-1
- Release v1.18.1
* Fri Aug 15 2025 Maxwell G <[email protected]> - 1.17.2-3
- Rebuild for golang-1.25.0
* Fri Jul 25 2025 Fedora Release Engineering <[email protected]> -
1.17.2-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2391248 - prometheus-podman-exporter-1.18.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2391248
[ 2 ] Bug #2391606 - CVE-2025-58058 prometheus-podman-exporter:
github.com/ulikunitz/xz leaks memory [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2391606
[ 3 ] Bug #2391614 - CVE-2025-58058 prometheus-podman-exporter:
github.com/ulikunitz/xz leaks memory [epel-9]
https://bugzilla.redhat.com/show_bug.cgi?id=2391614
[ 4 ] Bug #2391639 - CVE-2025-58058 prometheus-podman-exporter:
github.com/ulikunitz/xz leaks memory [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2391639
[ 5 ] Bug #2391671 - CVE-2025-58058 prometheus-podman-exporter:
github.com/ulikunitz/xz leaks memory [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2391671
--------------------------------------------------------------------------------
--
_______________________________________________
epel-devel mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/[email protected]
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
