The following Fedora EPEL 10.2 Security updates need testing:
Age URL
2 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-e4aece27a1
nextcloud-31.0.9-1.el10_2
1 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-c6fbad96c4
python-nh3-0.2.21-2.el10_2 rust-ammonia-4.0.1-1.el10_2
1 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-7209d59fc3
dnsdist-2.0.1-1.el10_2
1 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-74dfc689e4
bird-3.1.4-1.el10_2
The following builds have been pushed to Fedora EPEL 10.2 updates-testing
NetworkManager-openvpn-1.12.3-1.el10_2
auter-1.0.0-16.el10_2
bgpq3-0.1.38-1.el10_2
hatch-1.14.2-1.el10_2
libmediainfo-25.07-1.el10_2
mediainfo-25.07-1.el10_2
ruff-0.11.13-4.el10_2
rust-astral-tokio-tar-0.5.5-1.el10_2
rust-jod-thread-1.0.0-1.el10_2
supernovas-1.4.2-2.el10_2
tmt-1.58.0-1.el10_2
uv-0.8.11-4.el10_2
Details about builds:
================================================================================
NetworkManager-openvpn-1.12.3-1.el10_2 (FEDORA-EPEL-2025-2b7a5f3344)
NetworkManager VPN plugin for OpenVPN
--------------------------------------------------------------------------------
Update Information:
Update to 1.12.3 release
--------------------------------------------------------------------------------
ChangeLog:
* Wed Sep 24 2025 Ãñigo Huguet <[email protected]> - 1:1.12.3-1
- Update to 1.12.3 release
--------------------------------------------------------------------------------
================================================================================
auter-1.0.0-16.el10_2 (FEDORA-EPEL-2025-24580d5eee)
Prepare and apply updates
--------------------------------------------------------------------------------
Update Information:
Initial package for EPEL 10.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jul 23 2025 Fedora Release Engineering <[email protected]> -
1.0.0-16
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
* Thu Jan 16 2025 Fedora Release Engineering <[email protected]> -
1.0.0-15
- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
* Wed Jul 24 2024 Miroslav Suchý <[email protected]> - 1.0.0-14
- convert license to SPDX
* Wed Jul 17 2024 Fedora Release Engineering <[email protected]> -
1.0.0-13
- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
* Mon Jan 22 2024 Fedora Release Engineering <[email protected]> -
1.0.0-12
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Fri Jan 19 2024 Fedora Release Engineering <[email protected]> -
1.0.0-11
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2374346 - Please branch and build auter in epel10
https://bugzilla.redhat.com/show_bug.cgi?id=2374346
--------------------------------------------------------------------------------
================================================================================
bgpq3-0.1.38-1.el10_2 (FEDORA-EPEL-2025-54545b29a3)
Automate BGP filter generation based on routing database information
--------------------------------------------------------------------------------
Update Information:
Update to latest upstream release v 0.1.38
--------------------------------------------------------------------------------
ChangeLog:
* Wed Sep 24 2025 Bennie Joubert <[email protected]> - 0.1.38-1
- Update to latest upstream release v 0.1.38
* Wed Jul 23 2025 Fedora Release Engineering <[email protected]> -
0.1.36.1-11
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
* Thu Jan 16 2025 Fedora Release Engineering <[email protected]> -
0.1.36.1-10
- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
* Wed Aug 28 2024 Miroslav Suchý <[email protected]> - 0.1.36.1-9
- convert license to SPDX
* Wed Jul 17 2024 Fedora Release Engineering <[email protected]> -
0.1.36.1-8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
* Tue Jan 23 2024 Fedora Release Engineering <[email protected]> -
0.1.36.1-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Fri Jan 19 2024 Fedora Release Engineering <[email protected]> -
0.1.36.1-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2365559 - bgpq3-0.1.38 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2365559
--------------------------------------------------------------------------------
================================================================================
hatch-1.14.2-1.el10_2 (FEDORA-EPEL-2025-0c28db23fa)
A modern project, package, and virtual env manager
--------------------------------------------------------------------------------
Update Information:
1.14.2 - 2025-09-24
Fixed:
Fix compatibility with recent versions of Click
--------------------------------------------------------------------------------
ChangeLog:
* Wed Sep 24 2025 Benjamin A. Beasley <[email protected]> - 1.14.2-1
- Update to 1.14.2 (close RHBZ#2397757)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2397757 - hatch-1.14.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2397757
--------------------------------------------------------------------------------
================================================================================
libmediainfo-25.07-1.el10_2 (FEDORA-EPEL-2025-34d0003ee2)
Library for supplies technical and tag information about a video or audio file
--------------------------------------------------------------------------------
Update Information:
Update to 25.07.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Sep 24 2025 Vasiliy Glazov <[email protected]> - 25.07-1
- Update to 25.07
* Sat Aug 23 2025 Benjamin A. Beasley <[email protected]> - 25.04-3
- Rebuilt for tinyxml2 11.0.0
* Thu Jul 24 2025 Fedora Release Engineering <[email protected]> -
25.04-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2364062 - [abrt] mediainfo-qt: socket_send(): mediainfo-qt killed
by SIGSEGV
https://bugzilla.redhat.com/show_bug.cgi?id=2364062
[ 2 ] Bug #2381257 - libmediainfo: FTBFS with change proposal CMake drop
non-standard variables
https://bugzilla.redhat.com/show_bug.cgi?id=2381257
--------------------------------------------------------------------------------
================================================================================
mediainfo-25.07-1.el10_2 (FEDORA-EPEL-2025-34d0003ee2)
Supplies technical and tag information about a video or audio file (CLI)
--------------------------------------------------------------------------------
Update Information:
Update to 25.07.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Sep 24 2025 Vasiliy Glazov <[email protected]> - 25.07-1
- Update to 25.07
* Thu Jul 24 2025 Fedora Release Engineering <[email protected]> -
25.04-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2364062 - [abrt] mediainfo-qt: socket_send(): mediainfo-qt killed
by SIGSEGV
https://bugzilla.redhat.com/show_bug.cgi?id=2364062
[ 2 ] Bug #2381257 - libmediainfo: FTBFS with change proposal CMake drop
non-standard variables
https://bugzilla.redhat.com/show_bug.cgi?id=2381257
--------------------------------------------------------------------------------
================================================================================
ruff-0.11.13-4.el10_2 (FEDORA-EPEL-2025-d8a5044594)
Extremely fast Python linter and code formatter
--------------------------------------------------------------------------------
Update Information:
Update Ruff to 0.11.13.
https://github.com/astral-sh/ruff/releases/tag/0.11.13
https://github.com/astral-sh/ruff/releases/tag/0.11.12
https://github.com/astral-sh/ruff/releases/tag/0.11.11
https://github.com/astral-sh/ruff/releases/tag/0.11.10
https://github.com/astral-sh/ruff/releases/tag/0.11.9
https://github.com/astral-sh/ruff/releases/tag/0.11.8
https://github.com/astral-sh/ruff/releases/tag/0.11.7
https://github.com/astral-sh/ruff/releases/tag/0.11.6
Update rust-jod-thread to 1.0.0.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Sep 23 2025 Benjamin A. Beasley <[email protected]> - 0.11.13-4
- Patch `find_ruff_bin()` to find the system-wide ruff executable
* Tue Sep 23 2025 Benjamin A. Beasley <[email protected]> - 0.11.13-3
- Flaky salsa tests are flaky on ppc64le, too
* Sun Sep 21 2025 Benjamin A. Beasley <[email protected]> - 0.11.13-2
- No longer allow older versions of jod-thread
* Sat Sep 20 2025 Benjamin A. Beasley <[email protected]> - 0.11.13-1
- Update to 0.11.13
* Sat Sep 20 2025 Benjamin A. Beasley <[email protected]> - 0.11.12-1
- Update to 0.11.12
* Sat Sep 20 2025 Benjamin A. Beasley <[email protected]> - 0.11.11-1
- Update to 0.11.11
* Sat Sep 20 2025 Benjamin A. Beasley <[email protected]> - 0.11.10-1
- Update to 0.11.10
* Sat Sep 20 2025 Benjamin A. Beasley <[email protected]> - 0.11.9-5
- Skip additional related flaky tests in salsa on s390x
* Sat Sep 20 2025 Benjamin A. Beasley <[email protected]> - 0.11.9-4
- Remove bundled, pre-compiled mermaid.js to prove it is unused
* Sat Sep 20 2025 Benjamin A. Beasley <[email protected]> - 0.11.9-3
- Validate hashes/versons in %prep so that mismatches are detected quickly
* Sat Sep 20 2025 Benjamin A. Beasley <[email protected]> - 0.11.9-2
- Validate salsa version against source
* Sat Sep 20 2025 Benjamin A. Beasley <[email protected]> - 0.11.9-1
- Update to 0.11.9
* Sat Sep 20 2025 Benjamin A. Beasley <[email protected]> - 0.11.8-3
- No longer limit the number of test threads
* Sat Sep 20 2025 Benjamin A. Beasley <[email protected]> - 0.11.8-2
- No longer need to skip
generate_cli_help::tests::test_generate_json_schema
* Sat Sep 20 2025 Benjamin A. Beasley <[email protected]> - 0.11.8-1
- Update to 0.11.8
* Sat Sep 20 2025 Benjamin A. Beasley <[email protected]> - 0.11.7-1
- Update to 0.11.7
* Sat Sep 20 2025 Benjamin A. Beasley <[email protected]> - 0.11.6-1
- Update to 0.11.6
* Sat Sep 20 2025 Benjamin A. Beasley <[email protected]> - 0.11.5-9
- Update packaging style to parallel that of uv
- Package CHANGELOG.md as documentation; do not package CODE_OF_CONDUCT.md
or CONTRIBUTING.md since they pertain to upstream development
- Split out the importable Python module into a separate python3-ruff
subpackage
- Follow upstream in using the jemalloc allocator
* Fri Sep 19 2025 Python Maint <[email protected]> - 0.11.5-8
- Rebuilt for Python 3.14.0rc3 bytecode
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2356191 - rust-jod-thread-1.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2356191
--------------------------------------------------------------------------------
================================================================================
rust-astral-tokio-tar-0.5.5-1.el10_2 (FEDORA-EPEL-2025-37d065cdf4)
Rust implementation of an async TAR file reader and writer
--------------------------------------------------------------------------------
Update Information:
Security update for path traversal CVE-2025-59825 / GHSA-3wgq-wrwc-vqmv.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Sep 24 2025 Benjamin A. Beasley <[email protected]> - 0.5.5-1
- Update to version 0.5.5; fixes RHBZ#2397644
- Security fix for CVE-2025-59825 / GHSA-3wgq-wrwc-vqmv
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2397714 - CVE-2025-59825 rust-astral-tokio-tar: astral-tokio-tar
path traversal [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2397714
[ 2 ] Bug #2397715 - CVE-2025-59825 uv: astral-tokio-tar path traversal
[epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2397715
--------------------------------------------------------------------------------
================================================================================
rust-jod-thread-1.0.0-1.el10_2 (FEDORA-EPEL-2025-d8a5044594)
Std::thread which joins on drop by default
--------------------------------------------------------------------------------
Update Information:
Update Ruff to 0.11.13.
https://github.com/astral-sh/ruff/releases/tag/0.11.13
https://github.com/astral-sh/ruff/releases/tag/0.11.12
https://github.com/astral-sh/ruff/releases/tag/0.11.11
https://github.com/astral-sh/ruff/releases/tag/0.11.10
https://github.com/astral-sh/ruff/releases/tag/0.11.9
https://github.com/astral-sh/ruff/releases/tag/0.11.8
https://github.com/astral-sh/ruff/releases/tag/0.11.7
https://github.com/astral-sh/ruff/releases/tag/0.11.6
Update rust-jod-thread to 1.0.0.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Sep 19 2025 Benjamin A. Beasley <[email protected]> - 1.0.0-1
- Update to version 1.0.0; Fixes RHBZ#2356191
* Fri Jul 25 2025 Fedora Release Engineering <[email protected]> -
0.1.2-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2356191 - rust-jod-thread-1.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2356191
--------------------------------------------------------------------------------
================================================================================
supernovas-1.4.2-2.el10_2 (FEDORA-EPEL-2025-5f42990a97)
The Naval Observatory's NOVAS C astronomy library, made better
--------------------------------------------------------------------------------
Update Information:
solsys1 / solsys2 sub-packages to work with future core package also.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Sep 24 2025 Attila Kovacs <[email protected]> - 1.4.2-2
- solsys1 / solsys2 sub-packages to work with future core package also.
--------------------------------------------------------------------------------
================================================================================
tmt-1.58.0-1.el10_2 (FEDORA-EPEL-2025-711d4ba3fc)
Test Management Tool
--------------------------------------------------------------------------------
Update Information:
Automatic update for tmt-1.58.0-1.el10_2.
Changelog for tmt
* Wed Sep 24 2025 Packit <[email protected]> - 1.58.0-1
- Update to version 1.58.0
--------------------------------------------------------------------------------
ChangeLog:
* Wed Sep 24 2025 Packit <[email protected]> - 1.58.0-1
- Update to version 1.58.0
--------------------------------------------------------------------------------
================================================================================
uv-0.8.11-4.el10_2 (FEDORA-EPEL-2025-37d065cdf4)
An extremely fast Python package installer and resolver, written in Rust
--------------------------------------------------------------------------------
Update Information:
Security update for path traversal CVE-2025-59825 / GHSA-3wgq-wrwc-vqmv.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Sep 24 2025 Benjamin A. Beasley <[email protected]> - 0.8.11-4
- Rebuilt with astral-tokio-tar version 0.5.5
- Security fix for path traversal CVE-2025-59825 / GHSA-3wgq-wrwc-vqmv
* Fri Sep 19 2025 Python Maint <[email protected]> - 0.8.11-3
- Rebuilt for Python 3.14.0rc3 bytecode
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2397714 - CVE-2025-59825 rust-astral-tokio-tar: astral-tokio-tar
path traversal [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2397714
[ 2 ] Bug #2397715 - CVE-2025-59825 uv: astral-tokio-tar path traversal
[epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2397715
--------------------------------------------------------------------------------
--
_______________________________________________
epel-devel mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/[email protected]
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
