The following Fedora EPEL 10.2 Security updates need testing:
Age URL
5 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-e4aece27a1
nextcloud-31.0.9-1.el10_2
4 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-c6fbad96c4
python-nh3-0.2.21-2.el10_2 rust-ammonia-4.0.1-1.el10_2
4 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-7209d59fc3
dnsdist-2.0.1-1.el10_2
4 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-74dfc689e4
bird-3.1.4-1.el10_2
2 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-37d065cdf4
rust-astral-tokio-tar-0.5.5-1.el10_2 uv-0.8.11-4.el10_2
1 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-c693c72050
mupdf-1.25.4-3.el10_2
The following builds have been pushed to Fedora EPEL 10.2 updates-testing
bpfilter-0.6.0-1.el10_2
chromium-140.0.7339.207-1.el10_2
radicale-3.5.7-1.el10_2
Details about builds:
================================================================================
bpfilter-0.6.0-1.el10_2 (FEDORA-EPEL-2025-b90d251473)
BPF-based packet filtering framework
--------------------------------------------------------------------------------
Update Information:
Release v0.6.0
Changelog: https://github.com/facebook/bpfilter/releases/tag/v0.6.0
--------------------------------------------------------------------------------
ChangeLog:
* Fri Sep 26 2025 Quentin Deslandes <[email protected]> - 0.6.0-1
- Release 0.6.0
--------------------------------------------------------------------------------
================================================================================
chromium-140.0.7339.207-1.el10_2 (FEDORA-EPEL-2025-e5b8017942)
A WebKit (Blink) powered web browser that Google doesn't want you to use
--------------------------------------------------------------------------------
Update Information:
Update to 140.0.7339.207
* CVE-2025-10890: Side-channel information leakage in V8
* CVE-2025-10891: Integer overflow in V8
* CVE-2025-10892: Integer overflow in V8
--------------------------------------------------------------------------------
ChangeLog:
* Wed Sep 24 2025 Than Ngo <[email protected]> - 140.0.7339.207-1
- Update to 140.0.7339.207
* CVE-2025-10890: Side-channel information leakage in V8
* CVE-2025-10891: Integer overflow in V8
* CVE-2025-10892: Integer overflow in V8
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2397768 - CVE-2025-10890, CVE-2025-10891, CVE-2025-10892 -
chromium: Side-channel information leakage and Ingter overflow in V8
[epel-9/10l]
https://bugzilla.redhat.com/show_bug.cgi?id=2397768
[ 2 ] Bug #2398151 - chromium FTBFS - error: undefined symbol:
__rust_no_alloc_shim_is_unstable
https://bugzilla.redhat.com/show_bug.cgi?id=2398151
--------------------------------------------------------------------------------
================================================================================
radicale-3.5.7-1.el10_2 (FEDORA-EPEL-2025-affe5cc2fc)
A simple CalDAV (calendar) and CardDAV (contact) server
--------------------------------------------------------------------------------
Update Information:
Update to 3.5.7
--------------------------------------------------------------------------------
ChangeLog:
* Sat Sep 27 2025 Peter Bieringer <[email protected]> - 3.5.7-1
- Update to 3.5.7
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2399890 - radicale-3.5.7 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2399890
--------------------------------------------------------------------------------
--
_______________________________________________
epel-devel mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/[email protected]
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
