[EPEL-devel] Fedora EPEL 9 updates-testing report

[updates]

The following Fedora EPEL 9 Security updates need testing:
 Age  URL
   5  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-ccbb79f04d   
firebird-4.0.6.3221-1.1.el9
   1  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-432b5609c3   
civetweb-1.16-10.el9
   1  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-353441fbbe   
apptainer-1.4.3-1.el9


The following builds have been pushed to Fedora EPEL 9 updates-testing

    libssh2-1.11.1-1.el9
    python-assertpy-1.1-2.el9
    python-pyxdameraulevenshtein-1.9.0-1.el9
    wordpress-6.8.3-1.el9

Details about builds:


================================================================================
 libssh2-1.11.1-1.el9 (FEDORA-EPEL-2025-c1a3189d11)
 A library implementing the SSH2 protocol
--------------------------------------------------------------------------------
Update Information:

This update, to the current upstream libssh2 release, addresses a couple of
security issues:
CVE-2023-6918 (missing checks for return values for digests)
CVE-2023-48795 (prefix truncation attack on Binary Packet Protocol (BPP) -
"Terrapin")
It also removes support for a number of legacy algorithms that were disabled by
default or removed from OpenSSH in the 2015-2018 time period. See the
RELEASE_NOTES file for full details.
In addition, there are a large number of bug fixes and enhancements, which again
are described in the RELEASE_NOTES file.
--------------------------------------------------------------------------------
ChangeLog:

* Wed Oct 16 2024 Paul Howarth <p...@city-fan.org> - 1.11.1-1
- Update to 1.11.1 (rhbz#2319104)
  - This is an enhancement and bugfix release - see RELEASE_NOTES for details
  - Note also that various algorithms are now deprecated and not built by
    default, which affects this package
* Sat Jul 27 2024 Paul Howarth <p...@city-fan.org> - 1.11.0-8
- Fix test suite failures with OpenSSH 9.8p1
* Thu Jul 18 2024 Fedora Release Engineering <rel...@fedoraproject.org> - 
1.11.0-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
* Wed Jul 10 2024 Paul Howarth <p...@city-fan.org> - 1.11.0-6
- Build without OpenSSL ENGINE support from Fedora 41 onwards
* Tue Apr  2 2024 Zhao Jiasheng <jasenc...@gmail.com> - 1.11.0-5
- Fix rpath on riscv64
* Thu Jan 25 2024 Fedora Release Engineering <rel...@fedoraproject.org> - 
1.11.0-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Sun Jan 21 2024 Fedora Release Engineering <rel...@fedoraproject.org> - 
1.11.0-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Thu Jul 20 2023 Fedora Release Engineering <rel...@fedoraproject.org> - 
1.11.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #2254210 - CVE-2023-48795 ssh: Prefix truncation attack on Binary 
Packet Protocol (BPP)
        https://bugzilla.redhat.com/show_bug.cgi?id=2254210
  [ 2 ] Bug #2254997 - CVE-2023-6918 libssh: Missing checks for return values 
for digests
        https://bugzilla.redhat.com/show_bug.cgi?id=2254997
--------------------------------------------------------------------------------


================================================================================
 python-assertpy-1.1-2.el9 (FEDORA-EPEL-2025-5d0b20b826)
 Simple assertion library for unit testing in Python with a fluent API
--------------------------------------------------------------------------------
Update Information:

Initial package
--------------------------------------------------------------------------------
ChangeLog:

* Tue Sep 30 2025 Benjamin A. Beasley <c...@musicinmybrain.net> - 1.1-2
- Backport to EPEL10/EPEL9
* Tue Sep 30 2025 Benjamin A. Beasley <c...@musicinmybrain.net>
- Initial package (close RHBZ#2394794)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #2394794 - Review Request: python-assertpy - Simple assertion 
library for unit testing in Python with a fluent API
        https://bugzilla.redhat.com/show_bug.cgi?id=2394794
--------------------------------------------------------------------------------


================================================================================
 python-pyxdameraulevenshtein-1.9.0-1.el9 (FEDORA-EPEL-2025-87507c29d6)
 Damerau-Levenshtein (DL) edit distance algorithm
--------------------------------------------------------------------------------
Update Information:

Update to 1.9.0 (close RHBZ#2400585)
Upstream has officially added Python 3.14 support and dropped Python 3.8
support, but the source code is unchanged.
--------------------------------------------------------------------------------
ChangeLog:

* Wed Oct  1 2025 Benjamin A. Beasley <c...@musicinmybrain.net> - 1.9.0-1
- Update to 1.9.0 (close RHBZ#2400585)
* Wed Oct  1 2025 Benjamin A. Beasley <c...@musicinmybrain.net> - 1.8.0-2
- Assert that %pyproject_files contains a license file
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #2400585 - python-pyxdameraulevenshtein-1.9.0 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=2400585
--------------------------------------------------------------------------------


================================================================================
 wordpress-6.8.3-1.el9 (FEDORA-EPEL-2025-da8bc4aeb5)
 Blog tool and publishing platform
--------------------------------------------------------------------------------
Update Information:

WordPress 6.8.3 Release
Security updates included in this release:
A data exposure issue where authenticated users could access some restricted
content. Independently reported by Mike Nelson, Abu Hurayra, Timothy Jacobs, and
Peter Wilson.
A cross-site scripting (XSS) vulnerability requiring an authenticated user role
that affects the nav menus. Reported by Phill Savage.
--------------------------------------------------------------------------------
ChangeLog:

* Wed Oct  1 2025 Remi Collet <r...@remirepo.net> - 6.8.3-1
- WordPress 6.8.3 Security Release
--------------------------------------------------------------------------------


-- 
_______________________________________________
epel-devel mailing list -- epel-devel@lists.fedoraproject.org
To unsubscribe send an email to epel-devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/epel-devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue