The following Fedora EPEL 9 Security updates need testing:
Age URL
6 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-432b5609c3
civetweb-1.16-10.el9
6 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-353441fbbe
apptainer-1.4.3-1.el9
5 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-fa10429956
turbo-attack-0.1.0-2.el9
5 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-da8bc4aeb5
wordpress-6.8.3-1.el9
5 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-c1a3189d11
libssh2-1.11.1-1.el9
2 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-f007c8e719
log4cxx-1.5.0-1.el9
1 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-bff0433d38
chromium-141.0.7390.54-1.el9
The following builds have been pushed to Fedora EPEL 9 updates-testing
python-colcon-core-0.20.1-1.el9
python-colcon-meson-0.5.0-1.el9
python-specfile-0.37.1-1.el9
rust-onefetch-2.25.0-6.el9
rust-tokei-13.0.0~alpha.9-1.el9
rust-tokei12-12.1.2-23.el9
valkey-8.0.6-1.el9
Details about builds:
================================================================================
python-colcon-core-0.20.1-1.el9 (FEDORA-EPEL-2025-be252462f7)
Command line tool to build sets of software packages
--------------------------------------------------------------------------------
Update Information:
Update to colcon-core 0.20.1
--------------------------------------------------------------------------------
ChangeLog:
* Mon Oct 6 2025 Scott K Logan <[email protected]> - 0.20.1-1
- Update to 0.20.1 (rhbz#2384195)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2384195 - python-colcon-core-0.20.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2384195
--------------------------------------------------------------------------------
================================================================================
python-colcon-meson-0.5.0-1.el9 (FEDORA-EPEL-2025-50878835f2)
Extension for colcon to support Meson packages
--------------------------------------------------------------------------------
Update Information:
Update to colcon-meson 0.5.0
--------------------------------------------------------------------------------
ChangeLog:
* Sat Sep 27 2025 Scott K Logan <[email protected]> - 0.5.0-1
- Update to 0.5.0
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2368744 - python-colcon-meson fails to build with Meson 1.8.0:
test_capital_case: TypeError: InterpreterBase.__init__() missing 2 required
positional arguments: 'subproject_dir' and 'env'
https://bugzilla.redhat.com/show_bug.cgi?id=2368744
--------------------------------------------------------------------------------
================================================================================
python-specfile-0.37.1-1.el9 (FEDORA-EPEL-2025-7210fcfa8b)
A library for parsing and manipulating RPM spec files
--------------------------------------------------------------------------------
Update Information:
Automatic update for python-specfile-0.37.1-1.el9.
Changelog for python-specfile
* Fri Oct 03 2025 Packit <[email protected]> - 0.37.1-1
- We have solved a FutureWarning in our codebase. (#485)
--------------------------------------------------------------------------------
ChangeLog:
* Fri Oct 3 2025 Packit <[email protected]> - 0.37.1-1
- We have solved a FutureWarning in our codebase. (#485)
--------------------------------------------------------------------------------
================================================================================
rust-onefetch-2.25.0-6.el9 (FEDORA-EPEL-2025-8ba8834520)
Command-line Git information tool
--------------------------------------------------------------------------------
Update Information:
Update rust-tokei to 13.0.0~alpha.9, with minor enhancements. Update the License
expression for onefetch, and ship only the CLI tool, not the unused Rust
library. Build rust-tokei12 with rust-aho-corasick 1.x.
--------------------------------------------------------------------------------
ChangeLog:
* Sun Oct 5 2025 Benjamin A. Beasley <[email protected]> - 2.25.0-6
- No longer package the library, only the application
* Sun Oct 5 2025 Benjamin A. Beasley <[email protected]> - 2.25.0-5
- Rebuild with tokei 13.0.0-alpha.9 and update License expression
--------------------------------------------------------------------------------
================================================================================
rust-tokei-13.0.0~alpha.9-1.el9 (FEDORA-EPEL-2025-8ba8834520)
Count your code, quickly
--------------------------------------------------------------------------------
Update Information:
Update rust-tokei to 13.0.0~alpha.9, with minor enhancements. Update the License
expression for onefetch, and ship only the CLI tool, not the unused Rust
library. Build rust-tokei12 with rust-aho-corasick 1.x.
--------------------------------------------------------------------------------
ChangeLog:
* Sun Oct 5 2025 Benjamin A. Beasley <[email protected]> -
13.0.0~alpha.9-1
- Update to version 13.0.0~alpha.9
* Fri Jul 25 2025 Fedora Release Engineering <[email protected]> -
13.0.0~alpha.8-23
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
* Tue May 13 2025 Benjamin A. Beasley <[email protected]> -
13.0.0~alpha.8-22
- Remove no-longer-necessary .rpmlintrc file
* Mon Apr 14 2025 Benjamin A. Beasley <[email protected]> -
13.0.0~alpha.8-21
- Update etcetera to 0.10
--------------------------------------------------------------------------------
================================================================================
rust-tokei12-12.1.2-23.el9 (FEDORA-EPEL-2025-8ba8834520)
Count your code, quickly
--------------------------------------------------------------------------------
Update Information:
Update rust-tokei to 13.0.0~alpha.9, with minor enhancements. Update the License
expression for onefetch, and ship only the CLI tool, not the unused Rust
library. Build rust-tokei12 with rust-aho-corasick 1.x.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Oct 6 2025 Benjamin A. Beasley <[email protected]> - 12.1.2-23
- Update aho-corasick dependency to 1.0
- Fixes RHBZ#2401780
* Fri Jul 25 2025 Fedora Release Engineering <[email protected]> -
12.1.2-22
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
* Tue May 13 2025 Benjamin A. Beasley <[email protected]> - 12.1.2-21
- Update .rpmlintrc file for current rpmlint
--------------------------------------------------------------------------------
================================================================================
valkey-8.0.6-1.el9 (FEDORA-EPEL-2025-115d3a5484)
A persistent key-value database
--------------------------------------------------------------------------------
Update Information:
Valkey 8.0.6 - Released Fri 03 October 2025
Upgrade urgency SECURITY: This release includes security fixes we recommend you
apply as soon as possible.
Security fixes
CVE-2025-49844 A Lua script may lead to remote code execution
CVE-2025-46817 A Lua script may lead to integer overflow and potential RCE
CVE-2025-46818 A Lua script can be executed in the context of another user
CVE-2025-46819 LUA out-of-bound read
Bug fixes
Fix accounting for dual channel RDB bytes in replication stats (#2616)
Minor fix for dual rdb channel connection conn error log (#2658)
Fix unsigned difference expression compared to zero (#2101)
Valkey 8.0.5 - Released Thu 22 Aug 2025
Upgrade urgency SECURITY: This release includes security fixes we recommend you
apply as soon as possible.
Bug fixes
Fix clients remaining blocked when reprocessing commands after certain
blocking operations (#2109)
Fix a memory corruption issue in the sharded pub/sub unsubscribe logic (#2137)
Fix potential memory leak by ensuring module context is freed when aux_save2
callback writes no data (#2132)
Fix CLIENT UNBLOCK triggering unexpected errors when used on paused clients
(#2117)
Fix missing NULL check on SSL_new() when creating outgoing TLS connections
(#2140)
Fix incorrect casting of ping extension lengths to prevent silent packet drops
(#2144)
Fix replica failover stall due to outdated config epoch (#2178)
Fix incorrect port/tls-port info in CLUSTER SLOTS/CLUSTER NODES after
dynamic config change (#2186)
Ensure empty error tables in Lua scripts don't crash Valkey (#2229)
Fix client tracking memory overhead calculation (#2360)
Handle divergent shard-id from nodes.conf and reconcile to the primary node's
shard-id (#2174)
Fix pre-size hashtables per slot when reading RDB files (#2466)
Behavior changes
Trigger election immediately during a forced manual failover (CLUSTER
FAILOVER FORCE) to avoid delay (#1067)
Reset ongoing election state when initiating a new manual failover (#1274)
Logging and Tooling Improvements
Add support to drop all cluster packets (#1252)
Improve log clarity in failover auth denial message (#1341)
Security fixes
CVE-2025-27151: Check length of AOF file name in valkey-check-aof and reject
paths longer than PATH_MAX (#2146)
--------------------------------------------------------------------------------
ChangeLog:
* Sat Oct 4 2025 Remi Collet <[email protected]> - 8.0.6-1
- update to 8.0.6
fixes CVE-2025-49844 CVE-2025-46817 CVE-2025-46818 and CVE-2025-46819
- update documentation to 8.0.5
--------------------------------------------------------------------------------
--
_______________________________________________
epel-devel mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/[email protected]
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
