The following Fedora EPEL 9 Security updates need testing:
Age URL
5 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-aff6264b34
gi-docgen-2025.5-1.el9
The following builds have been pushed to Fedora EPEL 9 updates-testing
chromium-141.0.7390.107-1.el9
fluidsynth-2.4.8-1.el9
jd-core-1.1.3-1.el9
lemonldap-ng-2.22.0-1.el9
perl-YAML-Syck-1.36-1.el9
python-rcssmin-1.2.2-1.el9
rpkg-1.68-9.el9
rust-anyhow-1.0.100-1.el9
rust-stacker-0.1.22-1.el9
rust-tempfile-3.23.0-1.el9
rust-thiserror-2.0.17-1.el9
rust-thiserror-impl-2.0.17-1.el9
rust-toml_datetime-0.7.3-1.el9
rust-toml_parser-1.0.4-1.el9
rust-toml_writer-1.0.4-1.el9
steam-devices-1.0.0.101^git20250927.d3f7cd6-4.el9
Details about builds:
================================================================================
chromium-141.0.7390.107-1.el9 (FEDORA-EPEL-2025-fafce7c4ae)
A WebKit (Blink) powered web browser that Google doesn't want you to use
--------------------------------------------------------------------------------
Update Information:
Update 141.0.7390.107
* High CVE-2025-11756: Use after free in Safe Browsing
--------------------------------------------------------------------------------
ChangeLog:
* Wed Oct 15 2025 Than Ngo <[email protected]> - 141.0.7390.107-1
- Update 141.0.7390.107
* High CVE-2025-11756: Use after free in Safe Browsing
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2403507 - CVE-2025-11756 - Update chromium to 141.0.7390.107
[fedora-all, epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2403507
--------------------------------------------------------------------------------
================================================================================
fluidsynth-2.4.8-1.el9 (FEDORA-EPEL-2025-923f477a35)
Real-time software synthesizer
--------------------------------------------------------------------------------
Update Information:
Update to 2.4.8
Fix world writeable /run/lock/fluidsynth
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 16 2025 Christoph Karl <pampelmuse [AT] gmx [DOT] at> - 2.4.8-1
- Update to 2.4.8
- Fix world writeable /run/lock/fluidsynth
--------------------------------------------------------------------------------
================================================================================
jd-core-1.1.3-1.el9 (FEDORA-EPEL-2025-ecbdb92a69)
JD java decompiler library
--------------------------------------------------------------------------------
Update Information:
Merge branch 'rawhide' into epel10
--------------------------------------------------------------------------------
ChangeLog:
* Fri Oct 17 2025 Jiri Vanek <[email protected]> - 1.1.3-4
- RPMAUTOSPEC: unresolvable merge
--------------------------------------------------------------------------------
================================================================================
lemonldap-ng-2.22.0-1.el9 (FEDORA-EPEL-2025-e029737cf2)
Web Single Sign On (SSO) and Access Management
--------------------------------------------------------------------------------
Update Information:
Update to 2.22.0
See https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/releases/v2.22.0
--------------------------------------------------------------------------------
ChangeLog:
* Fri Oct 17 2025 Clement Oudot <[email protected]> - 2.22.0-1
- Update to 2.22.0
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2404716 - lemonldap-ng-2.22.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2404716
--------------------------------------------------------------------------------
================================================================================
perl-YAML-Syck-1.36-1.el9 (FEDORA-EPEL-2025-9c4456ae83)
Fast, lightweight YAML loader and dumper
--------------------------------------------------------------------------------
Update Information:
This update addresses a flaw in which processing a specially-crafted YAML
document could lead to accessing information outside of the document itself and
hence potential information disclosure.
--------------------------------------------------------------------------------
ChangeLog:
* Sat Oct 11 2025 Paul Howarth <[email protected]> - 1.36-1
- Update to 1.36
- Address memory corruption leading to 'str' value being set on empty keys
* Fri Oct 10 2025 Paul Howarth <[email protected]> - 1.35-1
- Update to 1.35
- Address parsing error related to string detection on read for empty strings
* Fri Jul 25 2025 Fedora Release Engineering <[email protected]> -
1.34-18
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
* Mon Jul 7 2025 Jitka Plesnikova <[email protected]> - 1.34-17
- Perl 5.42 rebuild
* Sat Jan 18 2025 Paul Howarth <[email protected]> - 1.34-16
- Build using -std=gnu17 since ancient code does not compile with -std=c23
* Sat Jan 18 2025 Fedora Release Engineering <[email protected]> -
1.34-15
- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
* Fri Jul 19 2024 Fedora Release Engineering <[email protected]> -
1.34-14
- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
* Mon Jun 10 2024 Jitka Plesnikova <[email protected]> - 1.34-13
- Perl 5.40 rebuild
* Thu Jan 25 2024 Fedora Release Engineering <[email protected]> -
1.34-12
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Sun Jan 21 2024 Fedora Release Engineering <[email protected]> -
1.34-11
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2404560 - CVE-2025-11683 perl-YAML-Syck: YAML::Syck potential
Information Disclosure [epel-9]
https://bugzilla.redhat.com/show_bug.cgi?id=2404560
--------------------------------------------------------------------------------
================================================================================
python-rcssmin-1.2.2-1.el9 (FEDORA-EPEL-2025-46b8bebe64)
CSS Minifier
--------------------------------------------------------------------------------
Update Information:
rcssmin 1.2.2
--------------------------------------------------------------------------------
ChangeLog:
* Fri Oct 17 2025 Mattias Ellert <[email protected]> - 1.2.2-1
- Update to version 1.2.2
* Fri Sep 19 2025 Python Maint <[email protected]> - 1.2.0-6
- Rebuilt for Python 3.14.0rc3 bytecode
* Fri Aug 15 2025 Python Maint <[email protected]> - 1.2.0-5
- Rebuilt for Python 3.14.0rc2 bytecode
* Fri Jul 25 2025 Fedora Release Engineering <[email protected]> -
1.2.0-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
* Mon Jun 2 2025 Python Maint <[email protected]> - 1.2.0-3
- Rebuilt for Python 3.14
* Sat Jan 18 2025 Fedora Release Engineering <[email protected]> -
1.2.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
* Fri Dec 20 2024 Michel Lind <[email protected]> - 1.2.0-1
- Update to version 1.2.0; Fixes: RHBZ#2333581
* Fri Jul 19 2024 Fedora Release Engineering <[email protected]> -
1.1.1-8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
* Fri Jun 7 2024 Python Maint <[email protected]> - 1.1.1-7
- Rebuilt for Python 3.13
* Fri Jan 26 2024 Fedora Release Engineering <[email protected]> -
1.1.1-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Mon Jan 22 2024 Fedora Release Engineering <[email protected]> -
1.1.1-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2403356 - python-rcssmin-1.2.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2403356
--------------------------------------------------------------------------------
================================================================================
rpkg-1.68-9.el9 (FEDORA-EPEL-2025-ee045b3ac9)
Python library for interacting with rpm+git
--------------------------------------------------------------------------------
Update Information:
Accept auto-generated sources in pre-push checks
--------------------------------------------------------------------------------
ChangeLog:
* Fri Oct 17 2025 LubomÃr SedláŠ<[email protected]> - 1.68-9
- Accept auto-generated sources in pre-push checks
* Fri Sep 19 2025 Python Maint <[email protected]> - 1.68-8
- Rebuilt for Python 3.14.0rc3 bytecode
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2403510 - rpkg: Teach pre-push check to ignore auto-generated
source files
https://bugzilla.redhat.com/show_bug.cgi?id=2403510
--------------------------------------------------------------------------------
================================================================================
rust-anyhow-1.0.100-1.el9 (FEDORA-EPEL-2025-f53f07fa9b)
Flexible concrete Error type built on std::error::Error
--------------------------------------------------------------------------------
Update Information:
1.0.100
Teach clippy to lint formatting arguments in bail!, ensure!, anyhow!
--------------------------------------------------------------------------------
ChangeLog:
* Fri Oct 17 2025 Benjamin A. Beasley <[email protected]> - 1.0.100-1
- Update to version 1.0.100; Fixes RHBZ#2396906
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2396906 - rust-anyhow-1.0.100 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2396906
--------------------------------------------------------------------------------
================================================================================
rust-stacker-0.1.22-1.el9 (FEDORA-EPEL-2025-8dbf74a07f)
Stack growth library useful when implementing deeply recursive algorithms
--------------------------------------------------------------------------------
Update Information:
Update to version 0.1.22.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Oct 17 2025 Fabio Valentini <[email protected]> - 0.1.22-1
- Update to version 0.1.22; Fixes RHBZ#2401189
* Fri Jul 25 2025 Fedora Release Engineering <[email protected]> -
0.1.21-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
rust-tempfile-3.23.0-1.el9 (FEDORA-EPEL-2025-e6373bd6e0)
Library for managing temporary files and directories
--------------------------------------------------------------------------------
Update Information:
Update to version 3.23.0.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Oct 17 2025 Fabio Valentini <[email protected]> - 3.23.0-1
- Update to version 3.23.0; Fixes RHBZ#2394110
--------------------------------------------------------------------------------
================================================================================
rust-thiserror-2.0.17-1.el9 (FEDORA-EPEL-2025-45ee3e1d63)
Derive(Error)
--------------------------------------------------------------------------------
Update Information:
thiserror / thiserror-impl 2.0.17
Use differently named __private module per patch release
--------------------------------------------------------------------------------
ChangeLog:
* Fri Oct 17 2025 Benjamin A. Beasley <[email protected]> - 2.0.17-1
- Update to version 2.0.17; Fixes RHBZ#2400023
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2400023 - rust-thiserror-2.0.17 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2400023
[ 2 ] Bug #2400024 - rust-thiserror-impl-2.0.17 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2400024
--------------------------------------------------------------------------------
================================================================================
rust-thiserror-impl-2.0.17-1.el9 (FEDORA-EPEL-2025-45ee3e1d63)
Implementation detail of the thiserror crate
--------------------------------------------------------------------------------
Update Information:
thiserror / thiserror-impl 2.0.17
Use differently named __private module per patch release
--------------------------------------------------------------------------------
ChangeLog:
* Fri Oct 17 2025 Benjamin A. Beasley <[email protected]> - 2.0.17-1
- Update to version 2.0.17; Fixes RHBZ#2400024
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2400023 - rust-thiserror-2.0.17 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2400023
[ 2 ] Bug #2400024 - rust-thiserror-impl-2.0.17 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2400024
--------------------------------------------------------------------------------
================================================================================
rust-toml_datetime-0.7.3-1.el9 (FEDORA-EPEL-2025-7d948eab9f)
TOML-compatible datetime type
--------------------------------------------------------------------------------
Update Information:
Update to version 0.7.3.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Oct 17 2025 Fabio Valentini <[email protected]> - 0.7.3-1
- Update to version 0.7.3; Fixes RHBZ#2395462
--------------------------------------------------------------------------------
================================================================================
rust-toml_parser-1.0.4-1.el9 (FEDORA-EPEL-2025-fd5ade1ff3)
Yet another format-preserving TOML parser
--------------------------------------------------------------------------------
Update Information:
Update to version 1.0.4.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Oct 17 2025 Fabio Valentini <[email protected]> - 1.0.4-1
- Update to version 1.0.4; Fixes RHBZ#2396580
--------------------------------------------------------------------------------
================================================================================
rust-toml_writer-1.0.4-1.el9 (FEDORA-EPEL-2025-1ea32961df)
Low-level interface for writing out TOML
--------------------------------------------------------------------------------
Update Information:
Update to version 1.0.4.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Oct 17 2025 Fabio Valentini <[email protected]> - 1.0.4-1
- Update to version 1.0.4; Fixes RHBZ#2396581
--------------------------------------------------------------------------------
================================================================================
steam-devices-1.0.0.101^git20250927.d3f7cd6-4.el9 (FEDORA-EPEL-2025-84ef270e2e)
Device support for Steam-related hardware
--------------------------------------------------------------------------------
Update Information:
Update to latest snapshot.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Oct 17 2025 Simone Caronni <[email protected]> -
1.0.0.101^git20250927.d3f7cd6-4
- Update to latest snapshot.
* Fri Jul 25 2025 Fedora Release Engineering <[email protected]> -
1.0.0.101^git20240522.e2971e4-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
--------------------------------------------------------------------------------
--
_______________________________________________
epel-devel mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/[email protected]
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
