The following Fedora EPEL 9 Security updates need testing:
Age URL
6 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-e1e7d2cc95
bird-3.1.4-1.el9
6 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-9a865f57f7
dnsdist-1.9.11-1.el9
4 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-ccbb79f04d
firebird-4.0.6.3221-1.1.el9
The following builds have been pushed to Fedora EPEL 9 updates-testing
apptainer-1.4.3-1.el9
civetweb-1.16-10.el9
clifm-1.26.3-1.el9
ganglia-3.7.2-62.el9
java-latest-openjdk-25.0.0.0.36-0.3.el9
postgresql16-anonymizer-2.4.1-3.el9
python-cucumber-expressions-18.0.1-2.el9
rust-moka-0.12.11-4.el9
rust-munge-0.4.7-1.el9
rust-munge_macro-0.4.7-1.el9
rust-rancor-0.1.1-1.el9
Details about builds:
================================================================================
apptainer-1.4.3-1.el9 (FEDORA-EPEL-2025-353441fbbe)
Application and environment virtualization formerly known as Singularity
--------------------------------------------------------------------------------
Update Information:
Update to upstream 1.4.3, fix CVE-2025-58058
--------------------------------------------------------------------------------
ChangeLog:
* Mon Sep 29 2025 Dave Dykstra <[email protected]> - 1.4.3
- Update to upstream 1.4.3
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2391600 - CVE-2025-58058 apptainer: github.com/ulikunitz/xz leaks
memory [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2391600
[ 2 ] Bug #2391608 - CVE-2025-58058 apptainer: github.com/ulikunitz/xz leaks
memory [epel-8]
https://bugzilla.redhat.com/show_bug.cgi?id=2391608
[ 3 ] Bug #2391610 - CVE-2025-58058 apptainer: github.com/ulikunitz/xz leaks
memory [epel-9]
https://bugzilla.redhat.com/show_bug.cgi?id=2391610
[ 4 ] Bug #2391617 - CVE-2025-58058 apptainer: github.com/ulikunitz/xz leaks
memory [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2391617
[ 5 ] Bug #2391646 - CVE-2025-58058 apptainer: github.com/ulikunitz/xz leaks
memory [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2391646
[ 6 ] Bug #2398283 - CVE-2025-47910 apptainer: CrossOriginProtection bypass
in net/http [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2398283
[ 7 ] Bug #2398318 - CVE-2025-47910 apptainer: CrossOriginProtection bypass
in net/http [epel-8]
https://bugzilla.redhat.com/show_bug.cgi?id=2398318
[ 8 ] Bug #2398338 - CVE-2025-47910 apptainer: CrossOriginProtection bypass
in net/http [epel-9]
https://bugzilla.redhat.com/show_bug.cgi?id=2398338
[ 9 ] Bug #2400161 - apptainer-1.4.3 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2400161
--------------------------------------------------------------------------------
================================================================================
civetweb-1.16-10.el9 (FEDORA-EPEL-2025-432b5609c3)
Embedded C/C++ web server
--------------------------------------------------------------------------------
Update Information:
civetweb-1.16, rhbz#2400164
--------------------------------------------------------------------------------
ChangeLog:
* Mon Sep 29 2025 Kaleb S. KEITHLEY <kkeithle at redhat.com> - 1.16-9
- civetweb 1.16, rhbz#2400164
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2400164 - CVE-2025-9648 civetweb: Denial of Service in CivetWeb
[epel-9]
https://bugzilla.redhat.com/show_bug.cgi?id=2400164
--------------------------------------------------------------------------------
================================================================================
clifm-1.26.3-1.el9 (FEDORA-EPEL-2025-91d7bbc6c0)
Shell-like, command line terminal file manager
--------------------------------------------------------------------------------
Update Information:
update to 1.26.3
--------------------------------------------------------------------------------
ChangeLog:
* Mon Sep 29 2025 Jonathan Wright <[email protected]> - 1.26.3-1
- update to 1.26.3 rhbz#2400032
* Wed Jul 23 2025 Fedora Release Engineering <[email protected]> - 1.26-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
ganglia-3.7.2-62.el9 (FEDORA-EPEL-2025-1e89f443b0)
Distributed Monitoring System
--------------------------------------------------------------------------------
Update Information:
Fix TZ issue in web subpackage and add epel10 support.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Sep 29 2025 Terje Rosten <[email protected]> - 3.7.2-62
- Some refactoring
* Sun Sep 28 2025 Terje Rosten <[email protected]> - 3.7.2-61
- Port to epel10
- Add TZ patches
- Remove legacy libart_lgpl-devel buildreq
- Fix URL
* Wed Jul 23 2025 Fedora Release Engineering <[email protected]> -
3.7.2-60
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
* Mon Jun 2 2025 Python Maint <[email protected]> - 3.7.2-59
- Rebuilt for Python 3.14
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2370959 - Request to build ganglia for EPEL10.0
https://bugzilla.redhat.com/show_bug.cgi?id=2370959
--------------------------------------------------------------------------------
================================================================================
java-latest-openjdk-25.0.0.0.36-0.3.el9 (FEDORA-EPEL-2025-adb7f36d3a)
OpenJDK 25 Runtime Environment
--------------------------------------------------------------------------------
Update Information:
bumped laates to 25 and aligned 25 to be more compatible with lates when on same
version
--------------------------------------------------------------------------------
ChangeLog:
* Mon Sep 29 2025 Jiri Vanek <[email protected]> - 1:25.0.0.0.36-4
- RPMAUTOSPEC: unresolvable merge
--------------------------------------------------------------------------------
================================================================================
postgresql16-anonymizer-2.4.1-3.el9 (FEDORA-EPEL-2025-2c5c2c95fd)
Mask or replace personally identifiable information (PII) or sensitive data
--------------------------------------------------------------------------------
Update Information:
From the upstream changelog:
Introduce Selective Masking
Introduce new shift/xor functions
Prevent masked users from brute forcing the pseudonymizing functions
Remove search_path spec in anonymize_database()
Otherwise:
Enabled ppc64le builds as they now work
--------------------------------------------------------------------------------
ChangeLog:
* Mon Sep 29 2025 Petr Khartskhaev <[email protected]> - 2.4.1-3
- RPMAUTOSPEC: unresolvable merge
--------------------------------------------------------------------------------
================================================================================
python-cucumber-expressions-18.0.1-2.el9 (FEDORA-EPEL-2025-6b5ccc6d1e)
Cucumber Expressions - a simpler alternative to Regular Expressions
--------------------------------------------------------------------------------
Update Information:
Initial package
--------------------------------------------------------------------------------
ChangeLog:
* Mon Sep 29 2025 Benjamin A. Beasley <[email protected]> - 18.0.1-2
- Backport to EPEL10/EPEL9
* Mon Sep 29 2025 Benjamin A. Beasley <[email protected]>
- Initial package (close RHBZ#2394793)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2394793 - Review Request: python-cucumber-expressions - Cucumber
Expressions - a simpler alternative to Regular Expressions
https://bugzilla.redhat.com/show_bug.cgi?id=2394793
--------------------------------------------------------------------------------
================================================================================
rust-moka-0.12.11-4.el9 (FEDORA-EPEL-2025-59dbe62001)
Fast and concurrent cache library inspired by Java Caffeine
--------------------------------------------------------------------------------
Update Information:
Update to version 0.12.11
--------------------------------------------------------------------------------
ChangeLog:
* Sun Sep 28 2025 Benjamin A. Beasley <[email protected]> - 0.12.11-4
- Fix upstream bug link
* Sun Sep 28 2025 Benjamin A. Beasley <[email protected]> - 0.12.11-3
- Report ensure_gc_runs_when_dropping_cache flakes upstream
* Sun Sep 28 2025 Benjamin A. Beasley <[email protected]> - 0.12.11-2
- Still skip ensure_gc_runs_when_dropping_cache
* Wed Sep 24 2025 Benjamin A. Beasley <[email protected]> - 0.12.11-1
- Update to version 0.12.11; Fixes RHBZ#2397637
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2397637 - rust-moka-0.12.11 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2397637
--------------------------------------------------------------------------------
================================================================================
rust-munge-0.4.7-1.el9 (FEDORA-EPEL-2025-1f28ad7cb7)
Macro for custom destructuring
--------------------------------------------------------------------------------
Update Information:
Update munge/munge_macro to 0.4.7. These releases contain trivial source-code
changes to support an upstream CI fix.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Sep 29 2025 Benjamin A. Beasley <[email protected]> - 0.4.7-1
- Update to version 0.4.7; Fix RHBZ#2400134
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2400134 - rust-munge-0.4.7 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2400134
[ 2 ] Bug #2400135 - rust-munge_macro-0.4.7 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2400135
--------------------------------------------------------------------------------
================================================================================
rust-munge_macro-0.4.7-1.el9 (FEDORA-EPEL-2025-1f28ad7cb7)
Macro for custom destructuring
--------------------------------------------------------------------------------
Update Information:
Update munge/munge_macro to 0.4.7. These releases contain trivial source-code
changes to support an upstream CI fix.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Sep 29 2025 Benjamin A. Beasley <[email protected]> - 0.4.7-1
- Update to version 0.4.7; Fix RHBZ#2400135
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2400134 - rust-munge-0.4.7 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2400134
[ 2 ] Bug #2400135 - rust-munge_macro-0.4.7 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2400135
--------------------------------------------------------------------------------
================================================================================
rust-rancor-0.1.1-1.el9 (FEDORA-EPEL-2025-c015d12a59)
Scalable and efficient error handling without type composition
--------------------------------------------------------------------------------
Update Information:
Update to version 0.1.1; Fixes RHBZ#2400154
This update contains only a trivial source change as part of an upstream CI fix.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Sep 29 2025 Benjamin A. Beasley <[email protected]> - 0.1.1-1
- Update to version 0.1.1; Fixes RHBZ#2400154
* Fri Jul 25 2025 Fedora Release Engineering <[email protected]> -
0.1.0-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
* Tue May 13 2025 Benjamin A. Beasley <[email protected]> - 0.1.0-4
- Re-generate with rust2rpm 27
* Tue May 13 2025 Benjamin A. Beasley <[email protected]> - 0.1.0-3
- Remove no-longer-necessary .rpmlintrc file
* Sun Jan 19 2025 Fedora Release Engineering <[email protected]> -
0.1.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2400154 - rust-rancor-0.1.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2400154
--------------------------------------------------------------------------------
--
_______________________________________________
epel-devel mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/[email protected]
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
