The following Fedora EPEL 10.2 Security updates need testing:
Age URL
6 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-c6fbad96c4
python-nh3-0.2.21-2.el10_2 rust-ammonia-4.0.1-1.el10_2
6 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-7209d59fc3
dnsdist-2.0.1-1.el10_2
6 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-74dfc689e4
bird-3.1.4-1.el10_2
5 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-37d065cdf4
rust-astral-tokio-tar-0.5.5-1.el10_2 uv-0.8.11-4.el10_2
4 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-c693c72050
mupdf-1.25.4-3.el10_2
The following builds have been pushed to Fedora EPEL 10.2 updates-testing
apptainer-1.4.3-1.el10_2
civetweb-1.16-10.el10_2
clifm-1.26.3-1.el10_2
cowsay-3.8.4-3.el10_2
ganglia-3.7.2-62.el10_2
perl-GooCanvas2-0.06-23.el10_2
perl-Gtk3-0.038-18.el10_2
python-cucumber-tag-expressions-6.2.0-2.el10_2
python-gitlab-6.4.0-1.el10_2
ramalama-0.12.3-1.el10_2
rust-munge-0.4.7-1.el10_2
rust-munge_macro-0.4.7-1.el10_2
rust-rancor-0.1.1-1.el10_2
Details about builds:
================================================================================
apptainer-1.4.3-1.el10_2 (FEDORA-EPEL-2025-8e4a1e1aa8)
Application and environment virtualization formerly known as Singularity
--------------------------------------------------------------------------------
Update Information:
Update to upstream 1.4.3, fix CVE-2025-58058
--------------------------------------------------------------------------------
ChangeLog:
* Mon Sep 29 2025 Dave Dykstra <[email protected]> - 1.4.3
- Update to upstream 1.4.3
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2391600 - CVE-2025-58058 apptainer: github.com/ulikunitz/xz leaks
memory [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2391600
[ 2 ] Bug #2391608 - CVE-2025-58058 apptainer: github.com/ulikunitz/xz leaks
memory [epel-8]
https://bugzilla.redhat.com/show_bug.cgi?id=2391608
[ 3 ] Bug #2391610 - CVE-2025-58058 apptainer: github.com/ulikunitz/xz leaks
memory [epel-9]
https://bugzilla.redhat.com/show_bug.cgi?id=2391610
[ 4 ] Bug #2391617 - CVE-2025-58058 apptainer: github.com/ulikunitz/xz leaks
memory [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2391617
[ 5 ] Bug #2391646 - CVE-2025-58058 apptainer: github.com/ulikunitz/xz leaks
memory [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2391646
[ 6 ] Bug #2398283 - CVE-2025-47910 apptainer: CrossOriginProtection bypass
in net/http [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2398283
[ 7 ] Bug #2398318 - CVE-2025-47910 apptainer: CrossOriginProtection bypass
in net/http [epel-8]
https://bugzilla.redhat.com/show_bug.cgi?id=2398318
[ 8 ] Bug #2398338 - CVE-2025-47910 apptainer: CrossOriginProtection bypass
in net/http [epel-9]
https://bugzilla.redhat.com/show_bug.cgi?id=2398338
[ 9 ] Bug #2400161 - apptainer-1.4.3 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2400161
--------------------------------------------------------------------------------
================================================================================
civetweb-1.16-10.el10_2 (FEDORA-EPEL-2025-d7b9142939)
Embedded C/C++ web server
--------------------------------------------------------------------------------
Update Information:
civetweb-1.16, rhbz#2400162
--------------------------------------------------------------------------------
ChangeLog:
* Mon Sep 29 2025 Kaleb S. KEITHLEY <kkeithle at redhat.com> - 1.16-10
- civetweb 1.16, rhbz#2400162
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2400162 - CVE-2025-9648 civetweb: Denial of Service in CivetWeb
[epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2400162
--------------------------------------------------------------------------------
================================================================================
clifm-1.26.3-1.el10_2 (FEDORA-EPEL-2025-5f80e3f2db)
Shell-like, command line terminal file manager
--------------------------------------------------------------------------------
Update Information:
update to 1.26.3
--------------------------------------------------------------------------------
ChangeLog:
* Mon Sep 29 2025 Jonathan Wright <[email protected]> - 1.26.3-1
- update to 1.26.3 rhbz#2400032
* Wed Jul 23 2025 Fedora Release Engineering <[email protected]> - 1.26-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
cowsay-3.8.4-3.el10_2 (FEDORA-EPEL-2025-afe1180443)
Configurable speaking/thinking cow
--------------------------------------------------------------------------------
Update Information:
Initial EL-10 build
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jul 23 2025 Fedora Release Engineering <[email protected]> -
3.8.4-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
* Thu Jan 16 2025 Fedora Release Engineering <[email protected]> -
3.8.4-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
* Mon Dec 2 2024 Gwyn Ciesla <[email protected]> - 3.8.4-1
- 3.8.4
* Thu Aug 22 2024 Gwyn Ciesla <[email protected]> - 3.8.3-1
- 3.8.3
* Tue Aug 20 2024 Gwyn Ciesla <[email protected]> - 3.8.2-1
- 3.8.2
* Thu Aug 8 2024 Hans Ulrich Niedermann <[email protected]> - 3.8.1-2
- Install CHANGELOG.md doc file
* Thu Aug 8 2024 Gwyn Ciesla <[email protected]> - 3.8.1-1
- 3.8.1
* Wed Jul 17 2024 Fedora Release Engineering <[email protected]> -
3.7.0-14
- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
* Mon Mar 18 2024 Gwyn Ciesla <[email protected]> - 3.7.0-13
- BR fix for bash-completion
* Wed Jan 24 2024 Fedora Release Engineering <[email protected]> -
3.7.0-12
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Fri Jan 19 2024 Fedora Release Engineering <[email protected]> -
3.7.0-11
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Thu Jan 18 2024 Perry Myers <[email protected]> - 3.7.0-10
- Remove some additional tasteless content missed before
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2399885 - Please branch and build cowsay in epel10
https://bugzilla.redhat.com/show_bug.cgi?id=2399885
--------------------------------------------------------------------------------
================================================================================
ganglia-3.7.2-62.el10_2 (FEDORA-EPEL-2025-b4305a1fe6)
Distributed Monitoring System
--------------------------------------------------------------------------------
Update Information:
Fix TZ issue in web subpackage and add epel10 support.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Sep 29 2025 Terje Rosten <[email protected]> - 3.7.2-62
- Some refactoring
* Sun Sep 28 2025 Terje Rosten <[email protected]> - 3.7.2-61
- Port to epel10
- Add TZ patches
- Remove legacy libart_lgpl-devel buildreq
- Fix URL
* Wed Jul 23 2025 Fedora Release Engineering <[email protected]> -
3.7.2-60
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
* Mon Jun 2 2025 Python Maint <[email protected]> - 3.7.2-59
- Rebuilt for Python 3.14
* Sat Apr 5 2025 Terje Rosten <[email protected]> - 3.7.2-58
- Follow PHP quote rules
* Sat Mar 29 2025 Terje Rosten <[email protected]> - 3.7.2-57
- Use sysusers on FC43+
- Fix changelog
* Thu Jan 16 2025 Fedora Release Engineering <[email protected]> -
3.7.2-56
- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
* Mon Nov 4 2024 Terje Rosten <[email protected]> - 3.7.2-55
- Add forgotten int() conversion patch
* Tue Oct 15 2024 Terje Rosten <[email protected]> - 3.7.2-54
- Various fixes to improve Python 3 support
- Add back regex support on Fedora (patch from Debian, thanks!)
* Sat Sep 28 2024 Terje Rosten <[email protected]> - 3.7.2-53
- Add patch to improve compat with PHP 8
* Wed Aug 28 2024 Miroslav Suchý <[email protected]> - 3.7.2-52
- convert license to SPDX
* Wed Jul 17 2024 Fedora Release Engineering <[email protected]> -
3.7.2-51
- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
* Mon Jun 24 2024 Terje Rosten <[email protected]> - 3.7.2-50
- Various fixes to add Python 3 support for Fedora 40+
* Tue Jun 11 2024 Tom Crane <[email protected]> - 3.7.2-49
- Update gmond for Python3 modules support
* Sun Mar 10 2024 Terje Rosten <[email protected]> - 3.7.2-48
- Update to commit 185ab6b
* Sun Mar 3 2024 Terje Rosten <[email protected]> - 3.7.2-47
- Add more PHP8 patches
* Sat Feb 24 2024 Terje Rosten <[email protected]> - 3.7.2-46
- Upgrade to ganglia web 3.7.6
* Mon Feb 5 2024 Terje Rosten <[email protected]> - 3.7.2-45
- Fix GCC 14 issue
* Wed Jan 24 2024 Fedora Release Engineering <[email protected]> -
3.7.2-44
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Fri Jan 19 2024 Fedora Release Engineering <[email protected]> -
3.7.2-43
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2370959 - Request to build ganglia for EPEL10.0
https://bugzilla.redhat.com/show_bug.cgi?id=2370959
--------------------------------------------------------------------------------
================================================================================
perl-GooCanvas2-0.06-23.el10_2 (FEDORA-EPEL-2025-a92a01c3f1)
Perl binding for GooCanvas2 widget using Glib::Object::Introspection
--------------------------------------------------------------------------------
Update Information:
This update brings a new perl-GooCanvas2 package, a Perl binding to GooCanvas2
GTK widget.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jul 25 2025 Fedora Release Engineering <[email protected]> -
0.06-23
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
* Sat Jan 18 2025 Fedora Release Engineering <[email protected]> -
0.06-22
- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
* Fri Jul 19 2024 Fedora Release Engineering <[email protected]> -
0.06-21
- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
* Thu Jan 25 2024 Fedora Release Engineering <[email protected]> -
0.06-20
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Sun Jan 21 2024 Fedora Release Engineering <[email protected]> -
0.06-19
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2370003 - Add perl-GooCanvas2 to EPEL 10 and 10.0
https://bugzilla.redhat.com/show_bug.cgi?id=2370003
--------------------------------------------------------------------------------
================================================================================
perl-Gtk3-0.038-18.el10_2 (FEDORA-EPEL-2025-b30981a7ed)
Perl interface to the 3.x series of the GTK+ toolkit
--------------------------------------------------------------------------------
Update Information:
This update brings a new perl-Gtk3 package, a Perl binding to GTK3 library.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jul 25 2025 Fedora Release Engineering <[email protected]> -
0.038-18
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
* Wed Jun 4 2025 Petr Pisar <[email protected]> - 0.038-17
- Run tests also against Wayland
* Mon May 12 2025 Petr Pisar <[email protected]> - 0.038-16
- Correct a list of build dependencies
* Sat Jan 18 2025 Fedora Release Engineering <[email protected]> -
0.038-15
- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
* Thu Aug 8 2024 Petr Pisar <[email protected]> - 0.038-14
- gdk-pixbuf2-modules-extra is needed for the packaged tests (rhbz#2278602)
* Fri Jul 26 2024 Benjamin Gilbert <[email protected]> - 0.038-13
- BR gdk-pixbuf2-modules-extra on F41+ to fix XPM tests (rhbz#2278602)
* Fri Jul 19 2024 Fedora Release Engineering <[email protected]> -
0.038-12
- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
* Thu Jan 25 2024 Fedora Release Engineering <[email protected]> -
0.038-11
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Sun Jan 21 2024 Fedora Release Engineering <[email protected]> -
0.038-10
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2370008 - Add perl-Gtk3 to EPEL 10 and 10.0
https://bugzilla.redhat.com/show_bug.cgi?id=2370008
--------------------------------------------------------------------------------
================================================================================
python-cucumber-tag-expressions-6.2.0-2.el10_2 (FEDORA-EPEL-2025-64b3a8b2ed)
Provides a tag-expression parser and evaluation logic for cucumber/behave
--------------------------------------------------------------------------------
Update Information:
Initial package
--------------------------------------------------------------------------------
ChangeLog:
* Sun Sep 28 2025 Benjamin A. Beasley <[email protected]> - 6.2.0-2
- Backport to EPEL10
* Sun Sep 28 2025 Benjamin A. Beasley <[email protected]>
- Initial package (close RHBZ#2394789)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2394789 - Review Request: python-cucumber-tag-expressions -
Provides a tag-expression parser and evaluation logic for cucumber/behave
https://bugzilla.redhat.com/show_bug.cgi?id=2394789
--------------------------------------------------------------------------------
================================================================================
python-gitlab-6.4.0-1.el10_2 (FEDORA-EPEL-2025-8c8212c570)
Interact with GitLab API
--------------------------------------------------------------------------------
Update Information:
Automatic update for python-gitlab-6.4.0-1.el10_2.
Changelog for python-gitlab
* Sun Sep 28 2025 Packit <[email protected]> - 6.4.0-1
- Update to 6.4.0 upstream release
- Resolves: rhbz#2399952
* Mon Jul 28 2025 Packit <[email protected]> - 6.2.0-1
- Update to 6.2.0 upstream release
- Resolves: rhbz#2383802
* Sat Jun 28 2025 Packit <[email protected]> - 6.1.0-1
- Update to 6.1.0 upstream release
- Resolves: rhbz#2375297
--------------------------------------------------------------------------------
ChangeLog:
* Sun Sep 28 2025 Packit <[email protected]> - 6.4.0-1
- Update to 6.4.0 upstream release
- Resolves: rhbz#2399952
* Mon Jul 28 2025 Packit <[email protected]> - 6.2.0-1
- Update to 6.2.0 upstream release
- Resolves: rhbz#2383802
* Sat Jun 28 2025 Packit <[email protected]> - 6.1.0-1
- Update to 6.1.0 upstream release
- Resolves: rhbz#2375297
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2375297 - python-gitlab-6.1.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2375297
[ 2 ] Bug #2383802 - python-gitlab-6.2.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2383802
[ 3 ] Bug #2399952 - python-gitlab-6.4.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2399952
--------------------------------------------------------------------------------
================================================================================
ramalama-0.12.3-1.el10_2 (FEDORA-EPEL-2025-f122c02d94)
Command line tool for working with AI LLM models
--------------------------------------------------------------------------------
Update Information:
Automatic update for ramalama-0.12.3-1.el10_2.
Changelog for ramalama
* Sun Sep 28 2025 Packit <[email protected]> - 0.12.3-1
- Update to 0.12.3 upstream release
--------------------------------------------------------------------------------
ChangeLog:
* Sun Sep 28 2025 Packit <[email protected]> - 0.12.3-1
- Update to 0.12.3 upstream release
--------------------------------------------------------------------------------
================================================================================
rust-munge-0.4.7-1.el10_2 (FEDORA-EPEL-2025-595fa889f5)
Macro for custom destructuring
--------------------------------------------------------------------------------
Update Information:
Update munge/munge_macro to 0.4.7. These releases contain trivial source-code
changes to support an upstream CI fix.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Sep 29 2025 Benjamin A. Beasley <[email protected]> - 0.4.7-1
- Update to version 0.4.7; Fix RHBZ#2400134
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2400134 - rust-munge-0.4.7 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2400134
[ 2 ] Bug #2400135 - rust-munge_macro-0.4.7 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2400135
--------------------------------------------------------------------------------
================================================================================
rust-munge_macro-0.4.7-1.el10_2 (FEDORA-EPEL-2025-595fa889f5)
Macro for custom destructuring
--------------------------------------------------------------------------------
Update Information:
Update munge/munge_macro to 0.4.7. These releases contain trivial source-code
changes to support an upstream CI fix.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Sep 29 2025 Benjamin A. Beasley <[email protected]> - 0.4.7-1
- Update to version 0.4.7; Fix RHBZ#2400135
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2400134 - rust-munge-0.4.7 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2400134
[ 2 ] Bug #2400135 - rust-munge_macro-0.4.7 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2400135
--------------------------------------------------------------------------------
================================================================================
rust-rancor-0.1.1-1.el10_2 (FEDORA-EPEL-2025-c9b9f34da7)
Scalable and efficient error handling without type composition
--------------------------------------------------------------------------------
Update Information:
Update to version 0.1.1; Fixes RHBZ#2400154
This update contains only a trivial source change as part of an upstream CI fix.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Sep 29 2025 Benjamin A. Beasley <[email protected]> - 0.1.1-1
- Update to version 0.1.1; Fixes RHBZ#2400154
* Fri Jul 25 2025 Fedora Release Engineering <[email protected]> -
0.1.0-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
* Tue May 13 2025 Benjamin A. Beasley <[email protected]> - 0.1.0-4
- Re-generate with rust2rpm 27
* Tue May 13 2025 Benjamin A. Beasley <[email protected]> - 0.1.0-3
- Remove no-longer-necessary .rpmlintrc file
* Sun Jan 19 2025 Fedora Release Engineering <[email protected]> -
0.1.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2400154 - rust-rancor-0.1.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2400154
--------------------------------------------------------------------------------
--
_______________________________________________
epel-devel mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/[email protected]
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
