The following Fedora EPEL 9 Security updates need testing:
Age URL
5 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-aff6264b34
gi-docgen-2025.5-1.el9
0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-fafce7c4ae
chromium-141.0.7390.107-1.el9
0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-9c4456ae83
perl-YAML-Syck-1.36-1.el9
0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-923f477a35
fluidsynth-2.4.8-1.el9
The following builds have been pushed to Fedora EPEL 9 updates-testing
python-sqlparse-0.4.2-14.el9
Details about builds:
================================================================================
python-sqlparse-0.4.2-14.el9 (FEDORA-EPEL-2025-cf5aa6c3bb)
Non-validating SQL parser for Python
--------------------------------------------------------------------------------
Update Information:
This update backports the upstream fixes for CVE-2023-30608 and CVE-2024-4340.
It also enables the test suite and corrects the SPDX license identifier.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 9 2025 Carl George <[email protected]> - 0.4.2-14
- Switch to correct SPDX license
- Enable tests
- Backport patch to fix CVE-2023-30608
- Backport patch to fix CVE-2024-4340
* Sat Jan 18 2025 Fedora Release Engineering <[email protected]> -
0.4.2-13
- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
* Wed Sep 4 2024 Miroslav Suchý <[email protected]> - 0.4.2-12
- convert license to SPDX
* Fri Jul 19 2024 Fedora Release Engineering <[email protected]> -
0.4.2-11
- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
* Fri Jun 7 2024 Python Maint <[email protected]> - 0.4.2-10
- Rebuilt for Python 3.13
* Fri Jan 26 2024 Fedora Release Engineering <[email protected]> -
0.4.2-9
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Mon Jan 22 2024 Fedora Release Engineering <[email protected]> -
0.4.2-8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2402810 - CVE-2023-30608 python-sqlparse: sqlparse: Parser
contains a regular expression that is vulnerable to ReDOS (Regular Expression
Denial of Service) [epel-9]
https://bugzilla.redhat.com/show_bug.cgi?id=2402810
[ 2 ] Bug #2402811 - CVE-2024-4340 python-sqlparse: sqlparse: parsing heavily
nested list leads to denial of service [epel-9]
https://bugzilla.redhat.com/show_bug.cgi?id=2402811
--------------------------------------------------------------------------------
--
_______________________________________________
epel-devel mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/[email protected]
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
