The following Fedora EPEL 10.2 Security updates need testing:
Age URL
4 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-eff0fea032
mbedtls-3.6.5-1.el10_2
3 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-64e93556d0
gh-2.83.0-1.el10_2
3 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-7a8a4f68b8
lasso-2.9.0-1.el10_2
2 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-dbde6d0928
ruff-0.14.3-1.el10_2 rust-get-size-derive2-0.7.1-1.el10_2
rust-get-size2-0.7.1-1.el10_2 rust-regex-1.12.2-1.el10_2
rust-regex-automata-0.4.13-1.el10_2 rust-reqsign-0.18.1-1.el10_2
rust-reqsign-aws-v4-2.0.1-1.el10_2
rust-reqsign-command-execute-tokio-2.0.1-1.el10_2
rust-reqsign-core-2.0.1-1.el10_2 rust-reqsign-file-read-tokio-2.0.1-1.el10_2
rust-reqsign-http-send-reqwest-2.0.1-1.el10_2 uv-0.9.7-2.el10_2
2 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-253e2f06c2
opentofu-1.10.7-1.el10_2
The following builds have been pushed to Fedora EPEL 10.2 updates-testing
chromium-142.0.7444.134-1.el10_2
clinfo-3.0.25.02.14-1.el10_2
darkhttpd-1.17-2.el10_2
ioping-1.3-9.el10_2
parallel-20251022-1.el10_2
pre-commit-4.4.0-1.el10_2
python-pdfminer-20251107-1.el10_2
pythoncapi-compat-0^20251108.11cb80f-1.el10_2
ruby-build-20251023-1.el10_2
rust-confy-0.4.0-14.el10_2
rust-jiff-0.2.16-1.el10_2
xe-guest-utilities-latest-8.4.0-8.el10_2
Details about builds:
================================================================================
chromium-142.0.7444.134-1.el10_2 (FEDORA-EPEL-2025-bcf0aee791)
A WebKit (Blink) powered web browser that Google doesn't want you to use
--------------------------------------------------------------------------------
Update Information:
Update to 142.0.7444.134
* High CVE-2025-12725: Out of bounds write in WebGPU
* High CVE-2025-12726: Inappropriate implementation in Views
* High CVE-2025-12727: Inappropriate implementation in V8
* Medium CVE-2025-12728: Inappropriate implementation in Omnibox
* Medium CVE-2025-12729: Inappropriate implementation in Omnibox
--------------------------------------------------------------------------------
ChangeLog:
* Thu Nov 6 2025 Than Ngo <[email protected]> - 142.0.7444.134-1
- Update to 142.0.7444.134
* High CVE-2025-12725: Out of bounds write in WebGPU
* High CVE-2025-12726: Inappropriate implementation in Views
* High CVE-2025-12727: Inappropriate implementation in V8
* Medium CVE-2025-12728: Inappropriate implementation in Omnibox
* Medium CVE-2025-12729: Inappropriate implementation in Omnibox
* Wed Nov 5 2025 Dominik Mierzejewski <[email protected]> -
142.0.7444.59-2
- Rebuilt for FFmpeg 8
--------------------------------------------------------------------------------
================================================================================
clinfo-3.0.25.02.14-1.el10_2 (FEDORA-EPEL-2025-b4af57dab3)
Enumerate OpenCL platforms and devices
--------------------------------------------------------------------------------
Update Information:
update clinfo to 3.0.25.02.14
--------------------------------------------------------------------------------
ChangeLog:
* Sat Nov 8 2025 Filipe Rosset <[email protected]> - 3.0.25.02.14-1
- update to 3.0.25.02.14
* Wed Jul 23 2025 Fedora Release Engineering <[email protected]> -
3.0.23.01.25-8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
* Thu Jan 16 2025 Fedora Release Engineering <[email protected]> -
3.0.23.01.25-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
darkhttpd-1.17-2.el10_2 (FEDORA-EPEL-2025-e63865680e)
Secure, lightweight, fast, single-threaded HTTP/1.1 server
--------------------------------------------------------------------------------
Update Information:
update to 1.17 fix rhbz#2383212
opt-in to autochangelog
fix postrun scriptlet warning during rpm update
--------------------------------------------------------------------------------
ChangeLog:
* Sat Nov 8 2025 Filipe Rosset <[email protected]> - 1.17-2
- fix postrun scriptlet warning during rpm update
* Sat Nov 8 2025 Filipe Rosset <[email protected]> - 1.17-1
- update to 1.17 fix rhbz#2383212
* Wed Jul 23 2025 Fedora Release Engineering <[email protected]> - 1.16-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
* Thu Jan 16 2025 Fedora Release Engineering <[email protected]> - 1.16-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
* Wed Aug 28 2024 Miroslav Suchý <[email protected]> - 1.16-2
- convert license to SPDX
* Thu Jul 18 2024 Filipe Rosset <[email protected]> - 1.16-1
- Update to 1.16 fixes rhbz#2259096
* Wed Jul 17 2024 Fedora Release Engineering <[email protected]> - 1.14-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
* Wed Jan 24 2024 Fedora Release Engineering <[email protected]> - 1.14-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Fri Jan 19 2024 Fedora Release Engineering <[email protected]> - 1.14-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2383212 - darkhttpd-1.17 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2383212
--------------------------------------------------------------------------------
================================================================================
ioping-1.3-9.el10_2 (FEDORA-EPEL-2025-529f77b231)
Simple disk I/O latency monitoring tool
--------------------------------------------------------------------------------
Update Information:
ioping lets you monitor I/O latency in real time. It shows disk latency in
the same way as ping shows network latency.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Jul 24 2025 Fedora Release Engineering <[email protected]> - 1.3-9
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
* Fri Jan 17 2025 Fedora Release Engineering <[email protected]> - 1.3-8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
* Thu Jul 25 2024 Miroslav Suchý <[email protected]> - 1.3-7
- convert GPLv3+ license to SPDX
* Thu Jul 18 2024 Fedora Release Engineering <[email protected]> - 1.3-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
* Wed Jan 24 2024 Fedora Release Engineering <[email protected]> - 1.3-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Sat Jan 20 2024 Fedora Release Engineering <[email protected]> - 1.3-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2396028 - Please branch and build ioping in epel10
https://bugzilla.redhat.com/show_bug.cgi?id=2396028
--------------------------------------------------------------------------------
================================================================================
parallel-20251022-1.el10_2 (FEDORA-EPEL-2025-6ab8b45825)
Shell tool for executing jobs in parallel
--------------------------------------------------------------------------------
Update Information:
Update to 20251022
--------------------------------------------------------------------------------
ChangeLog:
* Sat Nov 8 2025 Mikel Olasagasti Uranga <[email protected]> - 20251022-1
- Update to 20251022 - Closes rhbz#2397530
--------------------------------------------------------------------------------
================================================================================
pre-commit-4.4.0-1.el10_2 (FEDORA-EPEL-2025-648bc79ca2)
Framework for managing and maintaining multi-language pre-commit hooks
--------------------------------------------------------------------------------
Update Information:
4.4.0 - 2025-11-08
Features
Add --fail-fast option to pre-commit run.
Upgrade ruby-build / rbenv.
Add language: unsupported / language: unsupported_script as aliases
for language: system / language: script (which will eventually be
deprecated).
Add support docker-in-docker detection for cgroups v2.
Fixes
Handle when docker gives SecurityOptions: null.
Fix error context for invalid stages in .pre-commit-config.yaml.
--------------------------------------------------------------------------------
ChangeLog:
* Sat Nov 8 2025 Benjamin A. Beasley <[email protected]> - 4.4.0-1
- Update to 4.4.0 (close RHBZ#2413596)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2413596 - pre-commit-4.4.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2413596
--------------------------------------------------------------------------------
================================================================================
python-pdfminer-20251107-1.el10_2 (FEDORA-EPEL-2025-58acb12ebc)
Tool for extracting information from PDF documents
--------------------------------------------------------------------------------
Update Information:
Update to 20251107
Fix: arbitary code execution when loading pickle font files
Security fix for GHSA-wf5f-4jwr-ppcp
--------------------------------------------------------------------------------
ChangeLog:
* Sat Nov 8 2025 Benjamin A. Beasley <[email protected]> - 20251107-1
- Update to 20251107 (fixes RHBZ#2413443)
- Security fix for GHSA-wf5f-4jwr-ppcp
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2413443 - python-pdfminer-20251107 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2413443
--------------------------------------------------------------------------------
================================================================================
pythoncapi-compat-0^20251108.11cb80f-1.el10_2 (FEDORA-EPEL-2025-c770cc7d2d)
Python C API compatibility
--------------------------------------------------------------------------------
Update Information:
Update to 0^20251108.11cb80f
Donât include structmember.h in pythoncapi_compat.h; avoids conflicts
due to names without "Py" prefixes.
Update to 0^20251105.44c8e14
Add PyUnstable_TryIncref() and PyUnstable_EnableTryIncRef()
--------------------------------------------------------------------------------
ChangeLog:
* Sat Nov 8 2025 Benjamin A. Beasley <[email protected]> -
1:0^20251108.11cb80f-1
- Update to 0^20251108.11cb80f
- Donât include structmember.h in pythoncapi_compat.h; avoids conflicts due
to names without "Py" prefixes.
* Thu Nov 6 2025 Benjamin A. Beasley <[email protected]> -
1:0^20251105.44c8e14-1
- Update to 0^20251105.44c8e14
- Add `PyUnstable_TryIncref()` and `PyUnstable_EnableTryIncRef()`
* Thu Oct 16 2025 Benjamin A. Beasley <[email protected]> -
1:0^20251015.e510a7b-1
- Update to 0^20251015.e510a7b
- Add an Epoch since the previous update had the wrong date
- Switch snapshot info from <date><scm><revision> to <date>.<revision>
--------------------------------------------------------------------------------
================================================================================
ruby-build-20251023-1.el10_2 (FEDORA-EPEL-2025-dbdc604104)
Compile and install Ruby
--------------------------------------------------------------------------------
Update Information:
Update to 20251023
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 23 2025 Packit <[email protected]> - 20251023-1
- Update to 20251023 upstream release
- Resolves: rhbz#2406026
--------------------------------------------------------------------------------
================================================================================
rust-confy-0.4.0-14.el10_2 (FEDORA-EPEL-2025-b04973ec2e)
Boilerplate-free configuration management
--------------------------------------------------------------------------------
Update Information:
Allow directories 6
--------------------------------------------------------------------------------
ChangeLog:
* Fri Nov 7 2025 Benjamin A. Beasley <[email protected]> - 0.4.0-14
- Allow directories 6
* Fri Jul 25 2025 Fedora Release Engineering <[email protected]> -
0.4.0-13
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
rust-jiff-0.2.16-1.el10_2 (FEDORA-EPEL-2025-2ff82706d1)
Date-time library that encourages you to jump into the pit of success
--------------------------------------------------------------------------------
Update Information:
0.2.16
Enhancements:
Add Serde helpers for (de)serializing std::time::Duration values.
Add Sub and Add trait implementations for Zoned (in addition to the
already existing trait implementations for &Zoned).
Add BrokenDownTime::set_meridiem and ensure it overrides the hour when
formatting.
Switch dependency on serde to serde_core. This should help speed up
compilation times in some cases.
Add new Zoned::series API, making it consistent with the same API on other
datetime types.
When lenient mode is enabled for strftime, Jiff will no longer error when
the formatting string contains invalid UTF-8.
Formatting of %y and %g no longer fails based on the specific year value.
Parsing of %s is now a bit more consistent with other fields. Moreover,
BrokenDownTime::{to_timestamp,to_zoned} will now prefer timestamps parsed
with %s over any other fields that have been parsed.
Allow parsing just a %s into a Zoned via the Etc/Unknown time zone.
Bug fixes:
Fix a bug where 2087-12-31T23:00:00Z in the Africa/Casablanca time zone
could not be round-tripped (because its offset was calculated incorrectly as
a result of not handling "permanent DST" POSIX time zones).
Fix a panic that occurred when parsing an empty string as a POSIX time zone.
Fix a panic that could occur when parsing %: via strptime APIs.
Update some parts of the documentation to indicate that TimeZone::unknown()
is a fallback for TimeZone::system() (instead of the jiff 0.1 behavior of
using TimeZone::UTC).
Fix a panicking bug when reading malformed TZif data.
Fix a panicking bug when parsing century (%C) via strptime.
Fixed bugs with parsing durations like -9223372036854775808s and
-PT9223372036854775808S.
Performance:
Parsing into Span or SignedDuration is now a fair bit faster in some
cases.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Nov 7 2025 Benjamin A. Beasley <[email protected]> - 0.2.16-1
- Update to version 0.2.16; Fixes RHBZ#2413355
* Sun Oct 19 2025 Benjamin A. Beasley <[email protected]> - 0.2.15-3
- Fix a typo in a spec-file comment
* Fri Jul 25 2025 Fedora Release Engineering <[email protected]> -
0.2.15-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2413355 - rust-jiff-0.2.16 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2413355
--------------------------------------------------------------------------------
================================================================================
xe-guest-utilities-latest-8.4.0-8.el10_2 (FEDORA-EPEL-2025-578e935ec3)
XAPI Virtual Machine Monitoring Scripts
--------------------------------------------------------------------------------
Update Information:
Scripts for monitoring XAPI project virtual machine.
Writes distribution version information and IP address to XenStore.
This package follows the latest version of xe-guest-utilities upstream.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Oct 10 2025 Alejandro Sáez <[email protected]> - 8.4.0-8
- rebuild
* Fri Aug 15 2025 Maxwell G <[email protected]> - 8.4.0-7
- Rebuild for golang-1.25.0
* Fri Jul 25 2025 Fedora Release Engineering <[email protected]> -
8.4.0-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
* Sun Jan 19 2025 Fedora Release Engineering <[email protected]> -
8.4.0-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
* Wed Sep 4 2024 Miroslav Suchý <[email protected]> - 8.4.0-4
- convert license to SPDX
* Sat Jul 20 2024 Fedora Release Engineering <[email protected]> -
8.4.0-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
* Sun Feb 11 2024 Maxwell G <[email protected]> - 8.4.0-2
- Rebuild for golang 1.22.0
* Thu Feb 8 2024 Robin Lee <[email protected]> - 8.4.0-1
- Update to 8.4.0 (RHBZ#2256779)
* Sat Jan 27 2024 Fedora Release Engineering <[email protected]> -
8.3.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Wed Oct 18 2023 Robin Lee <[email protected]> - 8.3.1-1
- Update to 8.3.1 (RHBZ#2240273)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2405705 - xe-guest-utilities-latest missing in epel 10
https://bugzilla.redhat.com/show_bug.cgi?id=2405705
--------------------------------------------------------------------------------
--
_______________________________________________
epel-devel mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/[email protected]
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
