The following Fedora EPEL 10.1 Security updates need testing:
Age URL
3 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-391c549345
rnp-0.18.1-1.el10_1
The following builds have been pushed to Fedora EPEL 10.1 updates-testing
nextcloud-32.0.2-1.el10_1
openbao-2.4.4-1.el10_1
parallel-20251122-1.el10_1
python-astropy-iers-data-0.2025.11.24.0.39.11-1.el10_1
python-norpm-1.8-1.el10_1
rclone-1.72.0-1.el10_1
restic-0.18.1-1.el10_1
rust-byte-unit-5.2.0-1.el10_1
rust-open-5.3.3-1.el10_1
rust-quick-xml-0.38.4-1.el10_1
rust-rsa-0.9.9-1.el10_1
rust-signal-hook-registry-1.4.7-1.el10_1
rust-syn-2.0.111-1.el10_1
rust-termion-4.0.6-1.el10_1
rust-utf8-width-0.1.8-1.el10_1
rust-weezl-0.1.12-1.el10_1
Details about builds:
================================================================================
nextcloud-32.0.2-1.el10_1 (FEDORA-EPEL-2025-f5ce86fd47)
Private file sync and share server
--------------------------------------------------------------------------------
Update Information:
32.0.2 release RHBZ#2416087 RHBZ#2415750 RHBZ#2415751 RHBZ#2415752 RHBZ#2415753
--------------------------------------------------------------------------------
ChangeLog:
* Mon Nov 24 2025 Andrew Bauer <[email protected]> - 32.0.2-1
- 32.0.2 release RHBZ#2416087 RHBZ#2415750 RHBZ#2415751 RHBZ#2415752
RHBZ#2415753
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2415750 - CVE-2025-64500 nextcloud: Symfony HttpFoundation:
Limited authorization bypass [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2415750
[ 2 ] Bug #2415751 - CVE-2025-64500 nextcloud: Symfony HttpFoundation:
Limited authorization bypass [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2415751
[ 3 ] Bug #2415752 - CVE-2025-64500 nextcloud: Symfony HttpFoundation:
Limited authorization bypass [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2415752
[ 4 ] Bug #2415753 - CVE-2025-64500 nextcloud: Symfony HttpFoundation:
Limited authorization bypass [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2415753
[ 5 ] Bug #2416087 - nextcloud-32.0.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2416087
--------------------------------------------------------------------------------
================================================================================
openbao-2.4.4-1.el10_1 (FEDORA-EPEL-2025-001ad6132c)
A tool for securely accessing secrets
--------------------------------------------------------------------------------
Update Information:
update to upstream 2.4.4
--------------------------------------------------------------------------------
ChangeLog:
* Mon Nov 24 2025 Dave Dykstra <[email protected]> -
2.4.4-1
- update to 2.4.4
* Tue Nov 18 2025 Dave Dykstra <[email protected]> -
2.4.3-2
- add hsm build tag
--------------------------------------------------------------------------------
================================================================================
parallel-20251122-1.el10_1 (FEDORA-EPEL-2025-47e4120fcd)
Shell tool for executing jobs in parallel
--------------------------------------------------------------------------------
Update Information:
update to 20251122 fixes rhbz#2416682
--------------------------------------------------------------------------------
ChangeLog:
* Sun Nov 23 2025 Filipe Rosset <[email protected]> - 20251122-1
- update to 20251122 fixes rhbz#2416682
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2416682 - parallel-20251122 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2416682
--------------------------------------------------------------------------------
================================================================================
python-astropy-iers-data-0.2025.11.24.0.39.11-1.el10_1
(FEDORA-EPEL-2025-a6b040ef66)
IERS Earth Rotation and Leap Second tables for the astropy core package
--------------------------------------------------------------------------------
Update Information:
Automatic update for python-astropy-iers-data-0.2025.11.24.0.39.11-1.el10_1.
Changelog for python-astropy-iers-data
* Mon Nov 24 2025 Packit <[email protected]> - 0.2025.11.24.0.39.11-1
- Update to 0.2025.11.24.0.39.11 upstream release
- Resolves: rhbz#2416696
--------------------------------------------------------------------------------
ChangeLog:
* Mon Nov 24 2025 Packit <[email protected]> - 0.2025.11.24.0.39.11-1
- Update to 0.2025.11.24.0.39.11 upstream release
- Resolves: rhbz#2416696
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2416696 - python-astropy-iers-data-0.2025.11.24.0.39.11 is
available
https://bugzilla.redhat.com/show_bug.cgi?id=2416696
--------------------------------------------------------------------------------
================================================================================
python-norpm-1.8-1.el10_1 (FEDORA-EPEL-2025-efdaaf4097)
RPM Macro Expansion in Python
--------------------------------------------------------------------------------
Update Information:
new upstream release: https://github.com/praiskup/norpm/releases/tag/v1.8
--------------------------------------------------------------------------------
ChangeLog:
* Mon Nov 24 2025 Pavel Raiskup <[email protected]> - 1.8-1
- new upstream release:
https://github.com/praiskup/norpm/releases/tag/v1.8
--------------------------------------------------------------------------------
================================================================================
rclone-1.72.0-1.el10_1 (FEDORA-EPEL-2025-b5821dbb11)
Rsync for cloud storage
--------------------------------------------------------------------------------
Update Information:
Update to 1.72.0
--------------------------------------------------------------------------------
ChangeLog:
* Mon Nov 24 2025 Mikel Olasagasti Uranga <[email protected]> - 1.72.0-1
- Update to 1.72.0 - Closes rhbz#2397899
* Fri Oct 10 2025 Alejandro Sáez <[email protected]> - 1.71.0-2
- rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2398309 - CVE-2025-47910 rclone: CrossOriginProtection bypass in
net/http [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2398309
[ 2 ] Bug #2398947 - CVE-2025-47906 rclone: Unexpected paths returned from
LookPath in os/exec [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2398947
[ 3 ] Bug #2407494 - CVE-2025-58189 rclone: go crypto/tls ALPN negotiation
error contains attacker controlled information [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2407494
[ 4 ] Bug #2408534 - CVE-2025-61725 rclone: Excessive CPU consumption in
ParseAddress in net/mail [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2408534
[ 5 ] Bug #2408946 - CVE-2025-61723 rclone: Quadratic complexity when parsing
some invalid inputs in encoding/pem [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2408946
[ 6 ] Bug #2409888 - CVE-2025-58185 rclone: Parsing DER payload can cause
memory exhaustion in encoding/asn1 [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2409888
[ 7 ] Bug #2410828 - CVE-2025-58188 rclone: Panic when validating
certificates with DSA public keys in crypto/x509 [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2410828
--------------------------------------------------------------------------------
================================================================================
restic-0.18.1-1.el10_1 (FEDORA-EPEL-2025-d459347e22)
Fast, secure, efficient backup program
--------------------------------------------------------------------------------
Update Information:
Update to 0.18.1
--------------------------------------------------------------------------------
ChangeLog:
* Mon Nov 24 2025 Mikel Olasagasti Uranga <[email protected]> - 0.18.1-1
- Update to 0.18.1 - Closes rhbz#2397204 rhbz2416773
* Fri Oct 10 2025 Alejandro Sáez <[email protected]> - 0.18.0-5
- rebuild
* Fri Aug 15 2025 Maxwell G <[email protected]> - 0.18.0-4
- Rebuild for golang-1.25.0
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2398310 - CVE-2025-47910 restic: CrossOriginProtection bypass in
net/http [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2398310
[ 2 ] Bug #2398948 - CVE-2025-47906 restic: Unexpected paths returned from
LookPath in os/exec [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2398948
[ 3 ] Bug #2407495 - CVE-2025-58189 restic: go crypto/tls ALPN negotiation
error contains attacker controlled information [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2407495
[ 4 ] Bug #2408535 - CVE-2025-61725 restic: Excessive CPU consumption in
ParseAddress in net/mail [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2408535
[ 5 ] Bug #2408947 - CVE-2025-61723 restic: Quadratic complexity when parsing
some invalid inputs in encoding/pem [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2408947
[ 6 ] Bug #2409889 - CVE-2025-58185 restic: Parsing DER payload can cause
memory exhaustion in encoding/asn1 [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2409889
[ 7 ] Bug #2410829 - CVE-2025-58188 restic: Panic when validating
certificates with DSA public keys in crypto/x509 [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2410829
--------------------------------------------------------------------------------
================================================================================
rust-byte-unit-5.2.0-1.el10_1 (FEDORA-EPEL-2025-311546fdcf)
Library for interacting with units of bytes
--------------------------------------------------------------------------------
Update Information:
Update to version 5.2.0.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Nov 24 2025 Fabio Valentini <[email protected]> - 5.2.0-1
- Update to version 5.2.0; Fixes RHBZ#2416627
* Fri Jul 25 2025 Fedora Release Engineering <[email protected]> -
5.1.6-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
rust-open-5.3.3-1.el10_1 (FEDORA-EPEL-2025-3f000c4a0b)
Open a path or URL using the program configured on the system
--------------------------------------------------------------------------------
Update Information:
Update to version 5.3.3.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Nov 24 2025 Fabio Valentini <[email protected]> - 5.3.3-1
- Update to version 5.3.3; Fixes RHBZ#2415495
* Fri Jul 25 2025 Fedora Release Engineering <[email protected]> -
5.3.2-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
rust-quick-xml-0.38.4-1.el10_1 (FEDORA-EPEL-2025-d44bbbfe69)
High performance xml reader and writer
--------------------------------------------------------------------------------
Update Information:
Update to version 0.38.4.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Nov 24 2025 Fabio Valentini <[email protected]> - 0.38.4-1
- Update to version 0.38.4; Fixes RHBZ#2414244
--------------------------------------------------------------------------------
================================================================================
rust-rsa-0.9.9-1.el10_1 (FEDORA-EPEL-2025-5149136bb7)
Pure Rust RSA implementation
--------------------------------------------------------------------------------
Update Information:
Update to version 0.9.9.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Nov 24 2025 Fabio Valentini <[email protected]> - 0.9.9-1
- Update to version 0.9.9; Fixes RHBZ#2414798
* Fri Jul 25 2025 Fedora Release Engineering <[email protected]> -
0.9.8-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
rust-signal-hook-registry-1.4.7-1.el10_1 (FEDORA-EPEL-2025-7c10f10326)
Backend crate for signal-hook
--------------------------------------------------------------------------------
Update Information:
Update to version 1.4.7.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Nov 24 2025 Fabio Valentini <[email protected]> - 1.4.7-1
- Update to version 1.4.7; Fixes RHBZ#2416568
--------------------------------------------------------------------------------
================================================================================
rust-syn-2.0.111-1.el10_1 (FEDORA-EPEL-2025-ddda64659f)
Parser for Rust source code
--------------------------------------------------------------------------------
Update Information:
Update to version 2.0.111.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Nov 24 2025 Fabio Valentini <[email protected]> - 2.0.111-1
- Update to version 2.0.111; Fixes RHBZ#2412982
--------------------------------------------------------------------------------
================================================================================
rust-termion-4.0.6-1.el10_1 (FEDORA-EPEL-2025-81f8af17c3)
Bindless library for manipulating terminals
--------------------------------------------------------------------------------
Update Information:
Update to version 4.0.6.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Nov 24 2025 Fabio Valentini <[email protected]> - 4.0.6-1
- Update to version 4.0.6; Fixes RHBZ#2416495
* Fri Jul 25 2025 Fedora Release Engineering <[email protected]> -
4.0.5-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
rust-utf8-width-0.1.8-1.el10_1 (FEDORA-EPEL-2025-5a038b1184)
Determine the width of a UTF-8 character by providing its first byte
--------------------------------------------------------------------------------
Update Information:
Update to version 0.1.8.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Nov 24 2025 Fabio Valentini <[email protected]> - 0.1.8-1
- Update to version 0.1.8; Fixes RHBZ#2416608
* Fri Jul 25 2025 Fedora Release Engineering <[email protected]> -
0.1.7-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
* Sun Jan 19 2025 Fedora Release Engineering <[email protected]> -
0.1.7-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
rust-weezl-0.1.12-1.el10_1 (FEDORA-EPEL-2025-1a4ca69385)
Fast LZW compression and decompression
--------------------------------------------------------------------------------
Update Information:
Update to version 0.1.12.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Nov 24 2025 Fabio Valentini <[email protected]> - 0.1.12-1
- Update to version 0.1.12; Fixes RHBZ#2413543
* Fri Jul 25 2025 Fedora Release Engineering <[email protected]> -
0.1.10-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
--------------------------------------------------------------------------------
--
_______________________________________________
epel-devel mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/[email protected]
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
