The following Fedora EPEL 9 Security updates need testing:
Age URL
50 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-9a55de96db
xpdf-4.06-1.el9
4 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-b2e37e7d22
exim-4.99.1-1.el9
3 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-082297644a
coturn-4.7.0-4.el9
2 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-151ddbd53b
wasmedge-0.14.0-4.el9
2 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-13503a8eac
composer-2.9.3-1.el9
1 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-cecc10e473
seamonkey-2.53.23-1.el9
0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-8ec67a8105
libsodium-1.0.18-9.el9
0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-8919df6bce
foomuuri-0.31-1.el9
The following builds have been pushed to Fedora EPEL 9 updates-testing
R-rpm-macros-1.3.3-1.el9
chromium-143.0.7499.192-1.el9
helm-4.0.4-1.el9
helm3-3.19.3-1.el9
rust-cc-1.2.51-1.el9
rust-clap-4.5.54-1.el9
rust-clap_builder-4.5.54-1.el9
rust-find-msvc-tools-0.1.6-1.el9
rust-indexmap-2.13.0-1.el9
rust-rsa-0.9.10-1.el9
rust-rustls-0.23.36-1.el9
rust-serde_json-1.0.149-1.el9
rust-tokio-1.49.0-1.el9
rust-tokio-stream-0.1.18-1.el9
rust-tokio-test-0.4.5-1.el9
rust-tokio-util-0.7.18-1.el9
rust-zmij-1.0.12-1.el9
uARMSolver-0.4.0-1.el9
Details about builds:
================================================================================
R-rpm-macros-1.3.3-1.el9 (FEDORA-EPEL-2026-cf02be94b2)
Macros to help produce R packages
--------------------------------------------------------------------------------
Update Information:
Update to 1.3.3
Update to 1.3.2
Update to 1.3.1
--------------------------------------------------------------------------------
ChangeLog:
* Thu Jan 8 2026 Iñaki Ãcar <[email protected]> - 1.3.3-1
- Update to 1.3.3
* Thu Jan 8 2026 Iñaki Ãcar <[email protected]> - 1.3.2-1
- Update to 1.3.2
* Mon Jan 5 2026 Iñaki Ãcar <[email protected]> - 1.3.1-1
- Update to 1.3.1
--------------------------------------------------------------------------------
================================================================================
chromium-143.0.7499.192-1.el9 (FEDORA-EPEL-2026-1e6d3d4287)
A WebKit (Blink) powered web browser that Google doesn't want you to use
--------------------------------------------------------------------------------
Update Information:
Update to 143.0.7499.192
* High CVE-2026-0628: Insufficient policy enforcement in WebView tag
* Enable control flow integrity support for x86_64/aarch64
* Enable build for epel10.1
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jan 7 2026 Than Ngo <[email protected]> - 143.0.7499.192-1
- Update tp 143.0.7499.192
* High CVE-2026-0628: Insufficient policy enforcement in WebView tag
- Fix rhbz#2425338, Enable control flow integrity support for x86_64/aarch64
- Enable build for epel10.1
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2425338 - Please re-enable CFI build option
https://bugzilla.redhat.com/show_bug.cgi?id=2425338
[ 2 ] Bug #2425439 - Chromium not updated RHEL 10
https://bugzilla.redhat.com/show_bug.cgi?id=2425439
--------------------------------------------------------------------------------
================================================================================
helm-4.0.4-1.el9 (FEDORA-EPEL-2026-8461f97b9d)
The Kubernetes Package Manager
--------------------------------------------------------------------------------
Update Information:
Update to helm to version 4 and introduce helm3 as a compat package.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Jan 8 2026 Mikel Olasagasti Uranga <[email protected]> - 4.0.4-1
- Update to 4.0.4 - Closes rhbz#2413974
* Sun Oct 12 2025 Maxwell G <[email protected]> - 3.19.0-3
- Rebuild for golang 1.25.2
* Fri Oct 10 2025 Alejandro Sáez <[email protected]> - 3.19.0-2
- rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2398359 - CVE-2025-47910 helm: CrossOriginProtection bypass in
net/http [epel-9]
https://bugzilla.redhat.com/show_bug.cgi?id=2398359
[ 2 ] Bug #2399009 - CVE-2025-47906 helm: Unexpected paths returned from
LookPath in os/exec [epel-9]
https://bugzilla.redhat.com/show_bug.cgi?id=2399009
[ 3 ] Bug #2407545 - CVE-2025-58189 helm: go crypto/tls ALPN negotiation
error contains attacker controlled information [epel-9]
https://bugzilla.redhat.com/show_bug.cgi?id=2407545
[ 4 ] Bug #2409000 - CVE-2025-61723 helm: Quadratic complexity when parsing
some invalid inputs in encoding/pem [epel-9]
https://bugzilla.redhat.com/show_bug.cgi?id=2409000
[ 5 ] Bug #2409943 - CVE-2025-58185 helm: Parsing DER payload can cause
memory exhaustion in encoding/asn1 [epel-9]
https://bugzilla.redhat.com/show_bug.cgi?id=2409943
[ 6 ] Bug #2410880 - CVE-2025-58188 helm: Panic when validating certificates
with DSA public keys in crypto/x509 [epel-9]
https://bugzilla.redhat.com/show_bug.cgi?id=2410880
[ 7 ] Bug #2412484 - CVE-2025-58183 helm: Unbounded allocation when parsing
GNU sparse map [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2412484
[ 8 ] Bug #2418992 - CVE-2024-25621 helm: containerd local privilege
escalation [epel-9]
https://bugzilla.redhat.com/show_bug.cgi?id=2418992
--------------------------------------------------------------------------------
================================================================================
helm3-3.19.3-1.el9 (FEDORA-EPEL-2026-8461f97b9d)
The Kubernetes Package Manager
--------------------------------------------------------------------------------
Update Information:
Update to helm to version 4 and introduce helm3 as a compat package.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Jan 8 2026 Mikel Olasagasti Uranga <[email protected]> - 3.19.3-1
- Initial commit for helm3 - Closes rhbz#2427597
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2398359 - CVE-2025-47910 helm: CrossOriginProtection bypass in
net/http [epel-9]
https://bugzilla.redhat.com/show_bug.cgi?id=2398359
[ 2 ] Bug #2399009 - CVE-2025-47906 helm: Unexpected paths returned from
LookPath in os/exec [epel-9]
https://bugzilla.redhat.com/show_bug.cgi?id=2399009
[ 3 ] Bug #2407545 - CVE-2025-58189 helm: go crypto/tls ALPN negotiation
error contains attacker controlled information [epel-9]
https://bugzilla.redhat.com/show_bug.cgi?id=2407545
[ 4 ] Bug #2409000 - CVE-2025-61723 helm: Quadratic complexity when parsing
some invalid inputs in encoding/pem [epel-9]
https://bugzilla.redhat.com/show_bug.cgi?id=2409000
[ 5 ] Bug #2409943 - CVE-2025-58185 helm: Parsing DER payload can cause
memory exhaustion in encoding/asn1 [epel-9]
https://bugzilla.redhat.com/show_bug.cgi?id=2409943
[ 6 ] Bug #2410880 - CVE-2025-58188 helm: Panic when validating certificates
with DSA public keys in crypto/x509 [epel-9]
https://bugzilla.redhat.com/show_bug.cgi?id=2410880
[ 7 ] Bug #2412484 - CVE-2025-58183 helm: Unbounded allocation when parsing
GNU sparse map [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2412484
[ 8 ] Bug #2418992 - CVE-2024-25621 helm: containerd local privilege
escalation [epel-9]
https://bugzilla.redhat.com/show_bug.cgi?id=2418992
--------------------------------------------------------------------------------
================================================================================
rust-cc-1.2.51-1.el9 (FEDORA-EPEL-2026-dc556106dd)
Build-time dependency for Cargo build scripts to invoke the native C compiler
--------------------------------------------------------------------------------
Update Information:
Update the cc crate to version 1.2.51.
Update the clap and clap_builder crates to version 4.5.54.
Initial packaging of the find-msvc-tools crate.
Update the serde_json crate to version 1.0.149.
Initial packaging of the zmij crate.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Jan 8 2026 Fabio Valentini <[email protected]> - 1.2.51-1
- Update to version 1.2.51; Fixes RHBZ#2392385
--------------------------------------------------------------------------------
================================================================================
rust-clap-4.5.54-1.el9 (FEDORA-EPEL-2026-dc556106dd)
Simple to use, efficient, and full-featured Command Line Argument Parser
--------------------------------------------------------------------------------
Update Information:
Update the cc crate to version 1.2.51.
Update the clap and clap_builder crates to version 4.5.54.
Initial packaging of the find-msvc-tools crate.
Update the serde_json crate to version 1.0.149.
Initial packaging of the zmij crate.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Jan 8 2026 Fabio Valentini <[email protected]> - 4.5.54-1
- Update to version 4.5.54; Fixes RHBZ#2426903
--------------------------------------------------------------------------------
================================================================================
rust-clap_builder-4.5.54-1.el9 (FEDORA-EPEL-2026-dc556106dd)
Simple to use, efficient, and full-featured Command Line Argument Parser
--------------------------------------------------------------------------------
Update Information:
Update the cc crate to version 1.2.51.
Update the clap and clap_builder crates to version 4.5.54.
Initial packaging of the find-msvc-tools crate.
Update the serde_json crate to version 1.0.149.
Initial packaging of the zmij crate.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Jan 8 2026 Fabio Valentini <[email protected]> - 4.5.54-1
- Update to version 4.5.54; Fixes RHBZ#2426902
--------------------------------------------------------------------------------
================================================================================
rust-find-msvc-tools-0.1.6-1.el9 (FEDORA-EPEL-2026-dc556106dd)
Find windows-specific tools and MSVC versions
--------------------------------------------------------------------------------
Update Information:
Update the cc crate to version 1.2.51.
Update the clap and clap_builder crates to version 4.5.54.
Initial packaging of the find-msvc-tools crate.
Update the serde_json crate to version 1.0.149.
Initial packaging of the zmij crate.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Jan 8 2026 Fabio Valentini <[email protected]> - 0.1.6-1
- Initial import (#2426656)
--------------------------------------------------------------------------------
================================================================================
rust-indexmap-2.13.0-1.el9 (FEDORA-EPEL-2026-503a352e54)
Hash table with consistent order and fast iteration
--------------------------------------------------------------------------------
Update Information:
Update to version 2.13.0.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Jan 8 2026 Fabio Valentini <[email protected]> - 2.13.0-1
- Update to version 2.13.0; Fixes RHBZ#2427623
--------------------------------------------------------------------------------
================================================================================
rust-rsa-0.9.10-1.el9 (FEDORA-EPEL-2026-c1914a51be)
Pure Rust RSA implementation
--------------------------------------------------------------------------------
Update Information:
Update to version 0.9.10.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jan 7 2026 Peter Robinson <[email protected]> - 0.9.10-1
- Update to 0.9.10 (rhbz#2427404)
--------------------------------------------------------------------------------
================================================================================
rust-rustls-0.23.36-1.el9 (FEDORA-EPEL-2026-23bf3e54e8)
Rustls is a modern TLS library written in Rust
--------------------------------------------------------------------------------
Update Information:
Update to version 0.23.36.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Jan 8 2026 Fabio Valentini <[email protected]> - 0.23.36-1
- Update to version 0.23.36; Fixes RHBZ#2427202
--------------------------------------------------------------------------------
================================================================================
rust-serde_json-1.0.149-1.el9 (FEDORA-EPEL-2026-dc556106dd)
JSON serialization file format
--------------------------------------------------------------------------------
Update Information:
Update the cc crate to version 1.2.51.
Update the clap and clap_builder crates to version 4.5.54.
Initial packaging of the find-msvc-tools crate.
Update the serde_json crate to version 1.0.149.
Initial packaging of the zmij crate.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Jan 8 2026 Fabio Valentini <[email protected]> - 1.0.149-1
- Update to version 1.0.149; Fixes RHBZ#2424284
--------------------------------------------------------------------------------
================================================================================
rust-tokio-1.49.0-1.el9 (FEDORA-EPEL-2026-4f1a0b32e1)
Event-driven, non-blocking I/O platform
--------------------------------------------------------------------------------
Update Information:
Update to version 1.49.0.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Jan 8 2026 Fabio Valentini <[email protected]> - 1.49.0-1
- Update to version 1.49.0; Fixes RHBZ#2426936
--------------------------------------------------------------------------------
================================================================================
rust-tokio-stream-0.1.18-1.el9 (FEDORA-EPEL-2026-070e44e7c5)
Utilities to work with Stream and tokio
--------------------------------------------------------------------------------
Update Information:
Update to version 0.1.18.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Jan 8 2026 Fabio Valentini <[email protected]> - 0.1.18-1
- Update to version 0.1.18; Fixes RHBZ#2427011
* Fri Jul 25 2025 Fedora Release Engineering <[email protected]> -
0.1.17-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
* Sun Jan 19 2025 Fedora Release Engineering <[email protected]> -
0.1.17-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
rust-tokio-test-0.4.5-1.el9 (FEDORA-EPEL-2026-6b5e71f299)
Testing utilities for Tokio- and futures-based code
--------------------------------------------------------------------------------
Update Information:
Update to version 0.4.5.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Jan 8 2026 Fabio Valentini <[email protected]> - 0.4.5-1
- Update to version 0.4.5; Fixes RHBZ#2427012
* Fri Jul 25 2025 Fedora Release Engineering <[email protected]> -
0.4.4-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
* Sun Jan 19 2025 Fedora Release Engineering <[email protected]> -
0.4.4-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
* Sat Jul 20 2024 Fedora Release Engineering <[email protected]> -
0.4.4-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
rust-tokio-util-0.7.18-1.el9 (FEDORA-EPEL-2026-d4be8d90e6)
Additional utilities for working with Tokio
--------------------------------------------------------------------------------
Update Information:
Update to version 0.7.18.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Jan 8 2026 Fabio Valentini <[email protected]> - 0.7.18-1
- Update to version 0.7.18; Fixes RHBZ#2427013
--------------------------------------------------------------------------------
================================================================================
rust-zmij-1.0.12-1.el9 (FEDORA-EPEL-2026-dc556106dd)
Double-to-string conversion algorithm based on Schubfach and yy
--------------------------------------------------------------------------------
Update Information:
Update the cc crate to version 1.2.51.
Update the clap and clap_builder crates to version 4.5.54.
Initial packaging of the find-msvc-tools crate.
Update the serde_json crate to version 1.0.149.
Initial packaging of the zmij crate.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Jan 8 2026 Fabio Valentini <[email protected]> - 1.0.12-1
- Initial import (#2425791)
--------------------------------------------------------------------------------
================================================================================
uARMSolver-0.4.0-1.el9 (FEDORA-EPEL-2026-0e9307ad2a)
Universal Association Rule Mining Solver
--------------------------------------------------------------------------------
Update Information:
Update to 0.4.0
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jan 7 2026 Iztok Fister Jr. <iztokf AT fedoraproject DOT org> - 0.4.0-1
- Update to 0.4.0
* Fri Jul 25 2025 Fedora Release Engineering <[email protected]> -
0.3.0-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
* Sun Jan 19 2025 Fedora Release Engineering <[email protected]> -
0.3.0-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
* Sat Jul 20 2024 Fedora Release Engineering <[email protected]> -
0.3.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
--------------------------------------------------------------------------------
--
_______________________________________________
epel-devel mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/[email protected]
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
