The following Fedora EPEL 9 Security updates need testing:
Age URL
56 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-9a55de96db
xpdf-4.06-1.el9
6 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-8461f97b9d
helm-4.0.4-1.el9 helm3-3.19.3-1.el9
3 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-75ca846030
rust-lru-0.16.3-1.el9
1 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-aecc6f21f3
cpp-httplib-0.30.1-5.el9
1 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-e8927bc057
rpki-client-9.7-1.el9
The following builds have been pushed to Fedora EPEL 9 updates-testing
fennel-1.6.1-1.el9
rclone-1.72.1-1.el9
ruby-build-20260114-1.el9
rust-rkyv-0.8.14-1.el9
rust-rkyv0.7-0.7.46-1.el9
rust-rkyv_derive-0.8.14-1.el9
rust-rkyv_derive0.7-0.7.46-1.el9
Details about builds:
================================================================================
fennel-1.6.1-1.el9 (FEDORA-EPEL-2026-407202ea7f)
A Lisp that compiles to Lua
--------------------------------------------------------------------------------
Update Information:
Fix a bug where pattern matches on ... could error out.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Dec 30 2025 Packit <[email protected]> - 1.6.1-1
- Update to 1.6.1 upstream release
- Resolves: rhbz#2426332
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2426332 - fennel-1.6.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2426332
--------------------------------------------------------------------------------
================================================================================
rclone-1.72.1-1.el9 (FEDORA-EPEL-2026-cf3b9d64bd)
Rsync for cloud storage
--------------------------------------------------------------------------------
Update Information:
Update to 1.72.1
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jan 14 2026 Mikel Olasagasti Uranga <[email protected]> - 1.72.1-1
- Apply EPEL9-specific changes
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2384107 - rclone: Host Header Injection in github.com/go-chi/chi
[epel-9]
https://bugzilla.redhat.com/show_bug.cgi?id=2384107
[ 2 ] Bug #2398372 - CVE-2025-47910 rclone: CrossOriginProtection bypass in
net/http [epel-9]
https://bugzilla.redhat.com/show_bug.cgi?id=2398372
[ 3 ] Bug #2399022 - CVE-2025-47906 rclone: Unexpected paths returned from
LookPath in os/exec [epel-9]
https://bugzilla.redhat.com/show_bug.cgi?id=2399022
[ 4 ] Bug #2407558 - CVE-2025-58189 rclone: go crypto/tls ALPN negotiation
error contains attacker controlled information [epel-9]
https://bugzilla.redhat.com/show_bug.cgi?id=2407558
[ 5 ] Bug #2408557 - CVE-2025-61725 rclone: Excessive CPU consumption in
ParseAddress in net/mail [epel-9]
https://bugzilla.redhat.com/show_bug.cgi?id=2408557
[ 6 ] Bug #2409013 - CVE-2025-61723 rclone: Quadratic complexity when parsing
some invalid inputs in encoding/pem [epel-9]
https://bugzilla.redhat.com/show_bug.cgi?id=2409013
[ 7 ] Bug #2409960 - CVE-2025-58185 rclone: Parsing DER payload can cause
memory exhaustion in encoding/asn1 [epel-9]
https://bugzilla.redhat.com/show_bug.cgi?id=2409960
[ 8 ] Bug #2410893 - CVE-2025-58188 rclone: Panic when validating
certificates with DSA public keys in crypto/x509 [epel-9]
https://bugzilla.redhat.com/show_bug.cgi?id=2410893
[ 9 ] Bug #2420574 - CVE-2025-47913 rclone: golang.org/x/crypto/ssh/agent:
SSH client panic due to unexpected SSH_AGENT_SUCCESS [epel-9]
https://bugzilla.redhat.com/show_bug.cgi?id=2420574
--------------------------------------------------------------------------------
================================================================================
ruby-build-20260114-1.el9 (FEDORA-EPEL-2026-189ae16565)
Compile and install Ruby
--------------------------------------------------------------------------------
Update Information:
Update to 20260114 to include 3.2.10
Update to 20260113 to include CRuby 4.0.1 release
Update to 20260110
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jan 14 2026 Packit <[email protected]> - 20260114-1
- Update to 20260114 upstream release
- Resolves: rhbz#2429517
* Tue Jan 13 2026 Packit <[email protected]> - 20260113-1
- Update to 20260113 upstream release
- Resolves: rhbz#2428859
* Sat Jan 10 2026 Packit <[email protected]> - 20260110-1
- Update to 20260110 upstream release
- Resolves: rhbz#2428461
--------------------------------------------------------------------------------
================================================================================
rust-rkyv-0.8.14-1.el9 (FEDORA-EPEL-2026-6b9f98bc4a)
Zero-copy deserialization framework for Rust
--------------------------------------------------------------------------------
Update Information:
Avoid ambiguous associated item references
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jan 14 2026 Benjamin A. Beasley <[email protected]> - 0.8.14-1
- Update to version 0.8.14; Fixes RHBZ#2429299
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2429299 - rust-rkyv-0.8.14 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2429299
[ 2 ] Bug #2429300 - rust-rkyv_derive-0.8.14 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2429300
--------------------------------------------------------------------------------
================================================================================
rust-rkyv0.7-0.7.46-1.el9 (FEDORA-EPEL-2026-e04f9da1af)
Zero-copy deserialization framework for Rust
--------------------------------------------------------------------------------
Update Information:
https://rustsec.org/advisories/RUSTSEC-2026-0001
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jan 13 2026 Benjamin A. Beasley <[email protected]> - 0.7.46-1
- Update to version 0.7.46; Fixes RUSTSEC-2026-0001
* Fri Jul 25 2025 Fedora Release Engineering <[email protected]> -
0.7.45-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
* Sun Jan 19 2025 Fedora Release Engineering <[email protected]> -
0.7.45-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
rust-rkyv_derive-0.8.14-1.el9 (FEDORA-EPEL-2026-6b9f98bc4a)
Derive macro for rkyv
--------------------------------------------------------------------------------
Update Information:
Avoid ambiguous associated item references
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jan 14 2026 Benjamin A. Beasley <[email protected]> - 0.8.14-1
- Update to version 0.8.14; Fixes RHBZ#2429300
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2429299 - rust-rkyv-0.8.14 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2429299
[ 2 ] Bug #2429300 - rust-rkyv_derive-0.8.14 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2429300
--------------------------------------------------------------------------------
================================================================================
rust-rkyv_derive0.7-0.7.46-1.el9 (FEDORA-EPEL-2026-e04f9da1af)
Derive macro for rkyv
--------------------------------------------------------------------------------
Update Information:
https://rustsec.org/advisories/RUSTSEC-2026-0001
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jan 13 2026 Benjamin A. Beasley <[email protected]> - 0.7.46-1
- Update to version 0.7.46; Fixes RUSTSEC-2026-0001
* Fri Jul 25 2025 Fedora Release Engineering <[email protected]> -
0.7.45-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
* Sun Jan 19 2025 Fedora Release Engineering <[email protected]> -
0.7.45-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
--------------------------------------------------------------------------------
--
_______________________________________________
epel-devel mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/[email protected]
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
