The following Fedora EPEL 9 Security updates need testing: Age URL 5 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-e9dcb51f6d uriparser-0.9.8-2.el9 3 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-46a02bfa95 suricata-7.0.10-1.el9 0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-ff88bfea14 exim-4.98.2-1.el9 The following builds have been pushed to Fedora EPEL 9 updates-testing firejail-0.9.74-1.el9 python-ramalama-0.7.1-1.el9 rust-image-0.25.5-3.el9 rust-once_cell-1.21.3-1.el9 rust-ring-0.17.14-1.el9 upx-5.0.0-1.el9 voms-2.1.2-1.el9 yarnpkg-1.22.22-7.el9 Details about builds: ================================================================================ firejail-0.9.74-1.el9 (FEDORA-EPEL-2025-0650b81fdb) Linux namespaces sandbox program -------------------------------------------------------------------------------- Update Information: Update to v0.9.74 -------------------------------------------------------------------------------- ChangeLog: * Fri Mar 28 2025 Artur Frenszek-Iwicki <fedora@xxxxxxxxxx> - 0.9.74-1 - Upgrade to v0.9.74 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2354886 - firejail-0.9.74 is available https://bugzilla.redhat.com/show_bug.cgi?id=2354886 -------------------------------------------------------------------------------- ================================================================================ python-ramalama-0.7.1-1.el9 (FEDORA-EPEL-2025-c5baa9cc04) RamaLama is a command line tool for working with AI LLM models -------------------------------------------------------------------------------- Update Information: Automatic update for python-ramalama-0.7.1-1.el9. Changelog for python-ramalama * Fri Mar 28 2025 Packit <hello@xxxxxxxxxx> - 0.7.1-1 - Update to 0.7.1 upstream release * Wed Mar 26 2025 Packit <hello@xxxxxxxxxx> - 0.7.0-1 - Update to 0.7.0 upstream release -------------------------------------------------------------------------------- ChangeLog: * Fri Mar 28 2025 Packit <hello@xxxxxxxxxx> - 0.7.1-1 - Update to 0.7.1 upstream release * Wed Mar 26 2025 Packit <hello@xxxxxxxxxx> - 0.7.0-1 - Update to 0.7.0 upstream release -------------------------------------------------------------------------------- ================================================================================ rust-image-0.25.5-3.el9 (FEDORA-EPEL-2025-266ad0bbf6) Imaging library -------------------------------------------------------------------------------- Update Information: Enable AVIF support via dav1d (RPM metadata only change). -------------------------------------------------------------------------------- ChangeLog: * Thu Mar 27 2025 Fabio Valentini <decathorpe@xxxxxxxxx> - 0.25.5-3 - Enable the avif-native feature * Sun Jan 19 2025 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 0.25.5-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ rust-once_cell-1.21.3-1.el9 (FEDORA-EPEL-2025-085a1e80b8) Single assignment cells and lazy values -------------------------------------------------------------------------------- Update Information: Update to version 1.21.3. -------------------------------------------------------------------------------- ChangeLog: * Fri Mar 28 2025 Fabio Valentini <decathorpe@xxxxxxxxx> - 1.21.3-1 - Update to version 1.21.3; Fixes RHBZ#2352430 -------------------------------------------------------------------------------- ================================================================================ rust-ring-0.17.14-1.el9 (FEDORA-EPEL-2025-ac05b27b01) Safe, fast, small crypto using Rust -------------------------------------------------------------------------------- Update Information: Update to version 0.17.14. This also includes a fix for RUSTSEC-2025-0009, though no Fedora package should be affected by it. -------------------------------------------------------------------------------- ChangeLog: * Thu Mar 27 2025 Fabio Valentini <decathorpe@xxxxxxxxx> - 0.17.14-1 - Update to version 0.17.14; Fixes RHBZ#2345670 * Thu Mar 27 2025 Fabio Valentini <decathorpe@xxxxxxxxx> - 0.17.13-1 - Update to version 0.17.13 * Thu Mar 27 2025 Fabio Valentini <decathorpe@xxxxxxxxx> - 0.17.12-1 - Update to version 0.17.12 * Thu Mar 27 2025 Fabio Valentini <decathorpe@xxxxxxxxx> - 0.17.11-1 - Update to version 0.17.11 * Thu Mar 27 2025 Fabio Valentini <decathorpe@xxxxxxxxx> - 0.17.10-1 - Update to version 0.17.10 * Thu Mar 27 2025 Fabio Valentini <decathorpe@xxxxxxxxx> - 0.17.9-1 - Update to version 0.17.9 * Tue Feb 25 2025 Benjamin A. Beasley <code@xxxxxxxxxxxxxxxxxx> - 0.17.8-7 - Fix accidental duplicated sections in rust2rpm.toml * Mon Feb 17 2025 Benjamin A. Beasley <code@xxxxxxxxxxxxxxxxxx> - 0.17.8-6 - Fix missing Perl scripts for generating assembly code on aarch64 * Mon Feb 17 2025 Benjamin A. Beasley <code@xxxxxxxxxxxxxxxxxx> - 0.17.8-5 - Never use pre-generated object files from upstream * Sun Jan 19 2025 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 0.17.8-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild * Sat Jul 20 2024 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 0.17.8-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ upx-5.0.0-1.el9 (FEDORA-EPEL-2025-0aeac9995d) Ultimate Packer for eXecutables -------------------------------------------------------------------------------- Update Information: 5.0.0 -------------------------------------------------------------------------------- ChangeLog: * Thu Feb 20 2025 Gwyn Ciesla <gwync@xxxxxxxxxxxxxx> - 5.0.0-1 - 5.0.0 * Sun Jan 19 2025 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 4.2.4-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild * Wed Dec 18 2024 Gwyn Ciesla <gwync@xxxxxxxxxxxxxx> - 4.2.4-3 - Provide bundled lzma-sdk * Sat Jul 20 2024 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 4.2.4-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #2355649 - CVE-2025-2849 upx: UPX p_lx_elf.cpp un_DT_INIT heap-based overflow [epel-9] https://bugzilla.redhat.com/show_bug.cgi?id=2355649 [ 2 ] Bug #2355650 - CVE-2025-2849 upx: UPX p_lx_elf.cpp un_DT_INIT heap-based overflow [fedora-40] https://bugzilla.redhat.com/show_bug.cgi?id=2355650 [ 3 ] Bug #2355651 - CVE-2025-2849 upx: UPX p_lx_elf.cpp un_DT_INIT heap-based overflow [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2355651 -------------------------------------------------------------------------------- ================================================================================ voms-2.1.2-1.el9 (FEDORA-EPEL-2025-500e07a222) Virtual Organization Membership Service -------------------------------------------------------------------------------- Update Information: VOMS 2.1.2 -------------------------------------------------------------------------------- ChangeLog: * Thu Mar 27 2025 Mattias Ellert <mattias.ellert@xxxxxxxxxxxxx> - 2.1.2-1 - Update to version 2.1.2 - Drop patch accepted upstream * Sat Mar 8 2025 Mattias Ellert <mattias.ellert@xxxxxxxxxxxxx> - 2.1.0-5 - Move user/group creation logic to sysusers.d fragment * Sun Jan 19 2025 Mattias Ellert <mattias.ellert@xxxxxxxxxxxxx> - 2.1.0-4 - Fix compilation with GCC 15 * Thu Oct 31 2024 Mattias Ellert <mattias.ellert@xxxxxxxxxxxxx> - 2.1.0-3 - Rebuild for gsoap 2.8.135 (Fedora 42) - Add additional ghost files to package (rpmlint) * Sat Jul 20 2024 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 2.1.0-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ yarnpkg-1.22.22-7.el9 (FEDORA-EPEL-2025-03946aa814) Fast, reliable, and secure dependency management. -------------------------------------------------------------------------------- Update Information: Fix CVE-2024-12905. -------------------------------------------------------------------------------- ChangeLog: * Fri Mar 28 2025 Sandro Mani <manisandro@xxxxxxxxx> - 1.22.22-7 - Fix CVE-2024-12905 * Sun Jan 19 2025 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 1.22.22-6 - Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #2355667 - CVE-2024-12905 yarnpkg: link following and path traversal via maliciously crafted tar file [epel-9] https://bugzilla.redhat.com/show_bug.cgi?id=2355667 [ 2 ] Bug #2355668 - CVE-2024-12905 yarnpkg: link following and path traversal via maliciously crafted tar file [fedora-40] https://bugzilla.redhat.com/show_bug.cgi?id=2355668 [ 3 ] Bug #2355669 - CVE-2024-12905 yarnpkg: link following and path traversal via maliciously crafted tar file [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2355669 -------------------------------------------------------------------------------- -- _______________________________________________ epel-devel mailing list -- epel-devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to epel-devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/epel-devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
