The following Fedora EPEL 8 Security updates need testing: Age URL 5 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-1f39c6fc05 uriparser-0.9.8-2.el8 3 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-811cbc0ed6 suricata-7.0.10-1.el8 0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-9b4f4b88ff exim-4.98.2-1.el8 The following builds have been pushed to Fedora EPEL 8 updates-testing firejail-0.9.74-1.el8 voms-2.1.2-1.el8 yarnpkg-1.22.22-7.el8 Details about builds: ================================================================================ firejail-0.9.74-1.el8 (FEDORA-EPEL-2025-8a2b595a31) Linux namespaces sandbox program -------------------------------------------------------------------------------- Update Information: Update to v0.9.74 -------------------------------------------------------------------------------- ChangeLog: * Fri Mar 28 2025 Artur Frenszek-Iwicki <fedora@xxxxxxxxxx> - 0.9.74-1 - Upgrade to v0.9.74 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2354886 - firejail-0.9.74 is available https://bugzilla.redhat.com/show_bug.cgi?id=2354886 -------------------------------------------------------------------------------- ================================================================================ voms-2.1.2-1.el8 (FEDORA-EPEL-2025-7e05ee0c3b) Virtual Organization Membership Service -------------------------------------------------------------------------------- Update Information: VOMS 2.1.2 -------------------------------------------------------------------------------- ChangeLog: * Thu Mar 27 2025 Mattias Ellert <mattias.ellert@xxxxxxxxxxxxx> - 2.1.2-1 - Update to version 2.1.2 - Drop patch accepted upstream * Sat Mar 8 2025 Mattias Ellert <mattias.ellert@xxxxxxxxxxxxx> - 2.1.0-5 - Move user/group creation logic to sysusers.d fragment * Sun Jan 19 2025 Mattias Ellert <mattias.ellert@xxxxxxxxxxxxx> - 2.1.0-4 - Fix compilation with GCC 15 * Thu Oct 31 2024 Mattias Ellert <mattias.ellert@xxxxxxxxxxxxx> - 2.1.0-3 - Rebuild for gsoap 2.8.135 (Fedora 42) - Add additional ghost files to package (rpmlint) * Sat Jul 20 2024 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 2.1.0-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ yarnpkg-1.22.22-7.el8 (FEDORA-EPEL-2025-7f793012aa) Fast, reliable, and secure dependency management. -------------------------------------------------------------------------------- Update Information: Sync with rawhide. -------------------------------------------------------------------------------- ChangeLog: * Fri Mar 28 2025 Sandro Mani <manisandro@xxxxxxxxx> - 1.22.22-7 - Fix CVE-2024-12905 * Sun Jan 19 2025 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 1.22.22-6 - Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild * Tue Oct 15 2024 Sandro Mani <manisandro@xxxxxxxxx> - 1.22.22-5 - Update bundled ws (CVE-2024-37890) * Thu Oct 10 2024 Sandro Mani <manisandro@xxxxxxxxx> - 1.22.22-4 - Update bundled elliptic (CVE-2024-48949) * Sat Jul 20 2024 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 1.22.22-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild * Thu Jul 4 2024 Sandro Mani <manisandro@xxxxxxxxx> - 1.22.22-2 - Backport patch for CVE-2024-4067 * Sat Mar 9 2024 Sandro Mani <manisandro@xxxxxxxxx> - 1.22.22-1 - Update to 1.22.22 * Mon Feb 19 2024 Sandro Mani <manisandro@xxxxxxxxx> - 1.22.21-2 - Backport patches for CVE-2022-37599, CVE-2023-26136, CVE-2023-46234 * Fri Feb 16 2024 Sandro Mani <manisandro@xxxxxxxxx> - 1.22.21-1 - Update to 1.22.21 * Sat Jan 27 2024 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 1.22.19-8 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild * Sat Jul 22 2023 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 1.22.19-7 - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild * Wed May 3 2023 Sandro Mani <manisandro@xxxxxxxxx> - 1.22.19-6 - Rebuild (nodejs20) * Tue Mar 21 2023 Sandro Mani <manisandro@xxxxxxxxx> - 1.22.19-5 - Add patch for CVE-2022-38900, proper fixes for CVE-2021-43138, CVE-2022-3517, CVE-2020-7677 * Sat Jan 21 2023 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 1.22.19-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild * Wed Jan 11 2023 Sandro Mani <manisandro@xxxxxxxxx> - 1.22.19-3 - Add patches for CVE-2021-43138, CVE-2022-3517, CVE-2020-7677 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2317786 - CVE-2024-48949 yarnpkg: Missing Validation in Elliptic's EDDSA Signature Verification [epel-8] https://bugzilla.redhat.com/show_bug.cgi?id=2317786 [ 2 ] Bug #2355665 - CVE-2024-12905 yarnpkg: link following and path traversal via maliciously crafted tar file [epel-8] https://bugzilla.redhat.com/show_bug.cgi?id=2355665 -------------------------------------------------------------------------------- -- _______________________________________________ epel-devel mailing list -- epel-devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to epel-devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/epel-devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
