The following Fedora EPEL 9 Security updates need testing: Age URL 6 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-ff88bfea14 exim-4.98.2-1.el9 5 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-03946aa814 yarnpkg-1.22.22-7.el9 5 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-0aeac9995d upx-5.0.0-1.el9 4 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-3ea9a27f9b perl-Data-Entropy-0.008-1.el9 0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-80a466f7f5 zabbix7.0-7.0.11-1.el9 The following builds have been pushed to Fedora EPEL 9 updates-testing chromium-135.0.7049.52-2.el9 koji-image-builder-3-1.el9 rust-b3sum-1.8.1-1.el9 rust-blake3-1.8.1-1.el9 Details about builds: ================================================================================ chromium-135.0.7049.52-2.el9 (FEDORA-EPEL-2025-eb7e3d90f5) A WebKit (Blink) powered web browser that Google doesn't want you to use -------------------------------------------------------------------------------- Update Information: Update to 135.0.7049.52 High CVE-2025-3066: Use after free in Navigations Medium CVE-2025-3067: Inappropriate implementation in Custom Tabs Medium CVE-2025-3068: Inappropriate implementation in Intents Medium CVE-2025-3069: Inappropriate implementation in Extensions Medium CVE-2025-3070: Insufficient validation of untrusted input in Extensions Low CVE-2025-3071: Inappropriate implementation in Navigations Low CVE-2025-3072: Inappropriate implementation in Custom Tabs Low CVE-2025-3073: Inappropriate implementation in Autofill Low CVE-2025-3074: Inappropriate implementation in Downloads -------------------------------------------------------------------------------- ChangeLog: * Wed Apr 2 2025 Jan Grulich <jgrulich@xxxxxxxxxx> - 135.0.7049.52-2 - Add CFI suppressions for inline PipeWire functions * Tue Apr 1 2025 Than Ngo <than@xxxxxxxxxx> - 135.0.7049.52-1 - Update to 135.0.7049.52 * Fri Mar 28 2025 Than Ngo <than@xxxxxxxxxx> - 135.0.7049.41-1 - Update to 135.0.7049.41 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2356787 - CVE-2025-3066 chromium: Use after free in Navigations [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2356787 [ 2 ] Bug #2356788 - CVE-2025-3066 chromium: Use after free in Navigations [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2356788 [ 3 ] Bug #2356789 - CVE-2025-3068 chromium: Inappropriate implementation in Intents [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2356789 [ 4 ] Bug #2356790 - CVE-2025-3068 chromium: Inappropriate implementation in Intents [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2356790 [ 5 ] Bug #2356792 - CVE-2025-3072 chromium: Inappropriate implementation in Custom Tabs [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2356792 [ 6 ] Bug #2356793 - CVE-2025-3072 chromium: Inappropriate implementation in Custom Tabs [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2356793 [ 7 ] Bug #2356794 - CVE-2025-3073 chromium: Inappropriate implementation in Autofill [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2356794 [ 8 ] Bug #2356795 - CVE-2025-3073 chromium: Inappropriate implementation in Autofill [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2356795 [ 9 ] Bug #2356796 - CVE-2025-3070 chromium: Insufficient validation of untrusted input in Extensions [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2356796 [ 10 ] Bug #2356797 - CVE-2025-3070 chromium: Insufficient validation of untrusted input in Extensions [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2356797 [ 11 ] Bug #2356798 - CVE-2025-3069 chromium: Inappropriate implementation in Extensions [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2356798 [ 12 ] Bug #2356799 - CVE-2025-3069 chromium: Inappropriate implementation in Extensions [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2356799 [ 13 ] Bug #2356800 - CVE-2025-3071 chromium: Inappropriate implementation in Navigations [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2356800 [ 14 ] Bug #2356801 - CVE-2025-3071 chromium: Inappropriate implementation in Navigations [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2356801 -------------------------------------------------------------------------------- ================================================================================ koji-image-builder-3-1.el9 (FEDORA-EPEL-2025-9a8573433f) Koji integration plugins for image-builder -------------------------------------------------------------------------------- Update Information: Automatic update for koji-image-builder-3-1.el9. -------------------------------------------------------------------------------- ChangeLog: * Thu Apr 3 2025 Packit <hello@xxxxxxxxxx> - 3-1 Changes with 3 ---------------- â?? Somewhere on the Internet, 2025-04-03 * Mon Mar 17 2025 Simon de Vlieger <supakeen@xxxxxxxxxx> - 1-1 - On this day, this project was born. -------------------------------------------------------------------------------- ================================================================================ rust-b3sum-1.8.1-1.el9 (FEDORA-EPEL-2025-c6457ac09c) Command line implementation of the BLAKE3 hash function -------------------------------------------------------------------------------- Update Information: As of b3sum 1.7.0, added b3sum --tag, which changes the output format. This is for compatibility with GNU checksum tools (which use the same flag) and BSD checksum tools (which use the output format this flag turns on). The blake3 crate now provides the blake3::hazmat module, which replaces the undocumented and now deprecated blake3::guts module. -------------------------------------------------------------------------------- ChangeLog: * Thu Apr 3 2025 Benjamin A. Beasley <code@xxxxxxxxxxxxxxxxxx> - 1.8.1-1 - Update to 1.8.1 (close RHBZ#2353226) * Thu Apr 3 2025 Benjamin A. Beasley <code@xxxxxxxxxxxxxxxxxx> - 1.7.0-1 - Update to 1.7.0 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2353226 - rust-b3sum-1.8.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=2353226 [ 2 ] Bug #2353227 - rust-blake3-1.8.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=2353227 -------------------------------------------------------------------------------- ================================================================================ rust-blake3-1.8.1-1.el9 (FEDORA-EPEL-2025-c6457ac09c) BLAKE3 hash function -------------------------------------------------------------------------------- Update Information: As of b3sum 1.7.0, added b3sum --tag, which changes the output format. This is for compatibility with GNU checksum tools (which use the same flag) and BSD checksum tools (which use the output format this flag turns on). The blake3 crate now provides the blake3::hazmat module, which replaces the undocumented and now deprecated blake3::guts module. -------------------------------------------------------------------------------- ChangeLog: * Thu Apr 3 2025 Benjamin A. Beasley <code@xxxxxxxxxxxxxxxxxx> - 1.8.1-1 - Update to version 1.8.1; fixes RHBZ#2353227 * Thu Apr 3 2025 Benjamin A. Beasley <code@xxxxxxxxxxxxxxxxxx> - 1.7.0-1 - Update to version 1.7.0 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2353226 - rust-b3sum-1.8.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=2353226 [ 2 ] Bug #2353227 - rust-blake3-1.8.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=2353227 --------------------------------------------------------------------------------
-- _______________________________________________ epel-devel mailing list -- epel-devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to epel-devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/epel-devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
