The following Fedora EPEL 9 Security updates need testing: Age URL 5 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-5c25fd8e2d roundcubemail-1.5.10-1.el9 5 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-1994b4dec7 seamonkey-2.53.21-1.el9 4 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-f9b95079ea yarnpkg-1.22.22-8.el9 1 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-66a01bfb0d valkey-8.0.3-3.el9 The following builds have been pushed to Fedora EPEL 9 updates-testing objfw-1.3.2-1.el9 python-django4.2-4.2.22-1.el9 xrootd-s3-http-0.4.1-2.el9 Details about builds: ================================================================================ objfw-1.3.2-1.el9 (FEDORA-EPEL-2025-102942d0f2) Portable, lightweight framework for the Objective-C language -------------------------------------------------------------------------------- Update Information: Update to 1.3.2 Update to 1.3.1 -------------------------------------------------------------------------------- ChangeLog: * Sun Jun 8 2025 Jonathan Schleifer <js@xxxxxxxxxxxxxxxxx> - 1.3.2-1 - Update to 1.3.2 * Sat Jun 7 2025 Jonathan Schleifer <js@xxxxxxxxxxxxxxxxx> - 1.3.1-1 - Update to 1.3.1 -------------------------------------------------------------------------------- ================================================================================ python-django4.2-4.2.22-1.el9 (FEDORA-EPEL-2025-ead5908650) A high-level Python Web framework -------------------------------------------------------------------------------- Update Information: Fixes CVE-2025-32873: Denial-of-service possibility in strip_tags() Fixes CVE-2025-48432: Potential log injection via unescaped request path -------------------------------------------------------------------------------- ChangeLog: * Sun Jun 8 2025 Michel Lind <salimma@xxxxxxxxxxxxxxxxx> - 4.2.22-1 - Update to version 4.2.22 - Fixes CVE-2025-32873: Denial-of-service possibility in strip_tags() - Fixes CVE-2025-48432: Potential log injection via unescaped request path - Revert pyproject conversion; we don't need it and don't have the needed version - Rebase Python 3.13 patch -------------------------------------------------------------------------------- References: [ 1 ] Bug #2365041 - CVE-2025-32873 python-django4.2: Django StripTags Denial of Service [epel-9] https://bugzilla.redhat.com/show_bug.cgi?id=2365041 -------------------------------------------------------------------------------- ================================================================================ xrootd-s3-http-0.4.1-2.el9 (FEDORA-EPEL-2025-359e7a1dd4) S3/HTTP filesystem plugins for XRootD -------------------------------------------------------------------------------- Update Information: xrootd S3 http 0.4.1 -------------------------------------------------------------------------------- ChangeLog: * Sun Jun 8 2025 Mattias Ellert <mattias.ellert@xxxxxxxxxxxxx> - 0.4.1-2 - Fix broken glob filter * Sat Jun 7 2025 Mattias Ellert <mattias.ellert@xxxxxxxxxxxxx> - 0.4.1-1 - Update to version 0.4.1 * Sun Mar 9 2025 Mattias Ellert <mattias.ellert@xxxxxxxxxxxxx> - 0.2.1-2 - Add -DLIB_INSTALL_DIR to cmake command -------------------------------------------------------------------------------- -- _______________________________________________ epel-devel mailing list -- epel-devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to epel-devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/epel-devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
