The following Fedora EPEL 9 Security updates need testing: Age URL 6 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-938ea797ca checkpointctl-1.4.0-2.el9 5 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-0c4d46b03e civetweb-1.16-9.el9 4 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-4eaf593998 chromium-140.0.7339.80-1.el9 3 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-e35c40aadd linenoise-1.0-3.20200312git97d2850.el9 3 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-305ac41026 libopenmpt-0.8.3-1.el9 The following builds have been pushed to Fedora EPEL 9 updates-testing lemonldap-ng-2.21.3-1.el9 perl-Cpanel-JSON-XS-4.40-1.el9 ruby-build-20250908-1.el9 rust-blazesym-0.2.0~rc.0-4.el9 voms-api-java-3.3.6-2.el9 Details about builds: ================================================================================ lemonldap-ng-2.21.3-1.el9 (FEDORA-EPEL-2025-b73f867b3a) Web Single Sign On (SSO) and Access Management -------------------------------------------------------------------------------- Update Information: See https://projects.ow2.org/view/lemonldap-ng/lemonldap-ng-2-21-3-is-out/ -------------------------------------------------------------------------------- ChangeLog: * Fri Sep 5 2025 Clement Oudot <clem.oudot@xxxxxxxxx> - 2.21.3-1 - Update to 2.21.3 * Thu Jul 24 2025 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 2.21.2-1.1 - Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ perl-Cpanel-JSON-XS-4.40-1.el9 (FEDORA-EPEL-2025-73b3fd3fe3) JSON::XS for Cpanel, fast and correct serializing -------------------------------------------------------------------------------- Update Information: This update is the latest upstream release of the Cpanel::JSON::XS module, bringing many bug fixes and enhancements since the original EPEL package release. Amongst the bug fixes is one to fix an integer overflow issue that could be triggered by a specially-crafted JSON input, which could lead to a crash in the program parsing the JSON (CVE-2025-40929). -------------------------------------------------------------------------------- ChangeLog: * Tue Sep 9 2025 Paul Howarth <paul@xxxxxxxxxxxx> - 4.40-1 - Update to 4.40 - Fix overflow with overlong numbers, fuzzing only (CVE-2025-40929) - Detect more malformed numbers, with two decimal points - Pin Github actions to latest @v via pinact run -u * Fri Jul 25 2025 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 4.39-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild * Tue Jul 8 2025 Jitka Plesnikova <jplesnik@xxxxxxxxxx> - 4.39-4 - Perl 5.42 re-rebuild of bootstrapped packages * Mon Jul 7 2025 Jitka Plesnikova <jplesnik@xxxxxxxxxx> - 4.39-3 - Perl 5.42 rebuild * Sat Jan 18 2025 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 4.39-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild * Fri Dec 13 2024 Paul Howarth <paul@xxxxxxxxxxxx> - 4.39-1 - Update to 4.39 - Fix Windows -Dusequadmath (GH#229, GH#235) - Fix inconsistent behavior between decoding escaped and unescaped surrogates, and escaped non-characters vs. non-escaped non-characters; now aligned to JSON::PP (GH#227, GH#233) - Add type_all_string tests (GH#236) - Silence UV to char cast warnings (GH#232) - Fix MSVC preprocessor errors (GH#232) - Fix -Wformat warnings on Windows (GH#228) - Clarify BigInt decoding (GH#226) - Drop EL-7 support - Use %{make_build} and %{make_install} * Thu Jul 18 2024 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 4.38-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild * Wed Jun 12 2024 Jitka Plesnikova <jplesnik@xxxxxxxxxx> - 4.38-3 - Perl 5.40 re-rebuild of bootstrapped packages * Tue Jun 11 2024 Jitka Plesnikova <jplesnik@xxxxxxxxxx> - 4.38-2 - Perl 5.40 rebuild * Tue May 28 2024 Paul Howarth <paul@xxxxxxxxxxxx> - 4.38-1 - Update to 4.38 - Encode real core booleans as boolean notation (GH#224) - Minor test fixes - Fix docs typo (GH#225) * Thu Jan 25 2024 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 4.37-6 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild * Sun Jan 21 2024 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 4.37-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #2393915 - CVE-2025-40929 perl-Cpanel-JSON-XS: integer buffer overflow causing a segfault when parsing crafted JSON [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2393915 -------------------------------------------------------------------------------- ================================================================================ ruby-build-20250908-1.el9 (FEDORA-EPEL-2025-962a215b7e) Compile and install Ruby -------------------------------------------------------------------------------- Update Information: Update to 20250908 -------------------------------------------------------------------------------- ChangeLog: * Mon Sep 8 2025 Packit <hello@xxxxxxxxxx> - 20250908-1 - Update to 20250908 upstream release - Resolves: rhbz#2393922 -------------------------------------------------------------------------------- ================================================================================ rust-blazesym-0.2.0~rc.0-4.el9 (FEDORA-EPEL-2025-d4638b8340) Library for address symbolization and related tasks -------------------------------------------------------------------------------- Update Information: Bump miniz_oxide dependency from 0.7 to 0.8 to avoid pulling in obsolete and unmaintained dependencies. -------------------------------------------------------------------------------- ChangeLog: * Sun Sep 7 2025 Fabio Valentini <decathorpe@xxxxxxxxx> - 0.2.0~rc.0-4 - Bump miniz_oxide dependency from 0.7 to 0.8 * Fri Jul 25 2025 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 0.2.0~rc.0-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild * Sun Jan 19 2025 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 0.2.0~rc.0-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ voms-api-java-3.3.6-2.el9 (FEDORA-EPEL-2025-e8b652c45e) Virtual Organization Membership Service Java API -------------------------------------------------------------------------------- Update Information: Enable tests in package build. -------------------------------------------------------------------------------- ChangeLog: * Mon Sep 8 2025 Mattias Ellert <mattias.ellert@xxxxxxxxxxxxx> - 3.3.6-2 - Include upstream's scripts for generating test certificates - Enable tests again -------------------------------------------------------------------------------- -- _______________________________________________ epel-devel mailing list -- epel-devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to epel-devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/epel-devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
