The following Fedora EPEL 9 Security updates need testing: Age URL 5 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-75d8605b8c stb-0^20241002git31707d1-4.el9 The following builds have been pushed to Fedora EPEL 9 updates-testing distribution-gpg-keys-1.107-1.el9 kiwi-stackbuild-plugin-1.0.10-1.el9 lest-1.35.2-2.el9 opendbx-1.4.6-38.el9 optional-lite-3.6.0-2.el9 pam-u2f-1.3.1-1.el9 root-6.34.02-3.el9 vaultwarden-1.32.7-2.el9 Details about builds: ================================================================================ distribution-gpg-keys-1.107-1.el9 (FEDORA-EPEL-2025-6e3e716be9) GPG keys of various Linux distributions -------------------------------------------------------------------------------- Update Information: Automatic update for distribution-gpg-keys-1.107-1.el9. Changelog for distribution-gpg-keys * Wed Jan 15 2025 Miroslav Suchý <msuchy@xxxxxxxxxx> 1.107-1 - Add Fedora 44 key - Update Mageia gpg key -------------------------------------------------------------------------------- ChangeLog: * Wed Jan 15 2025 Miroslav Suchý <msuchy@xxxxxxxxxx> 1.107-1 - Add Fedora 44 key - Update Mageia gpg key -------------------------------------------------------------------------------- ================================================================================ kiwi-stackbuild-plugin-1.0.10-1.el9 (FEDORA-EPEL-2025-acca7b8f9f) KIWI - Stack Build Plugin -------------------------------------------------------------------------------- Update Information: Initial package -------------------------------------------------------------------------------- ChangeLog: * Fri Nov 15 2024 Neal Gompa <ngompa@xxxxxxxxxxxxxxxxx> - 1.0.10-1 - Initial package -------------------------------------------------------------------------------- References: [ 1 ] Bug #2326479 - Review Request: kiwi-stackbuild-plugin - KIWI - Stack Build Plugin https://bugzilla.redhat.com/show_bug.cgi?id=2326479 -------------------------------------------------------------------------------- ================================================================================ lest-1.35.2-2.el9 (FEDORA-EPEL-2025-7b4cacd42e) Tiny C++11 test framework -------------------------------------------------------------------------------- Update Information: Initial package for lest and optional-lite. -------------------------------------------------------------------------------- ChangeLog: * Wed Jan 8 2025 Benjamin A. Beasley <code@xxxxxxxxxxxxxxxxxx> - 1.35.2-2 - Backport to EPEL8/9 (no %conf section support) * Wed Jan 8 2025 Benjamin A. Beasley <code@xxxxxxxxxxxxxxxxxx> - 1.35.2-1 - Initial package (close RHBZ#2335942) -------------------------------------------------------------------------------- References: [ 1 ] Bug #2335942 - Review Request: lest - Tiny C++11 test framework https://bugzilla.redhat.com/show_bug.cgi?id=2335942 [ 2 ] Bug #2336142 - Review Request: optional-lite - Represent optional (nullable) objects and pass them by value https://bugzilla.redhat.com/show_bug.cgi?id=2336142 -------------------------------------------------------------------------------- ================================================================================ opendbx-1.4.6-38.el9 (FEDORA-EPEL-2025-3ec8e745e6) Lightweight but extensible database access library written in C -------------------------------------------------------------------------------- Update Information: Fix FTBFS -------------------------------------------------------------------------------- ChangeLog: * Wed Jan 15 2025 Jonathan Wright <jonathan@xxxxxxxxxxxxx> - 1.4.6-38 - Fix FTBFS - Modernize spec * Thu Jul 18 2024 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 1.4.6-37 - Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild * Thu Jan 25 2024 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 1.4.6-36 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild * Sun Jan 21 2024 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 1.4.6-35 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild * Thu Jul 20 2023 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 1.4.6-34 - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild * Tue Feb 21 2023 Florian Weimer <fweimer@xxxxxxxxxx> - 1.4.6-33 - Port to C99 - Run autoreconf during build, due to configure.ac change. * Thu Jan 19 2023 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 1.4.6-32 - Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #2261420 - opendbx: FTBFS in Fedora rawhide/f40 https://bugzilla.redhat.com/show_bug.cgi?id=2261420 [ 2 ] Bug #2301010 - opendbx: FTBFS in Fedora rawhide/f41 https://bugzilla.redhat.com/show_bug.cgi?id=2301010 -------------------------------------------------------------------------------- ================================================================================ optional-lite-3.6.0-2.el9 (FEDORA-EPEL-2025-7b4cacd42e) Represent optional (nullable) objects and pass them by value -------------------------------------------------------------------------------- Update Information: Initial package for lest and optional-lite. -------------------------------------------------------------------------------- ChangeLog: * Wed Jan 15 2025 Benjamin A. Beasley <code@xxxxxxxxxxxxxxxxxx> - 3.6.0-2 - Backport to EPEL8/9 * Tue Jan 14 2025 Benjamin A. Beasley <code@xxxxxxxxxxxxxxxxxx> - 3.6.0-1 - Initial package (close RHBZ#2336142) -------------------------------------------------------------------------------- References: [ 1 ] Bug #2335942 - Review Request: lest - Tiny C++11 test framework https://bugzilla.redhat.com/show_bug.cgi?id=2335942 [ 2 ] Bug #2336142 - Review Request: optional-lite - Represent optional (nullable) objects and pass them by value https://bugzilla.redhat.com/show_bug.cgi?id=2336142 -------------------------------------------------------------------------------- ================================================================================ pam-u2f-1.3.1-1.el9 (FEDORA-EPEL-2025-b1223174a4) Implements PAM authentication over U2F -------------------------------------------------------------------------------- Update Information: pam-u2f fix to resolve CVE-2025-23013 (Partial Authentication Bypass). CVSS score 7.3 -------------------------------------------------------------------------------- ChangeLog: * Tue Jan 14 2025 Gary Buhrmaster <gary.buhrmaster@xxxxxxxxx> - 1.3.1-1 - Update to 1.3.1 - resolves rhbz#2337634 * Thu Jul 18 2024 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 1.3.0-6 - Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild * Thu Jan 25 2024 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 1.3.0-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild * Sun Jan 21 2024 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 1.3.0-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild * Mon Oct 30 2023 Gary Buhrmaster <gary.buhrmaster@xxxxxxxxx> - 1.3.0-3 - Perform deglobing of files per packaging guidelines * Thu Jul 20 2023 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 1.3.0-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #2338113 - CVE-2025-23013 pam-u2f: Partial Authentication Bypass in pam-u2f Software Package [epel-9] https://bugzilla.redhat.com/show_bug.cgi?id=2338113 -------------------------------------------------------------------------------- ================================================================================ root-6.34.02-3.el9 (FEDORA-EPEL-2025-aa5db6866a) Numerical data analysis framework -------------------------------------------------------------------------------- Update Information: Minor fixes. -------------------------------------------------------------------------------- ChangeLog: * Wed Jan 15 2025 Mattias Ellert <mattias.ellert@xxxxxxxxxxxxx> - 6.34.02-3 - Don't add dependencies on root-roofit-multiprocess and root-roofit-zmq to root-roofit-core for EPEL builds * Sun Jan 12 2025 Mattias Ellert <mattias.ellert@xxxxxxxxxxxxx> - 6.34.02-2 - Adjust stressGraphics.ref - Build for EPEL 10 - Disable the R interface for EPEL 10 (R not yet abailable) - Enable uring support for EPEL 9 (supported in kernel since RHEL 9.3) -------------------------------------------------------------------------------- ================================================================================ vaultwarden-1.32.7-2.el9 (FEDORA-EPEL-2025-90c1787ffb) Unofficial Bitwarden compatible server -------------------------------------------------------------------------------- Update Information: Update to 1.32.7 Fix CVE-2024-56335 Fix CVE-2024-55226 Fix CVE-2024-55225 Fix CVE-2024-55224 -------------------------------------------------------------------------------- ChangeLog: * Wed Jan 15 2025 Jonathan Wright <jonathan@xxxxxxxxxxxxx> - 1.32.7-2 - fix build on el9 with rust 1.79 * Fri Jan 3 2025 Jonathan Wright <jonathan@xxxxxxxxxxxxx> - 1.32.7-1 - update to 1.32.7 rhbz#2322181 - Fix CVE-2024-56335 * Tue Oct 22 2024 Jonathan Wright <jonathan@xxxxxxxxxxxxx> - 1.32.2-1 - update to 1.32.2 rhbz#2316657 * Sun Aug 11 2024 Jonathan Wright <jonathan@xxxxxxxxxxxxx> - 1.32.0-1 - update to 1.32.0 rhbz#2304045 Resolves CVE-2024-39924 Resolves CVE-2024-39925 Resolves CVE-2024-39926 * Fri Aug 2 2024 Jonathan Wright <jonathan@xxxxxxxxxxxxx> - 1.31.0-2 - Exclude s390x and ppc64le * Fri Jul 19 2024 Jonathan Wright <jonathan@xxxxxxxxxxxxx> - 1.31.0-1 - update to 1.31.0 rhbz#2297149 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2333595 - CVE-2024-56335 vaultwarden: Privilege escalation allows organization groups to be updated/deleted if their UUID is known in vaultwarden [epel-9] https://bugzilla.redhat.com/show_bug.cgi?id=2333595 [ 2 ] Bug #2336825 - CVE-2024-55226 vaultwarden: uthenticated reflected XSS vulnerability [epel-9] https://bugzilla.redhat.com/show_bug.cgi?id=2336825 [ 3 ] Bug #2336829 - CVE-2024-55225 vaultwarden: user spoofing via crafted authorization request [epel-9] https://bugzilla.redhat.com/show_bug.cgi?id=2336829 [ 4 ] Bug #2336833 - CVE-2024-55224 vaultwarden: arbitrary code execution via injecting a crafted payload into the username field of an e-mail message [epel-9] https://bugzilla.redhat.com/show_bug.cgi?id=2336833 --------------------------------------------------------------------------------
-- _______________________________________________ epel-devel mailing list -- epel-devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to epel-devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/epel-devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
