The following Fedora EPEL 9 Security updates need testing: Age URL 6 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-75d8605b8c stb-0^20241002git31707d1-4.el9 0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-90c1787ffb vaultwarden-1.32.7-2.el9 The following builds have been pushed to Fedora EPEL 9 updates-testing baresip-3.19.0-1.el9 chromium-132.0.6834.83-1.el9 distribution-gpg-keys-1.107-1.el9 ipv6calc-4.2.2-1.el9 k2hash-1.0.97-1.el9 libre-3.19.0-1.el9 minisign-0.12-1.el9 mock-core-configs-42.1-1.el9 pam-u2f-1.3.2-1.el9 rust-libz-ng-sys-1.1.21-1.el9 Details about builds: ================================================================================ baresip-3.19.0-1.el9 (FEDORA-EPEL-2025-e349f6243b) Modular SIP user-agent with audio and video support -------------------------------------------------------------------------------- Update Information: Baresip v3.19.0 (2025-01-15) ua: hide credentials in CREATE event menu: add scode and reason arguments to hangup command ua prevent double call accept bevent: fix encode bevent without display name ua: fix logging copy paste mistake misc: Static code analysis fixes menu/dynamic_menu: add argument to mute command ci,misc: add clang-analyze and fix warnings audio: use au_calc_nsamp() with au_ prefix ci: add selftest to build ci/fedora: synchronize packages with spec file from Fedora 42 copyright: happy new year 2025 debian: replace with CPack DEB generator config: use designated initializers menu/static_menu: fix hangup SEGV cmake: update min requirement and use range video: initialize vidframe properly ci/coverage: use ubuntu-22.04 vidinfo: avoid use of floating numbers in_band_dtmf: avoid floating point in calculation test: call - print info if call bundle test fails libre v3.19.0 (2025-01-15) fmt: fix pl trim methods and add tests sipsess: add sipsess_msg getter function rtp/sess: fix missing srate_tx locking rtcp: use rtcp_rtpfb_gnack_encode() function net/linux: add net_netlink_addrs tcp,udp: set TOS (TCLASS) for IPv6 sockets sys/fs: fix fs_fopen return null check test: remove mock tcp-server (unused) rtp: remove rtcp_psfb_sli_encode() (unused) ci/clang: bump clang-18 and use ubuntu 24.04 net/linux/addrs: fix point-to-point peer address bug ci/coverage: bump min_cov ci/sanitizers: bump clang and ubuntu net/linux/addrs: fix netlink kernel warnings rem: add au_ prefix to calc_nsamp() rem/vidconv: add vidconv_center and x and y source offsets test: add testcode for rem au-module mem: remove peak from memstat debian: replace with CPack DEB Generator copyright: happy new year 2025 test/vidconv: remove static struct test net/linux/addrs: use list instead of fixed array for interface up test: optional IPv6 for tcp/udp tos test cmake: update min requirement and use range rem/vid/frame: fix vidframe init atomic: fix compilation for C++ and Windows-ARM64 test: add test for C++ applications ci: use ubuntu-22.04 were needed cmake: enable compiler warnings for C only -------------------------------------------------------------------------------- ChangeLog: * Thu Jan 16 2025 Robert Scheck <robert@xxxxxxxxxxxxxxxxx> 3.19.0-1 - Upgrade to 3.19.0 (#2338145) -------------------------------------------------------------------------------- References: [ 1 ] Bug #2338145 - baresip-3.19.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2338145 [ 2 ] Bug #2338170 - libre-3.19.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2338170 -------------------------------------------------------------------------------- ================================================================================ chromium-132.0.6834.83-1.el9 (FEDORA-EPEL-2025-a5fa82b9fd) A WebKit (Blink) powered web browser that Google doesn't want you to use -------------------------------------------------------------------------------- Update Information: Update to 132.0.6834.83 * High CVE-2025-0434: Out of bounds memory access in V8 * High CVE-2025-0435: Inappropriate implementation in Navigation * High CVE-2025-0436: Integer overflow in Skia * High CVE-2025-0437: Out of bounds read in Metrics * High CVE-2025-0438: Stack buffer overflow in Tracing * Medium CVE-2025-0439: Race in Frames * Medium CVE-2025-0440: Inappropriate implementation in Fullscreen * Medium CVE-2025-0441: Inappropriate implementation in Fenced * Medium CVE-2025-0442: Inappropriate implementation in Payments * Medium CVE-2025-0443: Insufficient data validation in Extensions * Low CVE-2025-0446: Inappropriate implementation in Extensions * Low CVE-2025-0447: Inappropriate implementation in Navigation * Low CVE-2025-0448: Inappropriate implementation in Compositing -------------------------------------------------------------------------------- ChangeLog: * Wed Jan 15 2025 Than Ngo <than@xxxxxxxxxx> - 132.0.6834.83-1 - Update to 132.0.6834.83 * High CVE-2025-0434: Out of bounds memory access in V8 * High CVE-2025-0435: Inappropriate implementation in Navigation * High CVE-2025-0436: Integer overflow in Skia * High CVE-2025-0437: Out of bounds read in Metrics * High CVE-2025-0438: Stack buffer overflow in Tracing * Medium CVE-2025-0439: Race in Frames * Medium CVE-2025-0440: Inappropriate implementation in Fullscreen * Medium CVE-2025-0441: Inappropriate implementation in Fenced * Medium CVE-2025-0442: Inappropriate implementation in Payments * Medium CVE-2025-0443: Insufficient data validation in Extensions * Low CVE-2025-0446: Inappropriate implementation in Extensions * Low CVE-2025-0447: Inappropriate implementation in Navigation * Low CVE-2025-0448: Inappropriate implementation in Compositing -------------------------------------------------------------------------------- References: [ 1 ] Bug #2336836 - CVE-2025-0291 chromium: Type Confusion in V8 [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2336836 [ 2 ] Bug #2336837 - CVE-2025-0291 chromium: Type Confusion in V8 [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2336837 [ 3 ] Bug #2338180 - CVE-2025-0437 chromium: Out of bounds read in Metrics [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2338180 [ 4 ] Bug #2338181 - CVE-2025-0437 chromium: Out of bounds read in Metrics [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2338181 [ 5 ] Bug #2338200 - CVE-2025-0438 chromium: Stack buffer overflow in Tracing [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2338200 [ 6 ] Bug #2338218 - CVE-2025-0434 chromium: Out of bounds memory access in V8 [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2338218 [ 7 ] Bug #2338230 - CVE-2025-0436 chromium: From CVEorg collector [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2338230 [ 8 ] Bug #2338231 - CVE-2025-0436 chromium: From CVEorg collector [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2338231 -------------------------------------------------------------------------------- ================================================================================ distribution-gpg-keys-1.107-1.el9 (FEDORA-EPEL-2025-6e3e716be9) GPG keys of various Linux distributions -------------------------------------------------------------------------------- Update Information: mock https://rpm-software-management.github.io/mock/Release-Notes-Configs-42.1 distribution-gpg-keys new Fedora 43 key Update Mageia gpg key -------------------------------------------------------------------------------- ChangeLog: * Wed Jan 15 2025 Miroslav Suchý <msuchy@xxxxxxxxxx> 1.107-1 - Add Fedora 44 key - Update Mageia gpg key -------------------------------------------------------------------------------- ================================================================================ ipv6calc-4.2.2-1.el9 (FEDORA-EPEL-2025-9993dabfe7) IPv6 address format change and calculation utility -------------------------------------------------------------------------------- Update Information: include databases/registries/lisp/site-db as no longer reachable for download add additional Perl requirements Final release 4.2.2 -------------------------------------------------------------------------------- ChangeLog: * Tue Jan 14 2025 Peter Bieringer <pb@xxxxxxxxxxxx> - 4.2.2-1 - include databases/registries/lisp/site-db as no longer reachable for download - add additional Perl requirements -------------------------------------------------------------------------------- References: [ 1 ] Bug #2338122 - ipv6calc-4.2.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=2338122 -------------------------------------------------------------------------------- ================================================================================ k2hash-1.0.97-1.el9 (FEDORA-EPEL-2025-7ad2ab54a3) NoSQL Key Value Store(KVS) tools and library -------------------------------------------------------------------------------- Update Information: Initial import (fedora#2330726). -------------------------------------------------------------------------------- ChangeLog: * Fri Dec 20 2024 Hirotaka Wakabayashi <hiwkby@xxxxxxxxx> - 1.0.97-1 - Initial import (fedora#2330726). -------------------------------------------------------------------------------- References: [ 1 ] Bug #2330726 - Review Request: k2hash - NoSQL Key Value Store(KVS) tools and library https://bugzilla.redhat.com/show_bug.cgi?id=2330726 -------------------------------------------------------------------------------- ================================================================================ libre-3.19.0-1.el9 (FEDORA-EPEL-2025-e349f6243b) Generic library for real-time communications -------------------------------------------------------------------------------- Update Information: Baresip v3.19.0 (2025-01-15) ua: hide credentials in CREATE event menu: add scode and reason arguments to hangup command ua prevent double call accept bevent: fix encode bevent without display name ua: fix logging copy paste mistake misc: Static code analysis fixes menu/dynamic_menu: add argument to mute command ci,misc: add clang-analyze and fix warnings audio: use au_calc_nsamp() with au_ prefix ci: add selftest to build ci/fedora: synchronize packages with spec file from Fedora 42 copyright: happy new year 2025 debian: replace with CPack DEB generator config: use designated initializers menu/static_menu: fix hangup SEGV cmake: update min requirement and use range video: initialize vidframe properly ci/coverage: use ubuntu-22.04 vidinfo: avoid use of floating numbers in_band_dtmf: avoid floating point in calculation test: call - print info if call bundle test fails libre v3.19.0 (2025-01-15) fmt: fix pl trim methods and add tests sipsess: add sipsess_msg getter function rtp/sess: fix missing srate_tx locking rtcp: use rtcp_rtpfb_gnack_encode() function net/linux: add net_netlink_addrs tcp,udp: set TOS (TCLASS) for IPv6 sockets sys/fs: fix fs_fopen return null check test: remove mock tcp-server (unused) rtp: remove rtcp_psfb_sli_encode() (unused) ci/clang: bump clang-18 and use ubuntu 24.04 net/linux/addrs: fix point-to-point peer address bug ci/coverage: bump min_cov ci/sanitizers: bump clang and ubuntu net/linux/addrs: fix netlink kernel warnings rem: add au_ prefix to calc_nsamp() rem/vidconv: add vidconv_center and x and y source offsets test: add testcode for rem au-module mem: remove peak from memstat debian: replace with CPack DEB Generator copyright: happy new year 2025 test/vidconv: remove static struct test net/linux/addrs: use list instead of fixed array for interface up test: optional IPv6 for tcp/udp tos test cmake: update min requirement and use range rem/vid/frame: fix vidframe init atomic: fix compilation for C++ and Windows-ARM64 test: add test for C++ applications ci: use ubuntu-22.04 were needed cmake: enable compiler warnings for C only -------------------------------------------------------------------------------- ChangeLog: * Thu Jan 16 2025 Robert Scheck <robert@xxxxxxxxxxxxxxxxx> 3.19.0-1 - Upgrade to 3.19.0 (#2338170) -------------------------------------------------------------------------------- References: [ 1 ] Bug #2338145 - baresip-3.19.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2338145 [ 2 ] Bug #2338170 - libre-3.19.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2338170 -------------------------------------------------------------------------------- ================================================================================ minisign-0.12-1.el9 (FEDORA-EPEL-2025-e00659d555) A dead simple tool to sign files and verify digital signatures -------------------------------------------------------------------------------- Update Information: update to 0.12 -------------------------------------------------------------------------------- ChangeLog: * Thu Jan 16 2025 François Kooman <fkooman@xxxxxxxxx> - 0.12-1 - update to 0.12 * Thu Jul 18 2024 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 0.11-8 - Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild * Thu Jan 25 2024 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 0.11-7 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild * Sun Jan 21 2024 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 0.11-6 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild * Thu Oct 5 2023 Remi Collet <remi@xxxxxxxxxxxx> - 0.11-5 - rebuild for new libsodium * Thu Jul 20 2023 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 0.11-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild * Thu Jan 19 2023 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 0.11-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #2338382 - minisign-0.12 is available https://bugzilla.redhat.com/show_bug.cgi?id=2338382 -------------------------------------------------------------------------------- ================================================================================ mock-core-configs-42.1-1.el9 (FEDORA-EPEL-2025-6e3e716be9) Mock core config files basic chroots -------------------------------------------------------------------------------- Update Information: mock https://rpm-software-management.github.io/mock/Release-Notes-Configs-42.1 distribution-gpg-keys new Fedora 43 key Update Mageia gpg key -------------------------------------------------------------------------------- ChangeLog: * Thu Jan 16 2025 Pavel Raiskup <praiskup@xxxxxxxxxx> 42.1-1 - branch fedora-42 configs, move rawhide to releasever=43 -------------------------------------------------------------------------------- ================================================================================ pam-u2f-1.3.2-1.el9 (FEDORA-EPEL-2025-e177aa0ddf) Implements PAM authentication over U2F -------------------------------------------------------------------------------- Update Information: pam-u2f 1.3.1 includes a fix to resolve CVE-2025-23013 (Partial Authentication Bypass). CVSS score 7.3. 1.3.2 is a fix for a regression that could impact existing use cases. -------------------------------------------------------------------------------- ChangeLog: * Thu Jan 16 2025 Gary Buhrmaster <gary.buhrmaster@xxxxxxxxx> - 1.3.2-1 - Update to 1.3.2 - resolves rhbz#2338418 1.3.2 fixes a potentially breaking issue with tightened authfile checking with 1.3.1 * Tue Jan 14 2025 Gary Buhrmaster <gary.buhrmaster@xxxxxxxxx> - 1.3.1-1 - Update to 1.3.1 - resolves rhbz#2337634 * Thu Jul 18 2024 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 1.3.0-6 - Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild * Thu Jan 25 2024 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 1.3.0-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild * Sun Jan 21 2024 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 1.3.0-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild * Mon Oct 30 2023 Gary Buhrmaster <gary.buhrmaster@xxxxxxxxx> - 1.3.0-3 - Perform deglobing of files per packaging guidelines * Thu Jul 20 2023 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 1.3.0-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #2338113 - CVE-2025-23013 pam-u2f: Partial Authentication Bypass in pam-u2f Software Package [epel-9] https://bugzilla.redhat.com/show_bug.cgi?id=2338113 -------------------------------------------------------------------------------- ================================================================================ rust-libz-ng-sys-1.1.21-1.el9 (FEDORA-EPEL-2025-823fdc8ce3) Low-level bindings to zlib-ng -------------------------------------------------------------------------------- Update Information: Update to 1.1.21 (no significant changes since we use the system zlib-ng) -------------------------------------------------------------------------------- ChangeLog: * Thu Jan 16 2025 Benjamin A. Beasley <code@xxxxxxxxxxxxxxxxxx> - 1.1.21-1 - Update to 1.1.21 (close RHBZ#2336137) -------------------------------------------------------------------------------- References: [ 1 ] Bug #2336137 - rust-libz-ng-sys-1.1.21 is available https://bugzilla.redhat.com/show_bug.cgi?id=2336137 --------------------------------------------------------------------------------
-- _______________________________________________ epel-devel mailing list -- epel-devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to epel-devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/epel-devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
