The following Fedora EPEL 10.1 Security updates need testing: Age URL 5 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-864aaee34a podman-tui-1.4.0-1.el10_1 The following builds have been pushed to Fedora EPEL 10.1 updates-testing cabextract-1.11-7.el10_1 chromium-134.0.6998.35-1.el10_1 gsi-openssh-9.9p1-2.el10_1 pdftk-java-3.3.3-8.el10_1 perl-LockFile-Simple-0.208-33.el10_1 python-tox-current-env-0.0.15-1.el10_1 rust-cargo_metadata-0.19.2-1.el10_1 rust-dissimilar-1.0.10-1.el10_1 Details about builds: ================================================================================ cabextract-1.11-7.el10_1 (FEDORA-EPEL-2025-366c2fdd19) Utility for extracting cabinet (.cab) archives -------------------------------------------------------------------------------- Update Information: cabextract is a program which can extract files from cabinet (.cab) archives. -------------------------------------------------------------------------------- ChangeLog: * Thu Jan 16 2025 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 1.11-7 - Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild * Thu Jul 25 2024 Miroslav Suchý <msuchy@xxxxxxxxxx> - 1.11-6 - convert license to SPDX * Wed Jul 17 2024 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 1.11-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild * Tue Jan 23 2024 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 1.11-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild * Fri Jan 19 2024 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 1.11-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild * Thu Jan 18 2024 Stewart Smith <trawets@xxxxxxxxxx> - 1.11-2 - Run upstream test suite during build * Fri Jun 9 2023 Michal Srb <michal@xxxxxxxxxx> - 1.11-1 - Update to 1.11 (#2167193) * Wed Jan 18 2023 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 1.9.1-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ chromium-134.0.6998.35-1.el10_1 (FEDORA-EPEL-2025-2ac21d5aa2) A WebKit (Blink) powered web browser that Google doesn't want you to use -------------------------------------------------------------------------------- Update Information: Update to 134.0.6998.35 * CVE-2025-1914: Out of bounds read in V8 * CVE-2025-1915: Improper Limitation of a Pathname to a Restricted Directory in DevTools * CVE-2025-1916: Use after free in Profiles * CVE-2025-1917: Inappropriate Implementation in Browser UI * CVE-2025-1918: Out of bounds read in PDFium * CVE-2025-1919: Out of bounds read in Media * CVE-2025-1921: Inappropriate Implementation in Media Stream * CVE-2025-1922: Inappropriate Implementation in Selection * CVE-2025-1923: Inappropriate Implementation in Permission Prompts -------------------------------------------------------------------------------- ChangeLog: * Wed Mar 5 2025 Than Ngo <than@xxxxxxxxxx> - 134.0.6998.35 -1 - Update to 134.0.6998.35 * CVE-2025-1914: Out of bounds read in V8 * CVE-2025-1915: Improper Limitation of a Pathname to a Restricted Directory in DevTools * CVE-2025-1916: Use after free in Profiles * CVE-2025-1917: Inappropriate Implementation in Browser UI * CVE-2025-1918: Out of bounds read in PDFium * CVE-2025-1919: Out of bounds read in Media * CVE-2025-1921: Inappropriate Implementation in Media Stream * CVE-2025-1922: Inappropriate Implementation in Selection * CVE-2025-1923: Inappropriate Implementation in Permission Prompts * Wed Feb 26 2025 Than Ngo <than@xxxxxxxxxx> - 133.0.6943.141-1 - Update to 133.0.6943.141 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2349973 - CVE-2025-1914 chromium: From CVEorg collector [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2349973 [ 2 ] Bug #2349974 - CVE-2025-1914 chromium: From CVEorg collector [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2349974 [ 3 ] Bug #2350032 - CVE-2025-1921 chromium: Inappropriate implementation in Media Stream [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2350032 [ 4 ] Bug #2350033 - CVE-2025-1921 chromium: Inappropriate implementation in Media Stream [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2350033 [ 5 ] Bug #2350034 - CVE-2025-1918 chromium: Out of bounds read in PDFium [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2350034 [ 6 ] Bug #2350035 - CVE-2025-1918 chromium: Out of bounds read in PDFium [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2350035 [ 7 ] Bug #2350036 - CVE-2025-1923 chromium: Inappropriate implementation in Permission Prompts [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2350036 [ 8 ] Bug #2350037 - CVE-2025-1916 chromium: Use after free in Profiles [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2350037 [ 9 ] Bug #2350038 - CVE-2025-1923 chromium: Inappropriate implementation in Permission Prompts [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2350038 [ 10 ] Bug #2350039 - CVE-2025-1916 chromium: Use after free in Profiles [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2350039 [ 11 ] Bug #2350040 - CVE-2025-1915 chromium: Improper Limitation of a Pathname [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2350040 [ 12 ] Bug #2350041 - CVE-2025-1919 chromium: Out of bounds read in Media [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2350041 [ 13 ] Bug #2350042 - CVE-2025-1915 chromium: Improper Limitation of a Pathname [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2350042 [ 14 ] Bug #2350043 - CVE-2025-1919 chromium: Out of bounds read in Media [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2350043 -------------------------------------------------------------------------------- ================================================================================ gsi-openssh-9.9p1-2.el10_1 (FEDORA-EPEL-2025-fdeb2a1c91) An implementation of the SSH protocol with GSI authentication -------------------------------------------------------------------------------- Update Information: gsissh for EPEL 10. -------------------------------------------------------------------------------- ChangeLog: * Wed Mar 5 2025 Mattias Ellert <mattias.ellert@xxxxxxxxxxxxx> - 9.9p1-2 - Based on openssh-9.9p1-5.el10.1 * Mon Jan 20 2025 Mattias Ellert <mattias.ellert@xxxxxxxxxxxxx> - 9.9p1-1 - Based on openssh-9.9p1-5.fc42 / openssh-9.9p1-1.fc41 * Fri Jan 17 2025 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 9.8p1-2.1 - Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild * Wed Oct 2 2024 Mattias Ellert <mattias.ellert@xxxxxxxxxxxxx> - 9.8p1-2 - Based on openssh-9.8p1-4.fc42 * Fri Sep 27 2024 Mattias Ellert <mattias.ellert@xxxxxxxxxxxxx> - 9.8p1-1 - Based on openssh-9.8p1-3.fc41.1 * Thu Jul 18 2024 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 9.6p1-3.1 - Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild * Fri Jul 12 2024 Mattias Ellert <mattias.ellert@xxxxxxxxxxxxx> - 9.6p1-3 - Add scp and hpnscp symlinks in gsisshd's path * Sat Jul 6 2024 Mattias Ellert <mattias.ellert@xxxxxxxxxxxxx> - 9.6p1-2 - Based on openssh-9.6p1-1.fc41.13 * Sat Jul 6 2024 Mattias Ellert <mattias.ellert@xxxxxxxxxxxxx> - 9.6p1-1 - Based on openssh-9.6p1-1.fc40.4 * Wed Jan 24 2024 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 9.3p1-7.1 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild * Sat Jan 20 2024 Mattias Ellert <mattias.ellert@xxxxxxxxxxxxx> - 9.3p1-7 - Based on openssh-9.3p1-13.fc40.1 * Sat Jan 20 2024 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 9.3p1-6.1 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild * Tue Oct 24 2023 Mattias Ellert <mattias.ellert@xxxxxxxxxxxxx> - 9.3p1-6 - Based on openssh-9.3p1-13.fc40 - Drop patch openssh-8.0p1-sshbuf-readonly.patch (now included in openssh-8.0p1-gssapi-keyex.patch) * Tue Oct 17 2023 Mattias Ellert <mattias.ellert@xxxxxxxxxxxxx> - 9.3p1-5 - Based on openssh-9.3p1-12.fc40 * Tue Oct 17 2023 Mattias Ellert <mattias.ellert@xxxxxxxxxxxxx> - 9.3p1-4 - Based on openssh-9.3p1-9.fc39 * Fri Aug 11 2023 Mattias Ellert <mattias.ellert@xxxxxxxxxxxxx> - 9.3p1-3 - Based on openssh-9.3p1-8.fc39 * Sun Jul 23 2023 Mattias Ellert <mattias.ellert@xxxxxxxxxxxxx> - 9.3p1-2 - Based on openssh-9.3p1-5.fc39.1 * Wed Jul 19 2023 Mattias Ellert <mattias.ellert@xxxxxxxxxxxxx> - 9.3p1-1 - Based on openssh-9.3p1-3.fc39 - Fix keyex patch * Sun Apr 16 2023 Mattias Ellert <mattias.ellert@xxxxxxxxxxxxx> - 9.0p1-6 - Based on openssh-9.0p1-17.fc39 * Wed Apr 12 2023 Florian Weimer <fweimer@xxxxxxxxxx> - 9.0p1-5.1 - C99 compatiblity fixes * Sat Mar 11 2023 Mattias Ellert <mattias.ellert@xxxxxxxxxxxxx> - 9.0p1-5 - Based on openssh-9.0p1-12.fc38 -------------------------------------------------------------------------------- ================================================================================ pdftk-java-3.3.3-8.el10_1 (FEDORA-EPEL-2025-ef4175a6ca) GCJ-free toolkit for manipulating PDF documents -------------------------------------------------------------------------------- Update Information: If PDF is electronic paper, then pdftk-java is an electronic staple-remover, hole-punch, binder, secret-decoder-ring, and X-Ray-glasses. PDFtk is a simple tool for doing everyday things with PDF documents: Merge PDF documents, split PDF pages into a new document, decrypt input as necessary (password required), encrypt output as desired, burst a PDF document into single pages, report on PDF metrics, including metadata and bookmarks, uncompress and re-compress page streams, and repair corrupted PDF (where possible). Pdftk-java is a port of the original GCJ-based PDFtk to Java. The GNU Compiler for Java (GCJ) is a portable, optimizing, ahead-of-time compiler for the Java programming language, which had no new developments since 2009 and was finally removed in 2016 from the GCC development tree before the release of GCC 7. -------------------------------------------------------------------------------- ChangeLog: * Fri Jan 17 2025 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 3.3.3-8 - Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild * Thu Jul 18 2024 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 3.3.3-7 - Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild * Tue Feb 27 2024 Jiri Vanek <jvanek@xxxxxxxxxx> - 3.3.3-6 - Rebuilt for java-21-openjdk as system jdk * Thu Jan 25 2024 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 3.3.3-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild * Sun Jan 21 2024 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 3.3.3-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild * Thu Jul 20 2023 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 3.3.3-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild * Thu Jan 19 2023 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 3.3.3-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ perl-LockFile-Simple-0.208-33.el10_1 (FEDORA-EPEL-2025-697e2ef66f) Simple file locking scheme -------------------------------------------------------------------------------- Update Information: This is the first EPEL-10 build of perl-Lockfile-Simple -------------------------------------------------------------------------------- ChangeLog: * Thu Mar 6 2025 Paul Howarth <paul@xxxxxxxxxxxx> - 0.208-33 - Use %{make_build} and %{make_install} * Sat Jan 18 2025 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 0.208-32 - Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild * Fri Jul 19 2024 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 0.208-31 - Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild * Thu Jan 25 2024 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 0.208-30 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild * Sun Jan 21 2024 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 0.208-29 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild * Thu Jul 20 2023 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 0.208-28 - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #2344464 - Please provide EPEL10 package https://bugzilla.redhat.com/show_bug.cgi?id=2344464 -------------------------------------------------------------------------------- ================================================================================ python-tox-current-env-0.0.15-1.el10_1 (FEDORA-EPEL-2025-fe0a20dcef) Tox plugin to run tests in current Python environment -------------------------------------------------------------------------------- Update Information: Fix undesired intereference with other tox plugins, such as tox-uv. -------------------------------------------------------------------------------- ChangeLog: * Wed Mar 5 2025 Packit <hello@xxxxxxxxxx> - 0.0.15-1 - Update to 0.0.15 upstream release - Resolves: rhbz#2349945 * Sat Jan 18 2025 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 0.0.14-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild * Tue Oct 29 2024 Miro HronÄ?ok <miro@xxxxxxxxxx> - 0.0.14-1 - Update to 0.0.14 - Introduces --print-dependency-groups-to (PEP 735) -------------------------------------------------------------------------------- ================================================================================ rust-cargo_metadata-0.19.2-1.el10_1 (FEDORA-EPEL-2025-060b94734b) Structured access to the output of cargo metadata -------------------------------------------------------------------------------- Update Information: Update to version 0.19.2. -------------------------------------------------------------------------------- ChangeLog: * Wed Mar 5 2025 Fabio Valentini <decathorpe@xxxxxxxxx> - 0.19.2-1 - Update to version 0.19.2; Fixes RHBZ#2349269 -------------------------------------------------------------------------------- ================================================================================ rust-dissimilar-1.0.10-1.el10_1 (FEDORA-EPEL-2025-59183615a2) Diff library with semantic cleanup, based on Google's diff-match-patch -------------------------------------------------------------------------------- Update Information: Update to version 1.0.10. -------------------------------------------------------------------------------- ChangeLog: * Wed Mar 5 2025 Fabio Valentini <decathorpe@xxxxxxxxx> - 1.0.10-1 - Update to version 1.0.10; Fixes RHBZ#2349686 * Sun Jan 19 2025 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 1.0.9-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild --------------------------------------------------------------------------------
-- _______________________________________________ epel-devel mailing list -- epel-devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to epel-devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/epel-devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
