epel-devel June 2026

epel-devel@lists.fedoraproject.org

8 participants
51 discussions

Fedora EPEL 8 updates-testing report
by updates＠fedoraproject.org 12 Jun '26

12 Jun '26

The following Fedora EPEL 8 Security updates need testing: Age URL 204 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-5b2095e2c2 xpdf-4.06-1.el8 6 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-6821fe2971 apptainer-1.5.1-1.el8 2 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-ad8e45665d openslide-3.4.1-20.el8 1 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-fb9a9ab1e9 ImageMagick-6.9.13.49-1.el8 1 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-80fc55f890 bird-3.3.1-1.el8 1 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-fe2027915d perl-GD-2.86-1.el8 1 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-57ae132e32 singularity-ce-4.4.2-1.el8 The following builds have been pushed to Fedora EPEL 8 updates-testing atril-1.26.4-1.el8 coturn-4.12.0-2.el8 mock-core-configs-44.3-1.el8 perl-Config-IniFiles-3.001000-1.el8 Details about builds: ================================================================================ atril-1.26.4-1.el8 (FEDORA-EPEL-2026-c0bb6674c7) Document viewer -------------------------------------------------------------------------------- Update Information: atril 1.26.4 epub: use g_strndup for parsing document path epub: validate epub content before parsing atril 1.26.3 epub: Avoid crash when index list has extraneous entry fix a incompatible pointer type warning for gcc14 Fix build with libxml2 2.12 fix memleak pdf: Always use poppler_document_save to avoid data loss ev-application: Quote user-supplied strings in ev_spawn command line -------------------------------------------------------------------------------- ChangeLog: * Thu Jun 11 2026 Robert Scheck <robert(a)fedoraproject.org> - 1.26.4-1 - update to 1.26.4 (#2260373, #2487669) -------------------------------------------------------------------------------- References: [ 1 ] Bug #2260373 - CVE-2023-52076 atril: Path traversal in Atril can lead to arbitrary file write and possible arbitrary code execution https://bugzilla.redhat.com/show_bug.cgi?id=2260373 [ 2 ] Bug #2487669 - CVE-2026-46529 atril: evince: xreader: PDF /GoToR action argv injection enables single-click RCE via --gtk-module dlopen https://bugzilla.redhat.com/show_bug.cgi?id=2487669 -------------------------------------------------------------------------------- ================================================================================ coturn-4.12.0-2.el8 (FEDORA-EPEL-2026-5e77c1ee5f) TURN/STUN & ICE Server -------------------------------------------------------------------------------- Update Information: Ensure that systemctl reload coturn also reloads TLS certificate -------------------------------------------------------------------------------- ChangeLog: * Thu Jun 11 2026 Robert Scheck <robert(a)fedoraproject.org> - 4.12.0-2 - Ensure that 'systemctl reload coturn' also reloads TLS certificate -------------------------------------------------------------------------------- ================================================================================ mock-core-configs-44.3-1.el8 (FEDORA-EPEL-2026-e82bbd5597) Mock core config files basic chroots -------------------------------------------------------------------------------- Update Information: https://rpm-software-management.github.io/mock/Release-Notes-Configs-44.3 -------------------------------------------------------------------------------- ChangeLog: * Wed Jun 10 2026 Pavel Raiskup <pavel(a)raiskup.cz> 44.3-1 - the fedora-release-eln renamed to fedora-eln-release - Add config for Fedora 44 version of RISC-V port (marcin(a)juszkiewicz.com.pl) - set bootstrap_image_ready=True for AlmaLinux configs (andrew.lukoshko(a)gmail.com) - re-enable bootstrap images for x86_64_v2 AlmaLinux configs (andrew.lukoshko(a)gmail.com) - remove dependency on python3-dnf (msuchy(a)redhat.com) -------------------------------------------------------------------------------- ================================================================================ perl-Config-IniFiles-3.001000-1.el8 (FEDORA-EPEL-2026-5617bbdfc0) A module for reading .ini-style configuration files -------------------------------------------------------------------------------- Update Information: Update to 3.001000, fixes CVE-2026-11527 -------------------------------------------------------------------------------- ChangeLog: * Thu Jun 11 2026 Xavier Bachelot <xavier(a)bachelot.org> - 3.001000-1 - Update to 3.001000 (RHBZ#2487822) - Fixes CVE-2026-11527 * Sat Jan 17 2026 Fedora Release Engineering <releng(a)fedoraproject.org> - 3.000003-18 - Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild * Fri Jul 25 2025 Fedora Release Engineering <releng(a)fedoraproject.org> - 3.000003-17 - Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild * Sat Jan 18 2025 Fedora Release Engineering <releng(a)fedoraproject.org> - 3.000003-16 - Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild * Mon Aug 5 2024 Miroslav Suchý <msuchy(a)redhat.com> - 3.000003-15 - convert license to SPDX * Thu Jul 18 2024 Fedora Release Engineering <releng(a)fedoraproject.org> - 3.000003-14 - Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild * Thu Jan 25 2024 Fedora Release Engineering <releng(a)fedoraproject.org> - 3.000003-13 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild * Sun Jan 21 2024 Fedora Release Engineering <releng(a)fedoraproject.org> - 3.000003-12 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild * Thu Jul 20 2023 Fedora Release Engineering <releng(a)fedoraproject.org> - 3.000003-11 - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild * Fri Jan 20 2023 Fedora Release Engineering <releng(a)fedoraproject.org> - 3.000003-10 - Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild * Fri Jul 22 2022 Fedora Release Engineering <releng(a)fedoraproject.org> - 3.000003-9 - Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild * Tue May 31 2022 Jitka Plesnikova <jplesnik(a)redhat.com> - 3.000003-8 - Perl 5.36 rebuild * Fri Jan 21 2022 Fedora Release Engineering <releng(a)fedoraproject.org> - 3.000003-7 - Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild * Thu Jul 22 2021 Fedora Release Engineering <releng(a)fedoraproject.org> - 3.000003-6 - Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild * Fri May 21 2021 Jitka Plesnikova <jplesnik(a)redhat.com> - 3.000003-5 - Perl 5.34 rebuild * Wed Jan 27 2021 Fedora Release Engineering <releng(a)fedoraproject.org> - 3.000003-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild * Tue Jul 28 2020 Fedora Release Engineering <releng(a)fedoraproject.org> - 3.000003-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild * Tue Jun 23 2020 Jitka Plesnikova <jplesnik(a)redhat.com> - 3.000003-2 - Perl 5.32 rebuild * Wed Mar 25 2020 Tom Callaway <spot(a)fedoraproject.org> - 3.000003-1 - update to 3.000003 * Thu Mar 19 2020 Petr Pisar <ppisar(a)redhat.com> - 3.000002-5 - Build-require blib for the tests * Wed Jan 29 2020 Fedora Release Engineering <releng(a)fedoraproject.org> - 3.000002-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild --------------------------------------------------------------------------------

1 0

Fedora EPEL 9 updates-testing report
by updates＠fedoraproject.org 12 Jun '26

12 Jun '26

The following Fedora EPEL 9 Security updates need testing: Age URL 204 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-9a55de96db xpdf-4.06-1.el9 50 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-e794b68cc6 nuclei-3.8.0-1.el9 6 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-b18955a7ae chezmoi-2.70.5-1.el9 6 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-5497484804 composer-2.10.1-1.el9 6 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-78c9d246b0 apptainer-1.5.1-1.el9 4 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-4d0b588a17 python-django4.2-4.2.30-2.el9 2 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-ec3d774387 openslide-3.4.1-20.el9 1 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-204e38b37f python-ujson-5.8.0-5.el9 1 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-2d971fc3b0 ImageMagick-6.9.13.49-1.el9 1 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-af4408a35e bird-3.3.1-1.el9 1 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-dc3d293a5d perl-GD-2.86-1.el9 1 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-d9f99fbd40 singularity-ce-4.4.2-1.el9 1 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-dd9886a057 restic-0.19.0-1.el9 1 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-8112fc6e20 php-pecl-mongodb-1.20.1-2.el9 The following builds have been pushed to Fedora EPEL 9 updates-testing atril-1.26.4-1.el9 chromium-149.0.7827.102-1.el9 coturn-4.12.0-2.el9 gh-2.94.0-1.el9 glab-1.102.0-1.el9 lesspipe-2.27-1.el9 mock-core-configs-44.3-1.el9 perl-Config-IniFiles-3.001000-1.el9 rust-axum-0.8.9-1.el9 rust-axum-macros-0.5.1-1.el9 rust-curl-sys-0.4.89-1.el9 rust-getset-0.1.7-1.el9 rust-opener-0.8.5-1.el9 rust-semver-1.0.28-1.el9 rust-tokio-tungstenite-0.29.0-1.el9 rust-tungstenite-0.29.0-1.el9 Details about builds: ================================================================================ atril-1.26.4-1.el9 (FEDORA-EPEL-2026-abc540be8b) Document viewer -------------------------------------------------------------------------------- Update Information: atril 1.26.4 epub: use g_strndup for parsing document path epub: validate epub content before parsing atril 1.26.3 epub: Avoid crash when index list has extraneous entry fix a incompatible pointer type warning for gcc14 Fix build with libxml2 2.12 fix memleak pdf: Always use poppler_document_save to avoid data loss ev-application: Quote user-supplied strings in ev_spawn command line -------------------------------------------------------------------------------- ChangeLog: * Thu Jun 11 2026 Robert Scheck <robert(a)fedoraproject.org> - 1.26.4-1 - update to 1.26.4 (#2260373, #2487669) -------------------------------------------------------------------------------- References: [ 1 ] Bug #2260373 - CVE-2023-52076 atril: Path traversal in Atril can lead to arbitrary file write and possible arbitrary code execution https://bugzilla.redhat.com/show_bug.cgi?id=2260373 [ 2 ] Bug #2487669 - CVE-2026-46529 atril: evince: xreader: PDF /GoToR action argv injection enables single-click RCE via --gtk-module dlopen https://bugzilla.redhat.com/show_bug.cgi?id=2487669 -------------------------------------------------------------------------------- ================================================================================ chromium-149.0.7827.102-1.el9 (FEDORA-EPEL-2026-0cafc6e293) A WebKit (Blink) powered web browser that Google doesn't want you to use -------------------------------------------------------------------------------- Update Information: Update to 149.0.7827.102 CVE-2026-11628: Use after free in Ozone CVE-2026-11629: Use after free in Ozone CVE-2026-11630: Use after free in File Input CVE-2026-11631: Use after free in Aura CVE-2026-11632: Use after free in TabStrip CVE-2026-11633: Use after free in Bluetooth CVE-2026-11634: Use after free in Gamepad CVE-2026-11635: Use after free in Bluetooth CVE-2026-11636: Use after free in Autofill CVE-2026-11637: Use after free in Views CVE-2026-11638: Use after free in Printing CVE-2026-11639: Use after free in Compositing CVE-2026-11640: Integer overflow in libyuv CVE-2026-11641: Use after free in Bluetooth CVE-2026-11642: Use after free in Web Apps CVE-2026-11643: Use after free in Proxy CVE-2026-11644: Use after free in Views CVE-2026-11645: Out of bounds memory access in V8 CVE-2026-11646: Use after free in ViewTransitions CVE-2026-11647: Use after free in Printing CVE-2026-11648: Use after free in FullScreen CVE-2026-11649: Use after free in V8 CVE-2026-11650: Use after free in V8 CVE-2026-11651: Use after free in Network CVE-2026-11652: Use after free in Extensions CVE-2026-11653: Insufficient validation of untrusted input in Extensions CVE-2026-11654: Use after free in CameraCapture CVE-2026-11655: Integer overflow in Media CVE-2026-11656: Use after free in ServiceWorker CVE-2026-11657: Use after free in Payments CVE-2026-11658: Insufficient validation of untrusted input in Extensions CVE-2026-11659: Insufficient validation of untrusted input in UI CVE-2026-11660: Insufficient validation of untrusted input in New Tab Page CVE-2026-11661: Use after free in Views CVE-2026-11662: Type Confusion in Bindings CVE-2026-11663: Use after free in Skia CVE-2026-11664: Use after free in Payments CVE-2026-11665: Out of bounds read in Dawn CVE-2026-11666: Insufficient validation of untrusted input in Input CVE-2026-11667: Out of bounds read in WebRTC CVE-2026-11668: Uninitialized Use in Codecs CVE-2026-11669: Integer overflow in Media CVE-2026-11670: Use after free in PDF CVE-2026-11671: Use after free in Navigation CVE-2026-11672: Out of bounds write in GPU CVE-2026-11673: Use after free in InterestGroups CVE-2026-11674: Use after free in Guest View CVE-2026-11675: Insufficient validation of untrusted input in Skia CVE-2026-11676: Insufficient validation of untrusted input in Dawn CVE-2026-11677: Race in Network CVE-2026-11678: Integer overflow in libyuv CVE-2026-11679: Use after free in Codecs CVE-2026-11680: Use after free in Media CVE-2026-11681: Use after free in Ozone CVE-2026-11682: Insufficient validation of untrusted input in Views CVE-2026-11683: Use after free in WebCodecs CVE-2026-11684: Insufficient policy enforcement in Network CVE-2026-11685: Insufficient data validation in MediaCapture CVE-2026-11686: Insufficient validation of untrusted input in Dawn CVE-2026-11687: Use after free in Dawn CVE-2026-11688: Object lifecycle issue in SVG CVE-2026-11689: Insufficient validation of untrusted input in Passwords CVE-2026-11690: Out of bounds read and write in Media CVE-2026-11691: Insufficient validation of untrusted input in New Tab Page CVE-2026-11692: Use after free in Read Anything CVE-2026-11693: Inappropriate implementation in Plugins CVE-2026-11694: Use after free in ServiceWorker CVE-2026-11695: Inappropriate implementation in Passwords CVE-2026-11696: Uninitialized Use in Video CVE-2026-11697: Insufficient validation of untrusted input in UI CVE-2026-11698: Use after free in Bluetooth CVE-2026-11699: Use after free in Bluetooth CVE-2026-11700: Use after free in Tracing CVE-2026-11701: Insufficient validation of untrusted input in Guest View -------------------------------------------------------------------------------- ChangeLog: * Tue Jun 9 2026 Than Ngo <than(a)redhat.com> - 149.0.7827.102-1 - Update to 149.0.7827.102 * CVE-2026-11628: Use after free in Ozone * CVE-2026-11629: Use after free in Ozone * CVE-2026-11630: Use after free in File Input * CVE-2026-11631: Use after free in Aura * CVE-2026-11632: Use after free in TabStrip * CVE-2026-11633: Use after free in Bluetooth * CVE-2026-11634: Use after free in Gamepad * CVE-2026-11635: Use after free in Bluetooth * CVE-2026-11636: Use after free in Autofill * CVE-2026-11637: Use after free in Views * CVE-2026-11638: Use after free in Printing * CVE-2026-11639: Use after free in Compositing * CVE-2026-11640: Integer overflow in libyuv * CVE-2026-11641: Use after free in Bluetooth * CVE-2026-11642: Use after free in Web Apps * CVE-2026-11643: Use after free in Proxy * CVE-2026-11644: Use after free in Views * CVE-2026-11645: Out of bounds memory access in V8 * CVE-2026-11646: Use after free in ViewTransitions * CVE-2026-11647: Use after free in Printing * CVE-2026-11648: Use after free in FullScreen * CVE-2026-11649: Use after free in V8 * CVE-2026-11650: Use after free in V8 * CVE-2026-11651: Use after free in Network * CVE-2026-11652: Use after free in Extensions * CVE-2026-11653: Insufficient validation of untrusted input in Extensions * CVE-2026-11654: Use after free in CameraCapture * CVE-2026-11655: Integer overflow in Media * CVE-2026-11656: Use after free in ServiceWorker * CVE-2026-11657: Use after free in Payments * CVE-2026-11658: Insufficient validation of untrusted input in Extensions * CVE-2026-11659: Insufficient validation of untrusted input in UI * CVE-2026-11660: Insufficient validation of untrusted input in New Tab Page * CVE-2026-11661: Use after free in Views * CVE-2026-11662: Type Confusion in Bindings * CVE-2026-11663: Use after free in Skia * CVE-2026-11664: Use after free in Payments * CVE-2026-11665: Out of bounds read in Dawn * CVE-2026-11666: Insufficient validation of untrusted input in Input * CVE-2026-11667: Out of bounds read in WebRTC * CVE-2026-11668: Uninitialized Use in Codecs * CVE-2026-11669: Integer overflow in Media * CVE-2026-11670: Use after free in PDF * CVE-2026-11671: Use after free in Navigation * CVE-2026-11672: Out of bounds write in GPU * CVE-2026-11673: Use after free in InterestGroups * CVE-2026-11674: Use after free in Guest View * CVE-2026-11675: Insufficient validation of untrusted input in Skia * CVE-2026-11676: Insufficient validation of untrusted input in Dawn * CVE-2026-11677: Race in Network * CVE-2026-11678: Integer overflow in libyuv * CVE-2026-11679: Use after free in Codecs * CVE-2026-11680: Use after free in Media * CVE-2026-11681: Use after free in Ozone * CVE-2026-11682: Insufficient validation of untrusted input in Views * CVE-2026-11683: Use after free in WebCodecs * CVE-2026-11684: Insufficient policy enforcement in Network * CVE-2026-11685: Insufficient data validation in MediaCapture * CVE-2026-11686: Insufficient validation of untrusted input in Dawn * CVE-2026-11687: Use after free in Dawn * CVE-2026-11688: Object lifecycle issue in SVG * CVE-2026-11689: Insufficient validation of untrusted input in Passwords * CVE-2026-11690: Out of bounds read and write in Media * CVE-2026-11691: Insufficient validation of untrusted input in New Tab Page * CVE-2026-11692: Use after free in Read Anything * CVE-2026-11693: Inappropriate implementation in Plugins * CVE-2026-11694: Use after free in ServiceWorker * CVE-2026-11695: Inappropriate implementation in Passwords * CVE-2026-11696: Uninitialized Use in Video * CVE-2026-11697: Insufficient validation of untrusted input in UI * CVE-2026-11698: Use after free in Bluetooth * CVE-2026-11699: Use after free in Bluetooth * CVE-2026-11700: Use after free in Tracing * CVE-2026-11701: Insufficient validation of untrusted input in Guest View - Refresh ppc64le patches -------------------------------------------------------------------------------- References: [ 1 ] Bug #2486043 - CVE-2026-10881 CVE-2026-10882 CVE-2026-10883 CVE-2026-10884 CVE-2026-10885 CVE-2026-10886 CVE-2026-10887 CVE-2026-10888 CVE-2026-10889 CVE-2026-10890 CVE-2026-10891 CVE-2026-10892 CVE-2026-10893 CVE-2026-10894 ... chromium: various flaws [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2486043 [ 2 ] Bug #2487619 - CVE-2026-11628 CVE-2026-11629 CVE-2026-11630 CVE-2026-11631 CVE-2026-11632 CVE-2026-11633 CVE-2026-11634 CVE-2026-11635 CVE-2026-11636 CVE-2026-11637 CVE-2026-11638 CVE-2026-11639 CVE-2026-11640 CVE-2026-11641 ... chromium: various flaws [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2487619 -------------------------------------------------------------------------------- ================================================================================ coturn-4.12.0-2.el9 (FEDORA-EPEL-2026-5b677b7836) TURN/STUN & ICE Server -------------------------------------------------------------------------------- Update Information: Ensure that systemctl reload coturn also reloads TLS certificate -------------------------------------------------------------------------------- ChangeLog: * Thu Jun 11 2026 Robert Scheck <robert(a)fedoraproject.org> - 4.12.0-2 - Ensure that 'systemctl reload coturn' also reloads TLS certificate -------------------------------------------------------------------------------- ================================================================================ gh-2.94.0-1.el9 (FEDORA-EPEL-2026-d274f8045b) GitHub's official command line tool -------------------------------------------------------------------------------- Update Information: Update to 2.94.0 Update to 2.93.0 -------------------------------------------------------------------------------- ChangeLog: * Thu Jun 11 2026 Packit <hello(a)packit.dev> - 2.94.0-1 - Update to 2.94.0 upstream release - Resolves: rhbz#2487830 * Thu May 28 2026 Maxwell G <maxwell(a)gtmx.me> - 2.93.0-1 - Update to 2.93.0. Fixes rhbz#2482337. * Mon May 4 2026 Maxwell G <maxwell(a)gtmx.me> - 2.92.0-1 - Update to 2.92.0. Fixes rhbz#2451741. * Fri Apr 24 2026 Maxwell G <maxwell(a)gtmx.me> - 2.91.0-3 - Make telemetry sending opt in * Fri Apr 24 2026 Maxwell G <maxwell(a)gtmx.me> - 2.91.0-1 - Update to 2.91.0. Fixes rhbz#2451741. * Thu Mar 12 2026 Packit <hello(a)packit.dev> - 2.88.1-1 - Update to 2.88.1 upstream release - Resolves: rhbz#2446304 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2483740 - CVE-2026-45803 gh: GitHub CLI: Arbitrary command execution via terminal escape sequence injection in workflow logs [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2483740 [ 2 ] Bug #2486202 - CVE-2026-45287 gh: OpenTelemetry-Go: Denial of Service due to file descriptor leak [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2486202 -------------------------------------------------------------------------------- ================================================================================ glab-1.102.0-1.el9 (FEDORA-EPEL-2026-b944c23b93) A GitLab CLI tool bringing GitLab to your command line -------------------------------------------------------------------------------- Update Information: Initial build of glab for EL9 -------------------------------------------------------------------------------- ChangeLog: * Fri Jun 5 2026 Packit <hello(a)packit.dev> - 1.102.0-1 - Update to 1.102.0 upstream release - Resolves: rhbz#2476559 * Fri May 8 2026 Packit <hello(a)packit.dev> - 1.95.0-1 - Update to 1.95.0 upstream release - Resolves: rhbz#2467246 * Fri Apr 10 2026 Packit <hello(a)packit.dev> - 1.92.1-1 - Update to 1.92.1 upstream release - Resolves: rhbz#2457079 * Wed Apr 1 2026 Packit <hello(a)packit.dev> - 1.91.0-1 - Update to 1.91.0 upstream release - Resolves: rhbz#2453971 * Mon Mar 23 2026 Packit <hello(a)packit.dev> - 1.90.0-1 - Update to 1.90.0 upstream release - Resolves: rhbz#2450398 * Thu Mar 5 2026 Packit <hello(a)packit.dev> - 1.89.0-1 - Update to 1.89.0 upstream release - Resolves: rhbz#2444915 * Wed Mar 4 2026 Packit <hello(a)packit.dev> - 1.88.0-1 - Update to 1.88.0 upstream release - Resolves: rhbz#2443918 * Wed Feb 18 2026 Packit <hello(a)packit.dev> - 1.86.0-1 - Update to 1.86.0 upstream release - Resolves: rhbz#2440787 * Tue Feb 17 2026 Packit <hello(a)packit.dev> - 1.85.3-1 - Update to 1.85.3 upstream release - Resolves: rhbz#2440422 * Sun Feb 15 2026 Packit <hello(a)packit.dev> - 1.85.2-1 - Update to 1.85.2 upstream release - Resolves: rhbz#2435193 * Mon Feb 2 2026 Maxwell G <maxwell(a)gtmx.me> - 1.81.0-2 - Rebuild for https://fedoraproject.org/wiki/Changes/golang1.26 * Wed Jan 21 2026 Packit <hello(a)packit.dev> - 1.81.0-1 - Update to 1.81.0 upstream release - Resolves: rhbz#2431524 * Fri Jan 16 2026 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.80.4-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild * Thu Dec 18 2025 Packit <hello(a)packit.dev> - 1.80.4-1 - Update to 1.80.4 upstream release - Resolves: rhbz#2423434 * Wed Dec 17 2025 Packit <hello(a)packit.dev> - 1.80.0-1 - Update to 1.80.0 upstream release - Resolves: rhbz#2416474 * Wed Nov 12 2025 Packit <hello(a)packit.dev> - 1.77.0-1 - Update to 1.77.0 upstream release - Resolves: rhbz#2414317 * Wed Nov 5 2025 Mikel Olasagasti Uranga <mikel(a)olasagasti.info> - 1.76.2-1 - Update to 1.76.2 - Closes rhbz#2395480 * Fri Oct 10 2025 Alejandro Sáez <asm(a)redhat.com> - 1.68.0-2 - rebuild * Tue Sep 9 2025 Packit <hello(a)packit.dev> - 1.68.0-1 - Update to 1.68.0 upstream release - Resolves: rhbz#2393375 * Tue Sep 9 2025 Mikel Olasagasti Uranga <mikel(a)olasagasti.info> - 1.67.0-5 - Integrate Packit with Go Vendor Tools * Fri Aug 15 2025 Maxwell G <maxwell(a)gtmx.me> - 1.67.0-4 - Rebuild for golang-1.25.0 * Fri Aug 15 2025 Maxwell G <maxwell(a)gtmx.me> - 1.67.0-3 - Revert "Rebuild for golang-1.25.0" * Fri Aug 15 2025 Maxwell G <maxwell(a)gtmx.me> - 1.67.0-2 - Rebuild for golang-1.25.0 * Thu Aug 14 2025 Mikel Olasagasti Uranga <mikel(a)olasagasti.info> - 1.67.0-1 - Update to 1.167.0 - Closes rhbz#2388496 * Wed Aug 13 2025 Mikel Olasagasti Uranga <mikel(a)olasagasti.info> - 1.66.0-2 - Fix missing license file * Wed Aug 13 2025 Mikel Olasagasti Uranga <mikel(a)olasagasti.info> - 1.66.0-1 - Update to 1.66.0 - Closes rhbz#2333063 * Wed Jul 23 2025 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.61.0-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild * Tue Jul 8 2025 Maxwell G <maxwell(a)gtmx.me> - 1.61.0-1 - Update to 1.61.0. Use vendored deps. * Thu Jan 16 2025 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.50.0-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild * Thu Nov 28 2024 Packit <hello(a)packit.dev> - 1.50.0-1 - Update to 1.50.0 upstream release - Resolves: rhbz#2329351 * Fri Nov 15 2024 Packit <hello(a)packit.dev> - 1.49.0-1 - Update to 1.49.0 upstream release - Resolves: rhbz#2326391 * Thu Oct 17 2024 Packit <hello(a)packit.dev> - 1.48.0-1 - Update to 1.48.0 upstream release - Resolves: rhbz#2319407 * Wed Oct 2 2024 Packit <hello(a)packit.dev> - 1.47.0-1 - Update to 1.47.0 upstream release - Resolves: rhbz#2316205 * Tue Sep 10 2024 Packit <hello(a)packit.dev> - 1.46.1-1 - Update to 1.46.1 upstream release - Resolves: rhbz#2309743 * Wed Jul 31 2024 Packit <hello(a)packit.dev> - 1.45.0-1 - Update to 1.45.0 upstream release - Resolves: rhbz#2299322 * Thu Jul 18 2024 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.42.0-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild * Fri Jul 12 2024 Mikel Olasagasti Uranga <mikel(a)olasagasti.info> - 1.42.0-1 - Update to 1.42.0 - Closes rhbz#2277027 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2458881 - Please branch and build glab in epel9 https://bugzilla.redhat.com/show_bug.cgi?id=2458881 -------------------------------------------------------------------------------- ================================================================================ lesspipe-2.27-1.el9 (FEDORA-EPEL-2026-cd2933ae05) Input filter for less to better display files -------------------------------------------------------------------------------- Update Information: version 2.27 -------------------------------------------------------------------------------- ChangeLog: * Thu Jun 11 2026 Andreas Haupt <andreas.haupt(a)desy.de> - 2.27-1 - version 2.27 * Sun Jun 7 2026 Andreas Haupt <andreas.haupt(a)desy.de> - 2.26-1 - version 2.26 * Fri May 15 2026 Andreas Haupt <andreas.haupt(a)desy.de> - 2.25-2 - sources for 2.25 * Tue May 12 2026 Andreas Haupt <andreas.haupt(a)desy.de> - 2.25-1 - version 2.25 * Tue May 12 2026 Andreas Haupt <andreas.haupt(a)desy.de> - 2.24-4 - finish lesspipe-vimcolor obsoleteness -------------------------------------------------------------------------------- ================================================================================ mock-core-configs-44.3-1.el9 (FEDORA-EPEL-2026-1cb7ef091e) Mock core config files basic chroots -------------------------------------------------------------------------------- Update Information: https://rpm-software-management.github.io/mock/Release-Notes-Configs-44.3 -------------------------------------------------------------------------------- ChangeLog: * Wed Jun 10 2026 Pavel Raiskup <pavel(a)raiskup.cz> 44.3-1 - the fedora-release-eln renamed to fedora-eln-release - Add config for Fedora 44 version of RISC-V port (marcin(a)juszkiewicz.com.pl) - set bootstrap_image_ready=True for AlmaLinux configs (andrew.lukoshko(a)gmail.com) - re-enable bootstrap images for x86_64_v2 AlmaLinux configs (andrew.lukoshko(a)gmail.com) - remove dependency on python3-dnf (msuchy(a)redhat.com) -------------------------------------------------------------------------------- ================================================================================ perl-Config-IniFiles-3.001000-1.el9 (FEDORA-EPEL-2026-525901a90e) A module for reading .ini-style configuration files -------------------------------------------------------------------------------- Update Information: Update to 3.001000, fixes CVE-2026-11527 -------------------------------------------------------------------------------- ChangeLog: * Thu Jun 11 2026 Xavier Bachelot <xavier(a)bachelot.org> - 3.001000-1 - Update to 3.001000 (RHBZ#2487822) - Fixes CVE-2026-11527 * Sat Jan 17 2026 Fedora Release Engineering <releng(a)fedoraproject.org> - 3.000003-18 - Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild * Fri Jul 25 2025 Fedora Release Engineering <releng(a)fedoraproject.org> - 3.000003-17 - Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild * Sat Jan 18 2025 Fedora Release Engineering <releng(a)fedoraproject.org> - 3.000003-16 - Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild * Mon Aug 5 2024 Miroslav Suchý <msuchy(a)redhat.com> - 3.000003-15 - convert license to SPDX * Thu Jul 18 2024 Fedora Release Engineering <releng(a)fedoraproject.org> - 3.000003-14 - Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ rust-axum-0.8.9-1.el9 (FEDORA-EPEL-2026-4f2f421d6d) HTTP routing and request handling library -------------------------------------------------------------------------------- Update Information: Update the axum crate to version 0.8.9. Update the axum-macros crate to version 0.5.1. Update the tokio-tungstenite crate to version 0.29.0. Update the tungstenite crate to version 0.29.0. -------------------------------------------------------------------------------- ChangeLog: * Wed Jun 10 2026 Fabio Valentini <decathorpe(a)gmail.com> - 0.8.9-1 - Update to version 0.8.9; Fixes RHBZ#2458161 * Sat Jan 17 2026 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.8.8-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ rust-axum-macros-0.5.1-1.el9 (FEDORA-EPEL-2026-4f2f421d6d) Macros for axum -------------------------------------------------------------------------------- Update Information: Update the axum crate to version 0.8.9. Update the axum-macros crate to version 0.5.1. Update the tokio-tungstenite crate to version 0.29.0. Update the tungstenite crate to version 0.29.0. -------------------------------------------------------------------------------- ChangeLog: * Wed Jun 10 2026 Fabio Valentini <decathorpe(a)gmail.com> - 0.5.1-1 - Update to version 0.5.1; Fixes RHBZ#2458160 * Sat Jan 17 2026 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.5.0-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ rust-curl-sys-0.4.89-1.el9 (FEDORA-EPEL-2026-834f50dd8a) Native bindings to the libcurl library -------------------------------------------------------------------------------- Update Information: Update to version 0.4.89. -------------------------------------------------------------------------------- ChangeLog: * Thu Jun 11 2026 Fabio Valentini <decathorpe(a)gmail.com> - 0.4.89-1 - Update to version 0.4.89+curl-8.20.0; Fixes RHBZ#2453027 -------------------------------------------------------------------------------- ================================================================================ rust-getset-0.1.7-1.el9 (FEDORA-EPEL-2026-625fc7b04e) Procedural macro for generating the most basic getters and setters on fields -------------------------------------------------------------------------------- Update Information: Update to version 0.1.7. -------------------------------------------------------------------------------- ChangeLog: * Thu Jun 11 2026 Fabio Valentini <decathorpe(a)gmail.com> - 0.1.7-1 - Update to version 0.1.7; Fixes RHBZ#2487829 * Sat Jan 17 2026 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.1.6-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild * Fri Jul 25 2025 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.1.6-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ rust-opener-0.8.5-1.el9 (FEDORA-EPEL-2026-eaedae0ab0) Open a file or link using the system default program -------------------------------------------------------------------------------- Update Information: Update to version 0.8.5. -------------------------------------------------------------------------------- ChangeLog: * Thu Jun 11 2026 Fabio Valentini <decathorpe(a)gmail.com> - 0.8.5-1 - Update to version 0.8.5; Fixes RHBZ#2487842 -------------------------------------------------------------------------------- ================================================================================ rust-semver-1.0.28-1.el9 (FEDORA-EPEL-2026-a6449f9dc5) Parser and evaluator for Cargo's flavor of Semantic Versioning -------------------------------------------------------------------------------- Update Information: Update to version 1.0.28. -------------------------------------------------------------------------------- ChangeLog: * Wed Jun 10 2026 Fabio Valentini <decathorpe(a)gmail.com> - 1.0.28-1 - Update to version 1.0.28; Fixes RHBZ#2455028 * Sat Jan 17 2026 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.0.27-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ rust-tokio-tungstenite-0.29.0-1.el9 (FEDORA-EPEL-2026-4f2f421d6d) Tokio binding for Tungstenite -------------------------------------------------------------------------------- Update Information: Update the axum crate to version 0.8.9. Update the axum-macros crate to version 0.5.1. Update the tokio-tungstenite crate to version 0.29.0. Update the tungstenite crate to version 0.29.0. -------------------------------------------------------------------------------- ChangeLog: * Wed Jun 10 2026 Fabio Valentini <decathorpe(a)gmail.com> - 0.29.0-1 - Update to version 0.29.0; Fixes RHBZ#2448377 * Sat Jan 17 2026 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.28.0-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ rust-tungstenite-0.29.0-1.el9 (FEDORA-EPEL-2026-4f2f421d6d) Lightweight stream-based WebSocket implementation -------------------------------------------------------------------------------- Update Information: Update the axum crate to version 0.8.9. Update the axum-macros crate to version 0.5.1. Update the tokio-tungstenite crate to version 0.29.0. Update the tungstenite crate to version 0.29.0. -------------------------------------------------------------------------------- ChangeLog: * Wed Jun 10 2026 Fabio Valentini <decathorpe(a)gmail.com> - 0.29.0-1 - Update to version 0.29.0; Fixes RHBZ#2448378 * Sat Jan 17 2026 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.28.0-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild --------------------------------------------------------------------------------

1 0

Fedora EPEL 10.2 updates-testing report
by updates＠fedoraproject.org 12 Jun '26

12 Jun '26

The following Fedora EPEL 10.2 Security updates need testing: Age URL 8 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-c185cd6f77 nix-2.31.5-3.el10_2 6 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-aa1072911c chezmoi-2.70.5-1.el10_2 6 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-15368435dd composer-2.10.1-1.el10_2 6 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-5afb48ca9e apptainer-1.5.1-1.el10_2 5 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-b71f1f4e9b python-python-multipart-0.0.32-1.el10_2 5 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-64c1cc86c1 dnsdist-2.0.6-1.el10_2 2 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-02d92ea412 nextcloud-33.0.5-1.el10_2 1 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-3dfbc6a1df bird-3.3.1-1.el10_2 0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-d41d0279ec perl-GD-2.86-1.el10_2 0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-82e8b5fef4 singularity-ce-4.4.2-1.el10_2 0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-445878b522 restic-0.19.0-1.el10_2 The following builds have been pushed to Fedora EPEL 10.2 updates-testing chromium-149.0.7827.102-1.el10_2 coturn-4.12.0-2.el10_2 gh-2.94.0-1.el10_2 glab-1.102.0-1.el10_2 lesspipe-2.27-1.el10_2 mock-core-configs-44.3-1.el10_2 perl-Config-IniFiles-3.001000-1.el10_2 rust-curl-sys-0.4.89-1.el10_2 rust-semver-1.0.28-1.el10_2 Details about builds: ================================================================================ chromium-149.0.7827.102-1.el10_2 (FEDORA-EPEL-2026-9590d638c8) A WebKit (Blink) powered web browser that Google doesn't want you to use -------------------------------------------------------------------------------- Update Information: Update to 149.0.7827.102 CVE-2026-11628: Use after free in Ozone CVE-2026-11629: Use after free in Ozone CVE-2026-11630: Use after free in File Input CVE-2026-11631: Use after free in Aura CVE-2026-11632: Use after free in TabStrip CVE-2026-11633: Use after free in Bluetooth CVE-2026-11634: Use after free in Gamepad CVE-2026-11635: Use after free in Bluetooth CVE-2026-11636: Use after free in Autofill CVE-2026-11637: Use after free in Views CVE-2026-11638: Use after free in Printing CVE-2026-11639: Use after free in Compositing CVE-2026-11640: Integer overflow in libyuv CVE-2026-11641: Use after free in Bluetooth CVE-2026-11642: Use after free in Web Apps CVE-2026-11643: Use after free in Proxy CVE-2026-11644: Use after free in Views CVE-2026-11645: Out of bounds memory access in V8 CVE-2026-11646: Use after free in ViewTransitions CVE-2026-11647: Use after free in Printing CVE-2026-11648: Use after free in FullScreen CVE-2026-11649: Use after free in V8 CVE-2026-11650: Use after free in V8 CVE-2026-11651: Use after free in Network CVE-2026-11652: Use after free in Extensions CVE-2026-11653: Insufficient validation of untrusted input in Extensions CVE-2026-11654: Use after free in CameraCapture CVE-2026-11655: Integer overflow in Media CVE-2026-11656: Use after free in ServiceWorker CVE-2026-11657: Use after free in Payments CVE-2026-11658: Insufficient validation of untrusted input in Extensions CVE-2026-11659: Insufficient validation of untrusted input in UI CVE-2026-11660: Insufficient validation of untrusted input in New Tab Page CVE-2026-11661: Use after free in Views CVE-2026-11662: Type Confusion in Bindings CVE-2026-11663: Use after free in Skia CVE-2026-11664: Use after free in Payments CVE-2026-11665: Out of bounds read in Dawn CVE-2026-11666: Insufficient validation of untrusted input in Input CVE-2026-11667: Out of bounds read in WebRTC CVE-2026-11668: Uninitialized Use in Codecs CVE-2026-11669: Integer overflow in Media CVE-2026-11670: Use after free in PDF CVE-2026-11671: Use after free in Navigation CVE-2026-11672: Out of bounds write in GPU CVE-2026-11673: Use after free in InterestGroups CVE-2026-11674: Use after free in Guest View CVE-2026-11675: Insufficient validation of untrusted input in Skia CVE-2026-11676: Insufficient validation of untrusted input in Dawn CVE-2026-11677: Race in Network CVE-2026-11678: Integer overflow in libyuv CVE-2026-11679: Use after free in Codecs CVE-2026-11680: Use after free in Media CVE-2026-11681: Use after free in Ozone CVE-2026-11682: Insufficient validation of untrusted input in Views CVE-2026-11683: Use after free in WebCodecs CVE-2026-11684: Insufficient policy enforcement in Network CVE-2026-11685: Insufficient data validation in MediaCapture CVE-2026-11686: Insufficient validation of untrusted input in Dawn CVE-2026-11687: Use after free in Dawn CVE-2026-11688: Object lifecycle issue in SVG CVE-2026-11689: Insufficient validation of untrusted input in Passwords CVE-2026-11690: Out of bounds read and write in Media CVE-2026-11691: Insufficient validation of untrusted input in New Tab Page CVE-2026-11692: Use after free in Read Anything CVE-2026-11693: Inappropriate implementation in Plugins CVE-2026-11694: Use after free in ServiceWorker CVE-2026-11695: Inappropriate implementation in Passwords CVE-2026-11696: Uninitialized Use in Video CVE-2026-11697: Insufficient validation of untrusted input in UI CVE-2026-11698: Use after free in Bluetooth CVE-2026-11699: Use after free in Bluetooth CVE-2026-11700: Use after free in Tracing CVE-2026-11701: Insufficient validation of untrusted input in Guest View -------------------------------------------------------------------------------- ChangeLog: * Tue Jun 9 2026 Than Ngo <than(a)redhat.com> - 149.0.7827.102-1 - Update to 149.0.7827.102 * CVE-2026-11628: Use after free in Ozone * CVE-2026-11629: Use after free in Ozone * CVE-2026-11630: Use after free in File Input * CVE-2026-11631: Use after free in Aura * CVE-2026-11632: Use after free in TabStrip * CVE-2026-11633: Use after free in Bluetooth * CVE-2026-11634: Use after free in Gamepad * CVE-2026-11635: Use after free in Bluetooth * CVE-2026-11636: Use after free in Autofill * CVE-2026-11637: Use after free in Views * CVE-2026-11638: Use after free in Printing * CVE-2026-11639: Use after free in Compositing * CVE-2026-11640: Integer overflow in libyuv * CVE-2026-11641: Use after free in Bluetooth * CVE-2026-11642: Use after free in Web Apps * CVE-2026-11643: Use after free in Proxy * CVE-2026-11644: Use after free in Views * CVE-2026-11645: Out of bounds memory access in V8 * CVE-2026-11646: Use after free in ViewTransitions * CVE-2026-11647: Use after free in Printing * CVE-2026-11648: Use after free in FullScreen * CVE-2026-11649: Use after free in V8 * CVE-2026-11650: Use after free in V8 * CVE-2026-11651: Use after free in Network * CVE-2026-11652: Use after free in Extensions * CVE-2026-11653: Insufficient validation of untrusted input in Extensions * CVE-2026-11654: Use after free in CameraCapture * CVE-2026-11655: Integer overflow in Media * CVE-2026-11656: Use after free in ServiceWorker * CVE-2026-11657: Use after free in Payments * CVE-2026-11658: Insufficient validation of untrusted input in Extensions * CVE-2026-11659: Insufficient validation of untrusted input in UI * CVE-2026-11660: Insufficient validation of untrusted input in New Tab Page * CVE-2026-11661: Use after free in Views * CVE-2026-11662: Type Confusion in Bindings * CVE-2026-11663: Use after free in Skia * CVE-2026-11664: Use after free in Payments * CVE-2026-11665: Out of bounds read in Dawn * CVE-2026-11666: Insufficient validation of untrusted input in Input * CVE-2026-11667: Out of bounds read in WebRTC * CVE-2026-11668: Uninitialized Use in Codecs * CVE-2026-11669: Integer overflow in Media * CVE-2026-11670: Use after free in PDF * CVE-2026-11671: Use after free in Navigation * CVE-2026-11672: Out of bounds write in GPU * CVE-2026-11673: Use after free in InterestGroups * CVE-2026-11674: Use after free in Guest View * CVE-2026-11675: Insufficient validation of untrusted input in Skia * CVE-2026-11676: Insufficient validation of untrusted input in Dawn * CVE-2026-11677: Race in Network * CVE-2026-11678: Integer overflow in libyuv * CVE-2026-11679: Use after free in Codecs * CVE-2026-11680: Use after free in Media * CVE-2026-11681: Use after free in Ozone * CVE-2026-11682: Insufficient validation of untrusted input in Views * CVE-2026-11683: Use after free in WebCodecs * CVE-2026-11684: Insufficient policy enforcement in Network * CVE-2026-11685: Insufficient data validation in MediaCapture * CVE-2026-11686: Insufficient validation of untrusted input in Dawn * CVE-2026-11687: Use after free in Dawn * CVE-2026-11688: Object lifecycle issue in SVG * CVE-2026-11689: Insufficient validation of untrusted input in Passwords * CVE-2026-11690: Out of bounds read and write in Media * CVE-2026-11691: Insufficient validation of untrusted input in New Tab Page * CVE-2026-11692: Use after free in Read Anything * CVE-2026-11693: Inappropriate implementation in Plugins * CVE-2026-11694: Use after free in ServiceWorker * CVE-2026-11695: Inappropriate implementation in Passwords * CVE-2026-11696: Uninitialized Use in Video * CVE-2026-11697: Insufficient validation of untrusted input in UI * CVE-2026-11698: Use after free in Bluetooth * CVE-2026-11699: Use after free in Bluetooth * CVE-2026-11700: Use after free in Tracing * CVE-2026-11701: Insufficient validation of untrusted input in Guest View - Refresh ppc64le patches -------------------------------------------------------------------------------- References: [ 1 ] Bug #2486043 - CVE-2026-10881 CVE-2026-10882 CVE-2026-10883 CVE-2026-10884 CVE-2026-10885 CVE-2026-10886 CVE-2026-10887 CVE-2026-10888 CVE-2026-10889 CVE-2026-10890 CVE-2026-10891 CVE-2026-10892 CVE-2026-10893 CVE-2026-10894 ... chromium: various flaws [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2486043 [ 2 ] Bug #2487619 - CVE-2026-11628 CVE-2026-11629 CVE-2026-11630 CVE-2026-11631 CVE-2026-11632 CVE-2026-11633 CVE-2026-11634 CVE-2026-11635 CVE-2026-11636 CVE-2026-11637 CVE-2026-11638 CVE-2026-11639 CVE-2026-11640 CVE-2026-11641 ... chromium: various flaws [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2487619 -------------------------------------------------------------------------------- ================================================================================ coturn-4.12.0-2.el10_2 (FEDORA-EPEL-2026-baa6318fd1) TURN/STUN & ICE Server -------------------------------------------------------------------------------- Update Information: Ensure that systemctl reload coturn also reloads TLS certificate -------------------------------------------------------------------------------- ChangeLog: * Thu Jun 11 2026 Robert Scheck <robert(a)fedoraproject.org> - 4.12.0-2 - Ensure that 'systemctl reload coturn' also reloads TLS certificate -------------------------------------------------------------------------------- ================================================================================ gh-2.94.0-1.el10_2 (FEDORA-EPEL-2026-46b506c7c2) GitHub's official command line tool -------------------------------------------------------------------------------- Update Information: Update to 2.94.0 Update to 2.93.0 -------------------------------------------------------------------------------- ChangeLog: * Thu Jun 11 2026 Packit <hello(a)packit.dev> - 2.94.0-1 - Update to 2.94.0 upstream release - Resolves: rhbz#2487830 * Thu May 28 2026 Maxwell G <maxwell(a)gtmx.me> - 2.93.0-1 - Update to 2.93.0. Fixes rhbz#2482337. * Mon May 4 2026 Maxwell G <maxwell(a)gtmx.me> - 2.92.0-1 - Update to 2.92.0. Fixes rhbz#2451741. * Fri Apr 24 2026 Maxwell G <maxwell(a)gtmx.me> - 2.91.0-3 - Make telemetry sending opt in * Fri Apr 24 2026 Maxwell G <maxwell(a)gtmx.me> - 2.91.0-1 - Update to 2.91.0. Fixes rhbz#2451741. * Thu Mar 12 2026 Packit <hello(a)packit.dev> - 2.88.1-1 - Update to 2.88.1 upstream release - Resolves: rhbz#2446304 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2483740 - CVE-2026-45803 gh: GitHub CLI: Arbitrary command execution via terminal escape sequence injection in workflow logs [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2483740 [ 2 ] Bug #2486202 - CVE-2026-45287 gh: OpenTelemetry-Go: Denial of Service due to file descriptor leak [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2486202 -------------------------------------------------------------------------------- ================================================================================ glab-1.102.0-1.el10_2 (FEDORA-EPEL-2026-44dcfe848d) A GitLab CLI tool bringing GitLab to your command line -------------------------------------------------------------------------------- Update Information: Update to 1.102.0 -------------------------------------------------------------------------------- ChangeLog: * Fri Jun 5 2026 Packit <hello(a)packit.dev> - 1.102.0-1 - Update to 1.102.0 upstream release - Resolves: rhbz#2476559 * Fri May 8 2026 Packit <hello(a)packit.dev> - 1.95.0-1 - Update to 1.95.0 upstream release - Resolves: rhbz#2467246 * Fri Apr 10 2026 Packit <hello(a)packit.dev> - 1.92.1-1 - Update to 1.92.1 upstream release - Resolves: rhbz#2457079 * Wed Apr 1 2026 Packit <hello(a)packit.dev> - 1.91.0-1 - Update to 1.91.0 upstream release - Resolves: rhbz#2453971 * Mon Mar 23 2026 Packit <hello(a)packit.dev> - 1.90.0-1 - Update to 1.90.0 upstream release - Resolves: rhbz#2450398 * Thu Mar 5 2026 Packit <hello(a)packit.dev> - 1.89.0-1 - Update to 1.89.0 upstream release - Resolves: rhbz#2444915 * Wed Mar 4 2026 Packit <hello(a)packit.dev> - 1.88.0-1 - Update to 1.88.0 upstream release - Resolves: rhbz#2443918 * Wed Feb 18 2026 Packit <hello(a)packit.dev> - 1.86.0-1 - Update to 1.86.0 upstream release - Resolves: rhbz#2440787 * Tue Feb 17 2026 Packit <hello(a)packit.dev> - 1.85.3-1 - Update to 1.85.3 upstream release - Resolves: rhbz#2440422 * Sun Feb 15 2026 Packit <hello(a)packit.dev> - 1.85.2-1 - Update to 1.85.2 upstream release - Resolves: rhbz#2435193 * Mon Feb 2 2026 Maxwell G <maxwell(a)gtmx.me> - 1.81.0-2 - Rebuild for https://fedoraproject.org/wiki/Changes/golang1.26 * Wed Jan 21 2026 Packit <hello(a)packit.dev> - 1.81.0-1 - Update to 1.81.0 upstream release - Resolves: rhbz#2431524 * Fri Jan 16 2026 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.80.4-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild * Thu Dec 18 2025 Packit <hello(a)packit.dev> - 1.80.4-1 - Update to 1.80.4 upstream release - Resolves: rhbz#2423434 * Wed Dec 17 2025 Packit <hello(a)packit.dev> - 1.80.0-1 - Update to 1.80.0 upstream release - Resolves: rhbz#2416474 * Wed Nov 12 2025 Packit <hello(a)packit.dev> - 1.77.0-1 - Update to 1.77.0 upstream release - Resolves: rhbz#2414317 * Wed Nov 5 2025 Mikel Olasagasti Uranga <mikel(a)olasagasti.info> - 1.76.2-1 - Update to 1.76.2 - Closes rhbz#2395480 * Fri Oct 10 2025 Alejandro Sáez <asm(a)redhat.com> - 1.68.0-2 - rebuild * Tue Sep 9 2025 Packit <hello(a)packit.dev> - 1.68.0-1 - Update to 1.68.0 upstream release - Resolves: rhbz#2393375 * Tue Sep 9 2025 Mikel Olasagasti Uranga <mikel(a)olasagasti.info> - 1.67.0-5 - Integrate Packit with Go Vendor Tools * Fri Aug 15 2025 Maxwell G <maxwell(a)gtmx.me> - 1.67.0-4 - Rebuild for golang-1.25.0 * Fri Aug 15 2025 Maxwell G <maxwell(a)gtmx.me> - 1.67.0-3 - Revert "Rebuild for golang-1.25.0" * Fri Aug 15 2025 Maxwell G <maxwell(a)gtmx.me> - 1.67.0-2 - Rebuild for golang-1.25.0 * Thu Aug 14 2025 Mikel Olasagasti Uranga <mikel(a)olasagasti.info> - 1.67.0-1 - Update to 1.167.0 - Closes rhbz#2388496 * Wed Aug 13 2025 Mikel Olasagasti Uranga <mikel(a)olasagasti.info> - 1.66.0-2 - Fix missing license file * Wed Aug 13 2025 Mikel Olasagasti Uranga <mikel(a)olasagasti.info> - 1.66.0-1 - Update to 1.66.0 - Closes rhbz#2333063 * Wed Jul 23 2025 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.61.0-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild * Tue Jul 8 2025 Maxwell G <maxwell(a)gtmx.me> - 1.61.0-1 - Update to 1.61.0. Use vendored deps. * Thu Jan 16 2025 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.50.0-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild * Thu Nov 28 2024 Packit <hello(a)packit.dev> - 1.50.0-1 - Update to 1.50.0 upstream release - Resolves: rhbz#2329351 * Fri Nov 15 2024 Packit <hello(a)packit.dev> - 1.49.0-1 - Update to 1.49.0 upstream release - Resolves: rhbz#2326391 * Thu Oct 17 2024 Packit <hello(a)packit.dev> - 1.48.0-1 - Update to 1.48.0 upstream release - Resolves: rhbz#2319407 * Wed Oct 2 2024 Packit <hello(a)packit.dev> - 1.47.0-1 - Update to 1.47.0 upstream release - Resolves: rhbz#2316205 * Tue Sep 10 2024 Packit <hello(a)packit.dev> - 1.46.1-1 - Update to 1.46.1 upstream release - Resolves: rhbz#2309743 * Wed Jul 31 2024 Packit <hello(a)packit.dev> - 1.45.0-1 - Update to 1.45.0 upstream release - Resolves: rhbz#2299322 * Thu Jul 18 2024 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.42.0-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild * Fri Jul 12 2024 Mikel Olasagasti Uranga <mikel(a)olasagasti.info> - 1.42.0-1 - Update to 1.42.0 - Closes rhbz#2277027 -------------------------------------------------------------------------------- ================================================================================ lesspipe-2.27-1.el10_2 (FEDORA-EPEL-2026-b3458e36b7) Input filter for less to better display files -------------------------------------------------------------------------------- Update Information: version 2.27 version 2.26 -------------------------------------------------------------------------------- ChangeLog: * Thu Jun 11 2026 Andreas Haupt <andreas.haupt(a)desy.de> - 2.27-1 - version 2.27 * Sun Jun 7 2026 Andreas Haupt <andreas.haupt(a)desy.de> - 2.26-1 - version 2.26 * Fri May 15 2026 Andreas Haupt <andreas.haupt(a)desy.de> - 2.25-2 - sources for 2.25 * Tue May 12 2026 Andreas Haupt <andreas.haupt(a)desy.de> - 2.25-1 - version 2.25 * Tue May 12 2026 Andreas Haupt <andreas.haupt(a)desy.de> - 2.24-4 - finish lesspipe-vimcolor obsoleteness -------------------------------------------------------------------------------- ================================================================================ mock-core-configs-44.3-1.el10_2 (FEDORA-EPEL-2026-fd11f4d413) Mock core config files basic chroots -------------------------------------------------------------------------------- Update Information: https://rpm-software-management.github.io/mock/Release-Notes-Configs-44.3 -------------------------------------------------------------------------------- ChangeLog: * Wed Jun 10 2026 Pavel Raiskup <pavel(a)raiskup.cz> 44.3-1 - the fedora-release-eln renamed to fedora-eln-release - Add config for Fedora 44 version of RISC-V port (marcin(a)juszkiewicz.com.pl) - set bootstrap_image_ready=True for AlmaLinux configs (andrew.lukoshko(a)gmail.com) - re-enable bootstrap images for x86_64_v2 AlmaLinux configs (andrew.lukoshko(a)gmail.com) - remove dependency on python3-dnf (msuchy(a)redhat.com) -------------------------------------------------------------------------------- ================================================================================ perl-Config-IniFiles-3.001000-1.el10_2 (FEDORA-EPEL-2026-0e5f31b975) A module for reading .ini-style configuration files -------------------------------------------------------------------------------- Update Information: Update to 3.001000, fixes CVE-2026-11527 -------------------------------------------------------------------------------- ChangeLog: * Thu Jun 11 2026 Xavier Bachelot <xavier(a)bachelot.org> - 3.001000-1 - Update to 3.001000 (RHBZ#2487822) - Fixes CVE-2026-11527 * Sat Jan 17 2026 Fedora Release Engineering <releng(a)fedoraproject.org> - 3.000003-18 - Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild * Fri Jul 25 2025 Fedora Release Engineering <releng(a)fedoraproject.org> - 3.000003-17 - Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild * Sat Jan 18 2025 Fedora Release Engineering <releng(a)fedoraproject.org> - 3.000003-16 - Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ rust-curl-sys-0.4.89-1.el10_2 (FEDORA-EPEL-2026-2246c3f2c7) Native bindings to the libcurl library -------------------------------------------------------------------------------- Update Information: Update to version 0.4.89. -------------------------------------------------------------------------------- ChangeLog: * Thu Jun 11 2026 Fabio Valentini <decathorpe(a)gmail.com> - 0.4.89-1 - Update to version 0.4.89+curl-8.20.0; Fixes RHBZ#2453027 -------------------------------------------------------------------------------- ================================================================================ rust-semver-1.0.28-1.el10_2 (FEDORA-EPEL-2026-0148b9cc63) Parser and evaluator for Cargo's flavor of Semantic Versioning -------------------------------------------------------------------------------- Update Information: Update to version 1.0.28. -------------------------------------------------------------------------------- ChangeLog: * Wed Jun 10 2026 Fabio Valentini <decathorpe(a)gmail.com> - 1.0.28-1 - Update to version 1.0.28; Fixes RHBZ#2455028 * Sat Jan 17 2026 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.0.27-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild --------------------------------------------------------------------------------

1 0

Fedora EPEL 10.3 updates-testing report
by updates＠fedoraproject.org 12 Jun '26

12 Jun '26

The following Fedora EPEL 10.3 Security updates need testing: Age URL 50 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-a5d0ca57c2 nuclei-3.8.0-1.el10_3 6 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-74379a46c0 suricata-8.0.4-1.el10_3 6 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-d404995bb4 chezmoi-2.70.5-1.el10_3 6 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-30ff6c2325 composer-2.10.1-1.el10_3 6 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-c26294a28d apptainer-1.5.1-1.el10_3 5 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-62728108d7 python-python-multipart-0.0.32-1.el10_3 2 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-1ee658d973 openslide-4.0.0-8.el10_3 2 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-988ec151d8 nextcloud-33.0.5-1.el10_3 1 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-50135c9a61 bird-3.3.1-1.el10_3 1 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-64e6156b8f perl-GD-2.86-1.el10_3 1 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-15e8597d17 singularity-ce-4.4.2-1.el10_3 1 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-9a0e292bed restic-0.19.0-1.el10_3 1 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-8e20be111c ocserv-1.5.0-2.el10_3 The following builds have been pushed to Fedora EPEL 10.3 updates-testing chromium-149.0.7827.102-1.el10_3 coturn-4.12.0-2.el10_3 gh-2.94.0-1.el10_3 glab-1.102.0-1.el10_3 lesspipe-2.27-1.el10_3 mock-core-configs-44.3-1.el10_3 perl-Config-IniFiles-3.001000-1.el10_3 rust-axum-0.8.9-1.el10_3 rust-axum-macros-0.5.1-1.el10_3 rust-curl-sys-0.4.89-1.el10_3 rust-opener-0.8.5-1.el10_3 rust-semver-1.0.28-1.el10_3 rust-tokio-tungstenite-0.29.0-1.el10_3 rust-tungstenite-0.29.0-1.el10_3 ytree-2.13-1.el10_3 Details about builds: ================================================================================ chromium-149.0.7827.102-1.el10_3 (FEDORA-EPEL-2026-af0dc4e356) A WebKit (Blink) powered web browser that Google doesn't want you to use -------------------------------------------------------------------------------- Update Information: Update to 149.0.7827.102 CVE-2026-11628: Use after free in Ozone CVE-2026-11629: Use after free in Ozone CVE-2026-11630: Use after free in File Input CVE-2026-11631: Use after free in Aura CVE-2026-11632: Use after free in TabStrip CVE-2026-11633: Use after free in Bluetooth CVE-2026-11634: Use after free in Gamepad CVE-2026-11635: Use after free in Bluetooth CVE-2026-11636: Use after free in Autofill CVE-2026-11637: Use after free in Views CVE-2026-11638: Use after free in Printing CVE-2026-11639: Use after free in Compositing CVE-2026-11640: Integer overflow in libyuv CVE-2026-11641: Use after free in Bluetooth CVE-2026-11642: Use after free in Web Apps CVE-2026-11643: Use after free in Proxy CVE-2026-11644: Use after free in Views CVE-2026-11645: Out of bounds memory access in V8 CVE-2026-11646: Use after free in ViewTransitions CVE-2026-11647: Use after free in Printing CVE-2026-11648: Use after free in FullScreen CVE-2026-11649: Use after free in V8 CVE-2026-11650: Use after free in V8 CVE-2026-11651: Use after free in Network CVE-2026-11652: Use after free in Extensions CVE-2026-11653: Insufficient validation of untrusted input in Extensions CVE-2026-11654: Use after free in CameraCapture CVE-2026-11655: Integer overflow in Media CVE-2026-11656: Use after free in ServiceWorker CVE-2026-11657: Use after free in Payments CVE-2026-11658: Insufficient validation of untrusted input in Extensions CVE-2026-11659: Insufficient validation of untrusted input in UI CVE-2026-11660: Insufficient validation of untrusted input in New Tab Page CVE-2026-11661: Use after free in Views CVE-2026-11662: Type Confusion in Bindings CVE-2026-11663: Use after free in Skia CVE-2026-11664: Use after free in Payments CVE-2026-11665: Out of bounds read in Dawn CVE-2026-11666: Insufficient validation of untrusted input in Input CVE-2026-11667: Out of bounds read in WebRTC CVE-2026-11668: Uninitialized Use in Codecs CVE-2026-11669: Integer overflow in Media CVE-2026-11670: Use after free in PDF CVE-2026-11671: Use after free in Navigation CVE-2026-11672: Out of bounds write in GPU CVE-2026-11673: Use after free in InterestGroups CVE-2026-11674: Use after free in Guest View CVE-2026-11675: Insufficient validation of untrusted input in Skia CVE-2026-11676: Insufficient validation of untrusted input in Dawn CVE-2026-11677: Race in Network CVE-2026-11678: Integer overflow in libyuv CVE-2026-11679: Use after free in Codecs CVE-2026-11680: Use after free in Media CVE-2026-11681: Use after free in Ozone CVE-2026-11682: Insufficient validation of untrusted input in Views CVE-2026-11683: Use after free in WebCodecs CVE-2026-11684: Insufficient policy enforcement in Network CVE-2026-11685: Insufficient data validation in MediaCapture CVE-2026-11686: Insufficient validation of untrusted input in Dawn CVE-2026-11687: Use after free in Dawn CVE-2026-11688: Object lifecycle issue in SVG CVE-2026-11689: Insufficient validation of untrusted input in Passwords CVE-2026-11690: Out of bounds read and write in Media CVE-2026-11691: Insufficient validation of untrusted input in New Tab Page CVE-2026-11692: Use after free in Read Anything CVE-2026-11693: Inappropriate implementation in Plugins CVE-2026-11694: Use after free in ServiceWorker CVE-2026-11695: Inappropriate implementation in Passwords CVE-2026-11696: Uninitialized Use in Video CVE-2026-11697: Insufficient validation of untrusted input in UI CVE-2026-11698: Use after free in Bluetooth CVE-2026-11699: Use after free in Bluetooth CVE-2026-11700: Use after free in Tracing CVE-2026-11701: Insufficient validation of untrusted input in Guest View -------------------------------------------------------------------------------- ChangeLog: * Tue Jun 9 2026 Than Ngo <than(a)redhat.com> - 149.0.7827.102-1 - Update to 149.0.7827.102 * CVE-2026-11628: Use after free in Ozone * CVE-2026-11629: Use after free in Ozone * CVE-2026-11630: Use after free in File Input * CVE-2026-11631: Use after free in Aura * CVE-2026-11632: Use after free in TabStrip * CVE-2026-11633: Use after free in Bluetooth * CVE-2026-11634: Use after free in Gamepad * CVE-2026-11635: Use after free in Bluetooth * CVE-2026-11636: Use after free in Autofill * CVE-2026-11637: Use after free in Views * CVE-2026-11638: Use after free in Printing * CVE-2026-11639: Use after free in Compositing * CVE-2026-11640: Integer overflow in libyuv * CVE-2026-11641: Use after free in Bluetooth * CVE-2026-11642: Use after free in Web Apps * CVE-2026-11643: Use after free in Proxy * CVE-2026-11644: Use after free in Views * CVE-2026-11645: Out of bounds memory access in V8 * CVE-2026-11646: Use after free in ViewTransitions * CVE-2026-11647: Use after free in Printing * CVE-2026-11648: Use after free in FullScreen * CVE-2026-11649: Use after free in V8 * CVE-2026-11650: Use after free in V8 * CVE-2026-11651: Use after free in Network * CVE-2026-11652: Use after free in Extensions * CVE-2026-11653: Insufficient validation of untrusted input in Extensions * CVE-2026-11654: Use after free in CameraCapture * CVE-2026-11655: Integer overflow in Media * CVE-2026-11656: Use after free in ServiceWorker * CVE-2026-11657: Use after free in Payments * CVE-2026-11658: Insufficient validation of untrusted input in Extensions * CVE-2026-11659: Insufficient validation of untrusted input in UI * CVE-2026-11660: Insufficient validation of untrusted input in New Tab Page * CVE-2026-11661: Use after free in Views * CVE-2026-11662: Type Confusion in Bindings * CVE-2026-11663: Use after free in Skia * CVE-2026-11664: Use after free in Payments * CVE-2026-11665: Out of bounds read in Dawn * CVE-2026-11666: Insufficient validation of untrusted input in Input * CVE-2026-11667: Out of bounds read in WebRTC * CVE-2026-11668: Uninitialized Use in Codecs * CVE-2026-11669: Integer overflow in Media * CVE-2026-11670: Use after free in PDF * CVE-2026-11671: Use after free in Navigation * CVE-2026-11672: Out of bounds write in GPU * CVE-2026-11673: Use after free in InterestGroups * CVE-2026-11674: Use after free in Guest View * CVE-2026-11675: Insufficient validation of untrusted input in Skia * CVE-2026-11676: Insufficient validation of untrusted input in Dawn * CVE-2026-11677: Race in Network * CVE-2026-11678: Integer overflow in libyuv * CVE-2026-11679: Use after free in Codecs * CVE-2026-11680: Use after free in Media * CVE-2026-11681: Use after free in Ozone * CVE-2026-11682: Insufficient validation of untrusted input in Views * CVE-2026-11683: Use after free in WebCodecs * CVE-2026-11684: Insufficient policy enforcement in Network * CVE-2026-11685: Insufficient data validation in MediaCapture * CVE-2026-11686: Insufficient validation of untrusted input in Dawn * CVE-2026-11687: Use after free in Dawn * CVE-2026-11688: Object lifecycle issue in SVG * CVE-2026-11689: Insufficient validation of untrusted input in Passwords * CVE-2026-11690: Out of bounds read and write in Media * CVE-2026-11691: Insufficient validation of untrusted input in New Tab Page * CVE-2026-11692: Use after free in Read Anything * CVE-2026-11693: Inappropriate implementation in Plugins * CVE-2026-11694: Use after free in ServiceWorker * CVE-2026-11695: Inappropriate implementation in Passwords * CVE-2026-11696: Uninitialized Use in Video * CVE-2026-11697: Insufficient validation of untrusted input in UI * CVE-2026-11698: Use after free in Bluetooth * CVE-2026-11699: Use after free in Bluetooth * CVE-2026-11700: Use after free in Tracing * CVE-2026-11701: Insufficient validation of untrusted input in Guest View - Refresh ppc64le patches -------------------------------------------------------------------------------- References: [ 1 ] Bug #2486043 - CVE-2026-10881 CVE-2026-10882 CVE-2026-10883 CVE-2026-10884 CVE-2026-10885 CVE-2026-10886 CVE-2026-10887 CVE-2026-10888 CVE-2026-10889 CVE-2026-10890 CVE-2026-10891 CVE-2026-10892 CVE-2026-10893 CVE-2026-10894 ... chromium: various flaws [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2486043 [ 2 ] Bug #2487619 - CVE-2026-11628 CVE-2026-11629 CVE-2026-11630 CVE-2026-11631 CVE-2026-11632 CVE-2026-11633 CVE-2026-11634 CVE-2026-11635 CVE-2026-11636 CVE-2026-11637 CVE-2026-11638 CVE-2026-11639 CVE-2026-11640 CVE-2026-11641 ... chromium: various flaws [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2487619 -------------------------------------------------------------------------------- ================================================================================ coturn-4.12.0-2.el10_3 (FEDORA-EPEL-2026-fa689762d7) TURN/STUN & ICE Server -------------------------------------------------------------------------------- Update Information: Ensure that systemctl reload coturn also reloads TLS certificate -------------------------------------------------------------------------------- ChangeLog: * Thu Jun 11 2026 Robert Scheck <robert(a)fedoraproject.org> - 4.12.0-2 - Ensure that 'systemctl reload coturn' also reloads TLS certificate -------------------------------------------------------------------------------- ================================================================================ gh-2.94.0-1.el10_3 (FEDORA-EPEL-2026-d82cb6262c) GitHub's official command line tool -------------------------------------------------------------------------------- Update Information: Update to 2.94.0 Update to 2.93.0 -------------------------------------------------------------------------------- ChangeLog: * Thu Jun 11 2026 Packit <hello(a)packit.dev> - 2.94.0-1 - Update to 2.94.0 upstream release - Resolves: rhbz#2487830 * Thu May 28 2026 Maxwell G <maxwell(a)gtmx.me> - 2.93.0-1 - Update to 2.93.0. Fixes rhbz#2482337. -------------------------------------------------------------------------------- References: [ 1 ] Bug #2483740 - CVE-2026-45803 gh: GitHub CLI: Arbitrary command execution via terminal escape sequence injection in workflow logs [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2483740 [ 2 ] Bug #2486202 - CVE-2026-45287 gh: OpenTelemetry-Go: Denial of Service due to file descriptor leak [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2486202 -------------------------------------------------------------------------------- ================================================================================ glab-1.102.0-1.el10_3 (FEDORA-EPEL-2026-876523b2be) A GitLab CLI tool bringing GitLab to your command line -------------------------------------------------------------------------------- Update Information: Update to 1.102.0 -------------------------------------------------------------------------------- ChangeLog: * Fri Jun 5 2026 Packit <hello(a)packit.dev> - 1.102.0-1 - Update to 1.102.0 upstream release - Resolves: rhbz#2476559 * Fri May 8 2026 Packit <hello(a)packit.dev> - 1.95.0-1 - Update to 1.95.0 upstream release - Resolves: rhbz#2467246 -------------------------------------------------------------------------------- ================================================================================ lesspipe-2.27-1.el10_3 (FEDORA-EPEL-2026-109767d5c6) Input filter for less to better display files -------------------------------------------------------------------------------- Update Information: version 2.27 version 2.26 -------------------------------------------------------------------------------- ChangeLog: * Thu Jun 11 2026 Andreas Haupt <andreas.haupt(a)desy.de> - 2.27-1 - version 2.27 * Sun Jun 7 2026 Andreas Haupt <andreas.haupt(a)desy.de> - 2.26-1 - version 2.26 * Fri May 15 2026 Andreas Haupt <andreas.haupt(a)desy.de> - 2.25-2 - sources for 2.25 * Tue May 12 2026 Andreas Haupt <andreas.haupt(a)desy.de> - 2.25-1 - version 2.25 * Tue May 12 2026 Andreas Haupt <andreas.haupt(a)desy.de> - 2.24-4 - finish lesspipe-vimcolor obsoleteness -------------------------------------------------------------------------------- ================================================================================ mock-core-configs-44.3-1.el10_3 (FEDORA-EPEL-2026-e08823de40) Mock core config files basic chroots -------------------------------------------------------------------------------- Update Information: https://rpm-software-management.github.io/mock/Release-Notes-Configs-44.3 -------------------------------------------------------------------------------- ChangeLog: * Wed Jun 10 2026 Pavel Raiskup <pavel(a)raiskup.cz> 44.3-1 - the fedora-release-eln renamed to fedora-eln-release - Add config for Fedora 44 version of RISC-V port (marcin(a)juszkiewicz.com.pl) - set bootstrap_image_ready=True for AlmaLinux configs (andrew.lukoshko(a)gmail.com) - re-enable bootstrap images for x86_64_v2 AlmaLinux configs (andrew.lukoshko(a)gmail.com) - remove dependency on python3-dnf (msuchy(a)redhat.com) -------------------------------------------------------------------------------- ================================================================================ perl-Config-IniFiles-3.001000-1.el10_3 (FEDORA-EPEL-2026-bf53806e4a) A module for reading .ini-style configuration files -------------------------------------------------------------------------------- Update Information: Update to 3.001000, fixes CVE-2026-11527 -------------------------------------------------------------------------------- ChangeLog: * Thu Jun 11 2026 Xavier Bachelot <xavier(a)bachelot.org> - 3.001000-1 - Update to 3.001000 (RHBZ#2487822) - Fixes CVE-2026-11527 * Sat Jan 17 2026 Fedora Release Engineering <releng(a)fedoraproject.org> - 3.000003-18 - Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild * Fri Jul 25 2025 Fedora Release Engineering <releng(a)fedoraproject.org> - 3.000003-17 - Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild * Sat Jan 18 2025 Fedora Release Engineering <releng(a)fedoraproject.org> - 3.000003-16 - Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ rust-axum-0.8.9-1.el10_3 (FEDORA-EPEL-2026-cf5c606c20) HTTP routing and request handling library -------------------------------------------------------------------------------- Update Information: Update the axum crate to version 0.8.9. Update the axum-macros crate to version 0.5.1. Update the tokio-tungstenite crate to version 0.29.0. Update the tungstenite crate to version 0.29.0. -------------------------------------------------------------------------------- ChangeLog: * Wed Jun 10 2026 Fabio Valentini <decathorpe(a)gmail.com> - 0.8.9-1 - Update to version 0.8.9; Fixes RHBZ#2458161 * Sat Jan 17 2026 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.8.8-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ rust-axum-macros-0.5.1-1.el10_3 (FEDORA-EPEL-2026-cf5c606c20) Macros for axum -------------------------------------------------------------------------------- Update Information: Update the axum crate to version 0.8.9. Update the axum-macros crate to version 0.5.1. Update the tokio-tungstenite crate to version 0.29.0. Update the tungstenite crate to version 0.29.0. -------------------------------------------------------------------------------- ChangeLog: * Wed Jun 10 2026 Fabio Valentini <decathorpe(a)gmail.com> - 0.5.1-1 - Update to version 0.5.1; Fixes RHBZ#2458160 * Sat Jan 17 2026 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.5.0-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ rust-curl-sys-0.4.89-1.el10_3 (FEDORA-EPEL-2026-7d48835984) Native bindings to the libcurl library -------------------------------------------------------------------------------- Update Information: Update to version 0.4.89. -------------------------------------------------------------------------------- ChangeLog: * Thu Jun 11 2026 Fabio Valentini <decathorpe(a)gmail.com> - 0.4.89-1 - Update to version 0.4.89+curl-8.20.0; Fixes RHBZ#2453027 -------------------------------------------------------------------------------- ================================================================================ rust-opener-0.8.5-1.el10_3 (FEDORA-EPEL-2026-c0814025d4) Open a file or link using the system default program -------------------------------------------------------------------------------- Update Information: Update to version 0.8.5. -------------------------------------------------------------------------------- ChangeLog: * Thu Jun 11 2026 Fabio Valentini <decathorpe(a)gmail.com> - 0.8.5-1 - Update to version 0.8.5; Fixes RHBZ#2487842 -------------------------------------------------------------------------------- ================================================================================ rust-semver-1.0.28-1.el10_3 (FEDORA-EPEL-2026-a2e0098129) Parser and evaluator for Cargo's flavor of Semantic Versioning -------------------------------------------------------------------------------- Update Information: Update to version 1.0.28. -------------------------------------------------------------------------------- ChangeLog: * Wed Jun 10 2026 Fabio Valentini <decathorpe(a)gmail.com> - 1.0.28-1 - Update to version 1.0.28; Fixes RHBZ#2455028 * Sat Jan 17 2026 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.0.27-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ rust-tokio-tungstenite-0.29.0-1.el10_3 (FEDORA-EPEL-2026-cf5c606c20) Tokio binding for Tungstenite -------------------------------------------------------------------------------- Update Information: Update the axum crate to version 0.8.9. Update the axum-macros crate to version 0.5.1. Update the tokio-tungstenite crate to version 0.29.0. Update the tungstenite crate to version 0.29.0. -------------------------------------------------------------------------------- ChangeLog: * Wed Jun 10 2026 Fabio Valentini <decathorpe(a)gmail.com> - 0.29.0-1 - Update to version 0.29.0; Fixes RHBZ#2448377 * Sat Jan 17 2026 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.28.0-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ rust-tungstenite-0.29.0-1.el10_3 (FEDORA-EPEL-2026-cf5c606c20) Lightweight stream-based WebSocket implementation -------------------------------------------------------------------------------- Update Information: Update the axum crate to version 0.8.9. Update the axum-macros crate to version 0.5.1. Update the tokio-tungstenite crate to version 0.29.0. Update the tungstenite crate to version 0.29.0. -------------------------------------------------------------------------------- ChangeLog: * Wed Jun 10 2026 Fabio Valentini <decathorpe(a)gmail.com> - 0.29.0-1 - Update to version 0.29.0; Fixes RHBZ#2448378 * Sat Jan 17 2026 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.28.0-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ ytree-2.13-1.el10_3 (FEDORA-EPEL-2026-b7cb84fd60) A file manager similar to XTree -------------------------------------------------------------------------------- Update Information: Automatic update for ytree-2.13-1.el10_3. -------------------------------------------------------------------------------- ChangeLog: * Thu Jun 11 2026 Filipe Rosset <filiperosset(a)fedoraproject.org> - 2.13-1 - update to 2.13 * Tue Jun 2 2026 Filipe Rosset <rosset.filipe(a)gmail.com> - 2.12-3 - update gitignore * Sat May 30 2026 Filipe Rosset <rosset.filipe(a)gmail.com> - 2.12-2 - opt-in to packit --------------------------------------------------------------------------------

1 0

Fedora EPEL 8 updates-testing report
by updates＠fedoraproject.org 11 Jun '26

11 Jun '26

The following Fedora EPEL 8 Security updates need testing: Age URL 203 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-5b2095e2c2 xpdf-4.06-1.el8 5 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-6821fe2971 apptainer-1.5.1-1.el8 1 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-ad8e45665d openslide-3.4.1-20.el8 0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-fb9a9ab1e9 ImageMagick-6.9.13.49-1.el8 0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-80fc55f890 bird-3.3.1-1.el8 The following builds have been pushed to Fedora EPEL 8 updates-testing perl-GD-2.86-1.el8 singularity-ce-4.4.2-1.el8 Details about builds: ================================================================================ perl-GD-2.86-1.el8 (FEDORA-EPEL-2026-fe2027915d) Perl interface to the GD graphics library -------------------------------------------------------------------------------- Update Information: This update fixes a command injection issue resulting from the use of the 2-argument form of open (CVE-2026-11526). -------------------------------------------------------------------------------- ChangeLog: * Tue Jun 9 2026 Paul Howarth <paul(a)city-fan.org> - 2.86-1 - Update to 2.86 - Fix command injection via 2-arg open() in _make_filehandle (CVE-2026-11526) * Tue Jun 2 2026 Paul Howarth <paul(a)city-fan.org> - 2.85-1 - Update to 2.85 - Tolerate runtime TIFF decode failures in autodetect (GH#62) - Replace cpm with cpanm in github actions - Fixed a minor precedence bug in t/z_manifest.t * Mon Jan 5 2026 Paul Howarth <paul(a)city-fan.org> - 2.84-1 - Update to 2.84 - Added Makefile.PL --with and --without options to bypass autodetection errors or upstream libgd or subsequent library errors (GH#55) - Better support MSWin32 without gdlib.pc (requires manual --options and --lib_gd_path) - Work around broken ExtUtils::PkgConfig->find (GH#61) - Fixed snprintf for newer MSVC (>= VS 2015) - Added GD::Image::supported() image types method - Added newFromTiffData() method - Fixed t/GD.t for unsupported image types - Add GIFANIM to the default since 2.0.33 (GH#56) - Honor PKG_CONFIG_PATH for finding gdlib.pc (GH#57) - Add demos/png2jpeg.pl - Don't disable XPM support if GD config doesn't explicitly require -lX11 - Use %{make_build} and %{make_install} * Tue Jun 25 2024 Paul Howarth <paul(a)city-fan.org> - 2.83-1 - Update to 2.83 - Fix missing PNG regression (CPAN RT#153923) on old systems without the .pc, but gdlib-config (the check was too strict) * Mon May 27 2024 Paul Howarth <paul(a)city-fan.org> - 2.82-1 - Update to 2.82 - Improve HEIF/AVIF autodetection (CPAN RT#153305) - Fix Strawberry Perl default libgd path (GH#54) - Fix AVIF and Webp autodetection in tests (GH#54) * Tue May 7 2024 Paul Howarth <paul(a)city-fan.org> - 2.81-1 - Update to 2.81 - Change GD::Polygon::transform to match old demos (CPAN RT#140043) and GD::Polyline - Add GD::Polygon::rotate(cw-radian) helper - Allow GD::Polygon::scale(2.0) * Fri May 3 2024 Paul Howarth <paul(a)city-fan.org> - 2.80-1 - Update to 2.80 - Fix broken copyTranspose and copyReverseTranspose (CPAN RT#153300) - Add transformation tests - Fix wrong WBMP name and detection - Fix wrong filename extension auto-detection for gd, gd2, wbmp - Fix wrong filename extension auto-detection for xpm; newFromXpm needs the filename, not handle - Fix wrong libgd doc link (GH#52) * Wed May 1 2024 Paul Howarth <paul(a)city-fan.org> - 2.79-1 - Update to 2.79 - Improve image type autodetection (CPAN RT#153212) and add a test - Fix Avif without Heif config - Improve gdlib.pc reader for supported library features * Tue Jul 4 2023 Paul Howarth <paul(a)city-fan.org> - 2.78-1 - Update to 2.78 - Fix Use of uninitialized value $pkg in concatenation warning (CPAN RT#148899, GH#47) - Add a new hard Test::NoWarnings test requirement * Mon May 29 2023 Paul Howarth <paul(a)city-fan.org> - 2.77-1 - Update to 2.77 - Add BMP support with libgd 2.1.0 (GH#49J - Don't link to -lXPM without XPM nor X11 (GH#45) - Rename ANIMGIF feature to GIFANIM - Fix unused variable failure in GH CI (CPAN RT#141125) * Tue Feb 1 2022 Paul Howarth <paul(a)city-fan.org> - 2.76-1 - Update to 2.76 - Fix broken TIFF and AVIF support (GH#43) - Re-enable XBM support (always on) - Provide xbm magic support (a hack, for GD::Graph) * Tue Feb 1 2022 Paul Howarth <paul(a)city-fan.org> - 2.75-2 - Fix copy and paste errors introduced in GD 2.75 (#2048953, CPAN RT#140910, GH#43) * Wed Jan 26 2022 Paul Howarth <paul(a)city-fan.org> - 2.75-1 - Update to 2.75 - Add experimental support for TIFF and RAQM (with freetype) - Improve GD2 tests (GH#42, CPAN RT#140856) - Also list the unsupported image formats in the GD::Image pod - Fix copyRotated pod (it rotates CCW) (GH#36) - Fix GD::Simple->fontMetrics docs and implementation (GH#37) - Fix lineheight calculation according to the docs; you might need to fix your code! - Add image methods tiff, webp, heif, avif, and its documentation - Fix the fix for the poly->transform documentation (CPAN RT#140043) * Sun Jan 23 2022 Paul Howarth <paul(a)city-fan.org> - 2.74-1 - Update to 2.74 - Add experimental support for WEBP, HEIF and AVIF - Document all supported image formats in the GD::Image lib - Added GitHub actions (for PR's) - Fix poly->transform documentation (CPAN RT#140043) - Fix GD, GD2 detection and tests (CPAN RT#139399 - since libgd 2.3.3) - POD: Remove indirect object constructors from example code snippet (GH#39) - Fix incorrect behaviour of GD::Simple->fontMetrics - Fix cross-compilation if gdlib.pc has no cflags * Thu Sep 24 2020 Paul Howarth <paul(a)city-fan.org> - 2.73-1 - Update to 2.73 - Allow Makefile.PL --options to override the libgd options; not recommended (see GH#33 and CPAN RT#130045) * Sat Jul 18 2020 Paul Howarth <paul(a)city-fan.org> - 2.72-1 - Update to 2.72 - Fix for colorMatch with older unpatched libgd versions, which has an exploitable heap overflow (CVE-2019-6977) - Note: libgd in Fedora is already patched for CVE-2019-6977 -------------------------------------------------------------------------------- ================================================================================ singularity-ce-4.4.2-1.el8 (FEDORA-EPEL-2026-57ae132e32) Application and environment virtualization -------------------------------------------------------------------------------- Update Information: Upgrade to 4.4.2 upstream version. -------------------------------------------------------------------------------- ChangeLog: * Wed Jun 10 2026 David Trudgian <dtrudg(a)sylabs.io> - 4.4.2-1 - Upgrade to 4.4.2 upstream version. - Fix rhbz#2452368 - Fix rhbz#2453084 - Fix rhbz#2455643 - Fix rhbz#2458928 - Fix CVE-2026-47215 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2452368 - CVE-2026-32285 singularity-ce: github.com/buger/jsonparser: Denial of Service via malformed JSON input [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2452368 [ 2 ] Bug #2453084 - CVE-2026-33748 singularity-ce: BuildKit: Unauthorized file access via Git URL fragment subdir components [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2453084 [ 3 ] Bug #2455643 - CVE-2026-34986 singularity-ce: Go JOSE: Denial of Service via crafted JSON Web Encryption (JWE) object [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2455643 [ 4 ] Bug #2456377 - CVE-2026-39395 singularity-ce: Cosign: Incorrect attestation verification due to malformed payloads or mismatched predicate types [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2456377 [ 5 ] Bug #2458928 - CVE-2026-39984 singularity-ce: improper certificate validation in verifier [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2458928 --------------------------------------------------------------------------------

1 0

Fedora EPEL 10.2 updates-testing report
by updates＠fedoraproject.org 11 Jun '26

11 Jun '26

The following Fedora EPEL 10.2 Security updates need testing: Age URL 7 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-c185cd6f77 nix-2.31.5-3.el10_2 5 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-aa1072911c chezmoi-2.70.5-1.el10_2 5 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-15368435dd composer-2.10.1-1.el10_2 5 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-5afb48ca9e apptainer-1.5.1-1.el10_2 5 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-b71f1f4e9b python-python-multipart-0.0.32-1.el10_2 5 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-64c1cc86c1 dnsdist-2.0.6-1.el10_2 1 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-02d92ea412 nextcloud-33.0.5-1.el10_2 0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-3dfbc6a1df bird-3.3.1-1.el10_2 The following builds have been pushed to Fedora EPEL 10.2 updates-testing perl-GD-2.86-1.el10_2 php-zstd-0.16.0-1.el10_2 python-astropy-iers-data-0.2026.6.8.17.49.5-1.el10_2 restic-0.19.0-1.el10_2 rust-clap-4.6.1-1.el10_2 rust-clap_complete-4.6.5-1.el10_2 rust-clap_derive-4.6.1-1.el10_2 singularity-ce-4.4.2-1.el10_2 Details about builds: ================================================================================ perl-GD-2.86-1.el10_2 (FEDORA-EPEL-2026-d41d0279ec) Perl interface to the GD graphics library -------------------------------------------------------------------------------- Update Information: This update fixes a command injection issue resulting from the use of the 2-argument form of open (CVE-2026-11526). -------------------------------------------------------------------------------- ChangeLog: * Tue Jun 9 2026 Paul Howarth <paul(a)city-fan.org> - 2.86-1 - Update to 2.86 - Fix command injection via 2-arg open() in _make_filehandle (CVE-2026-11526) * Tue Jun 2 2026 Paul Howarth <paul(a)city-fan.org> - 2.85-1 - Update to 2.85 - Tolerate runtime TIFF decode failures in autodetect (GH#62) - Replace cpm with cpanm in github actions - Fixed a minor precedence bug in t/z_manifest.t * Sat Jan 17 2026 Fedora Release Engineering <releng(a)fedoraproject.org> - 2.84-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild * Mon Jan 5 2026 Paul Howarth <paul(a)city-fan.org> - 2.84-1 - Update to 2.84 - Added Makefile.PL --with and --without options to bypass autodetection errors or upstream libgd or subsequent library errors (GH#55) - Better support MSWin32 without gdlib.pc (requires manual --options and --lib_gd_path) - Work around broken ExtUtils::PkgConfig->find (GH#61) - Fixed snprintf for newer MSVC (>= VS 2015) - Added GD::Image::supported() image types method - Added newFromTiffData() method - Fixed t/GD.t for unsupported image types - Add GIFANIM to the default since 2.0.33 (GH#56) - Honor PKG_CONFIG_PATH for finding gdlib.pc (GH#57) - Add demos/png2jpeg.pl - Don't disable XPM support if GD config doesn't explicitly require -lX11 - Use %{make_build} and %{make_install} * Fri Jul 25 2025 Fedora Release Engineering <releng(a)fedoraproject.org> - 2.83-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild * Mon Jul 7 2025 Jitka Plesnikova <jplesnik(a)redhat.com> - 2.83-4 - Perl 5.42 rebuild * Sat Jan 18 2025 Fedora Release Engineering <releng(a)fedoraproject.org> - 2.83-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild * Fri Jul 19 2024 Fedora Release Engineering <releng(a)fedoraproject.org> - 2.83-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ php-zstd-0.16.0-1.el10_2 (FEDORA-EPEL-2026-c42287038f) Zstandard extension -------------------------------------------------------------------------------- Update Information: Version 0.16.0 add: configurable compression level for APCu serializer (zstd.apcu_compression_level) fix: undefined behavior in zstd_uncompress_add by switching to smart_str API -------------------------------------------------------------------------------- ChangeLog: * Tue Jun 9 2026 Remi Collet <remi(a)remirepo.net> - 0.16.0-1 - update to 0.16.0 -------------------------------------------------------------------------------- ================================================================================ python-astropy-iers-data-0.2026.6.8.17.49.5-1.el10_2 (FEDORA-EPEL-2026-28e363378b) IERS Earth Rotation and Leap Second tables for the astropy core package -------------------------------------------------------------------------------- Update Information: Automatic update for python-astropy-iers-data-0.2026.6.8.17.49.5-1.el10_2. Changelog for python-astropy-iers-data * Mon Jun 08 2026 Packit <hello(a)packit.dev> - 0.2026.6.8.17.49.5-1 - Update to 0.2026.6.8.17.49.5 upstream release - Resolves: rhbz#2483795 -------------------------------------------------------------------------------- ChangeLog: * Mon Jun 8 2026 Packit <hello(a)packit.dev> - 0.2026.6.8.17.49.5-1 - Update to 0.2026.6.8.17.49.5 upstream release - Resolves: rhbz#2483795 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2483795 - python-astropy-iers-data-0.2026.6.8.17.49.5 is available https://bugzilla.redhat.com/show_bug.cgi?id=2483795 -------------------------------------------------------------------------------- ================================================================================ restic-0.19.0-1.el10_2 (FEDORA-EPEL-2026-445878b522) Fast, secure, efficient backup program -------------------------------------------------------------------------------- Update Information: Update to 0.19.0 -------------------------------------------------------------------------------- ChangeLog: * Wed Jun 10 2026 Mikel Olasagasti Uranga <mikel(a)olasagasti.info> - 0.19.0-1 - Update to 0.19.0 - Closes rhbz#2487290 * Tue Feb 3 2026 Maxwell G <maxwell(a)gtmx.me> - 0.18.1-3 - Rebuild for https://fedoraproject.org/wiki/Changes/golang1.26 * Sat Jan 17 2026 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.18.1-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #2455642 - CVE-2026-34986 restic: Go JOSE: Denial of Service via crafted JSON Web Encryption (JWE) object [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2455642 [ 2 ] Bug #2464131 - CVE-2026-41179 restic: Rclone: Unauthenticated local command execution via exposed RC endpoint [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2464131 [ 3 ] Bug #2464139 - CVE-2026-41176 restic: Rclone: Unauthorized access to administrative functions through unauthenticated Remote Control endpoint. [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2464139 [ 4 ] Bug #2486206 - CVE-2026-45287 restic: OpenTelemetry-Go: Denial of Service due to file descriptor leak [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2486206 -------------------------------------------------------------------------------- ================================================================================ rust-clap-4.6.1-1.el10_2 (FEDORA-EPEL-2026-340cab9230) Simple to use, efficient, and full-featured Command Line Argument Parser -------------------------------------------------------------------------------- Update Information: Update the clap and clap_derive crates to version 4.6.1. Update the clap_complete crate to version 4.6.5. -------------------------------------------------------------------------------- ChangeLog: * Wed Jun 10 2026 Fabio Valentini <decathorpe(a)gmail.com> - 4.6.1-1 - Update to version 4.6.1; Fixes RHBZ#2458762 -------------------------------------------------------------------------------- ================================================================================ rust-clap_complete-4.6.5-1.el10_2 (FEDORA-EPEL-2026-340cab9230) Generate shell completion scripts for your clap::Command -------------------------------------------------------------------------------- Update Information: Update the clap and clap_derive crates to version 4.6.1. Update the clap_complete crate to version 4.6.5. -------------------------------------------------------------------------------- ChangeLog: * Wed Jun 10 2026 Fabio Valentini <decathorpe(a)gmail.com> - 4.6.5-1 - Update to version 4.6.5; Fixes RHBZ#2457489 -------------------------------------------------------------------------------- ================================================================================ rust-clap_derive-4.6.1-1.el10_2 (FEDORA-EPEL-2026-340cab9230) Parse command line argument by defining a struct, derive crate -------------------------------------------------------------------------------- Update Information: Update the clap and clap_derive crates to version 4.6.1. Update the clap_complete crate to version 4.6.5. -------------------------------------------------------------------------------- ChangeLog: * Wed Jun 10 2026 Fabio Valentini <decathorpe(a)gmail.com> - 4.6.1-1 - Update to version 4.6.1; Fixes RHBZ#2458763 -------------------------------------------------------------------------------- ================================================================================ singularity-ce-4.4.2-1.el10_2 (FEDORA-EPEL-2026-82e8b5fef4) Application and environment virtualization -------------------------------------------------------------------------------- Update Information: Upgrade to 4.4.2 upstream version. -------------------------------------------------------------------------------- ChangeLog: * Wed Jun 10 2026 David Trudgian <dtrudg(a)sylabs.io> - 4.4.2-1 - Upgrade to 4.4.2 upstream version. - Fix rhbz#2452368 - Fix rhbz#2453084 - Fix rhbz#2455643 - Fix rhbz#2458928 - Fix CVE-2026-47215 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2452368 - CVE-2026-32285 singularity-ce: github.com/buger/jsonparser: Denial of Service via malformed JSON input [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2452368 [ 2 ] Bug #2453084 - CVE-2026-33748 singularity-ce: BuildKit: Unauthorized file access via Git URL fragment subdir components [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2453084 [ 3 ] Bug #2455643 - CVE-2026-34986 singularity-ce: Go JOSE: Denial of Service via crafted JSON Web Encryption (JWE) object [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2455643 [ 4 ] Bug #2456377 - CVE-2026-39395 singularity-ce: Cosign: Incorrect attestation verification due to malformed payloads or mismatched predicate types [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2456377 [ 5 ] Bug #2458928 - CVE-2026-39984 singularity-ce: improper certificate validation in verifier [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2458928 --------------------------------------------------------------------------------

1 0

Fedora EPEL 10.3 updates-testing report
by updates＠fedoraproject.org 11 Jun '26

11 Jun '26

The following Fedora EPEL 10.3 Security updates need testing: Age URL 49 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-a5d0ca57c2 nuclei-3.8.0-1.el10_3 6 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-6c66671917 php8.4-extras-8.4.21-1.el10_3 6 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-b08259fec1 php-extras-8.3.31-1.el10_3 6 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-f88f773927 vaultwarden-web-2026.4.1-1.el10_3 6 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-d5e54be3b9 vaultwarden-1.36.0-1.el10_3 5 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-74379a46c0 suricata-8.0.4-1.el10_3 5 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-d404995bb4 chezmoi-2.70.5-1.el10_3 5 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-30ff6c2325 composer-2.10.1-1.el10_3 5 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-c26294a28d apptainer-1.5.1-1.el10_3 4 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-62728108d7 python-python-multipart-0.0.32-1.el10_3 1 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-1ee658d973 openslide-4.0.0-8.el10_3 1 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-988ec151d8 nextcloud-33.0.5-1.el10_3 0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-50135c9a61 bird-3.3.1-1.el10_3 The following builds have been pushed to Fedora EPEL 10.3 updates-testing ocserv-1.5.0-2.el10_3 perl-GD-2.86-1.el10_3 php-zstd-0.16.0-1.el10_3 python-astropy-iers-data-0.2026.6.8.17.49.5-1.el10_3 radcli-1.5.2-3.el10_3 ranger-1.9.4-8.el10_3 restic-0.19.0-1.el10_3 rust-clap-4.6.1-1.el10_3 rust-clap_complete-4.6.5-1.el10_3 rust-clap_derive-4.6.1-1.el10_3 singularity-ce-4.4.2-1.el10_3 xournalpp-1.3.5-1.el10_3 Details about builds: ================================================================================ ocserv-1.5.0-2.el10_3 (FEDORA-EPEL-2026-8e20be111c) OpenConnect SSL VPN server -------------------------------------------------------------------------------- Update Information: fix pam-guard-page test -------------------------------------------------------------------------------- ChangeLog: * Wed Jun 10 2026 Nikos Mavrogiannopoulos <n.mavrogiannopoulos(a)gmail.com> - 1.5.0-2 - fix pam-guard-page test * Sun Jun 7 2026 Packit <hello(a)packit.dev> - 1.5.0-1 - Update to 1.5.0 upstream release - Resolves: rhbz#2459071 -------------------------------------------------------------------------------- ================================================================================ perl-GD-2.86-1.el10_3 (FEDORA-EPEL-2026-64e6156b8f) Perl interface to the GD graphics library -------------------------------------------------------------------------------- Update Information: This update fixes a command injection issue resulting from the use of the 2-argument form of open (CVE-2026-11526). -------------------------------------------------------------------------------- ChangeLog: * Tue Jun 9 2026 Paul Howarth <paul(a)city-fan.org> - 2.86-1 - Update to 2.86 - Fix command injection via 2-arg open() in _make_filehandle (CVE-2026-11526) * Tue Jun 2 2026 Paul Howarth <paul(a)city-fan.org> - 2.85-1 - Update to 2.85 - Tolerate runtime TIFF decode failures in autodetect (GH#62) - Replace cpm with cpanm in github actions - Fixed a minor precedence bug in t/z_manifest.t * Sat Jan 17 2026 Fedora Release Engineering <releng(a)fedoraproject.org> - 2.84-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild * Mon Jan 5 2026 Paul Howarth <paul(a)city-fan.org> - 2.84-1 - Update to 2.84 - Added Makefile.PL --with and --without options to bypass autodetection errors or upstream libgd or subsequent library errors (GH#55) - Better support MSWin32 without gdlib.pc (requires manual --options and --lib_gd_path) - Work around broken ExtUtils::PkgConfig->find (GH#61) - Fixed snprintf for newer MSVC (>= VS 2015) - Added GD::Image::supported() image types method - Added newFromTiffData() method - Fixed t/GD.t for unsupported image types - Add GIFANIM to the default since 2.0.33 (GH#56) - Honor PKG_CONFIG_PATH for finding gdlib.pc (GH#57) - Add demos/png2jpeg.pl - Don't disable XPM support if GD config doesn't explicitly require -lX11 - Use %{make_build} and %{make_install} * Fri Jul 25 2025 Fedora Release Engineering <releng(a)fedoraproject.org> - 2.83-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild * Mon Jul 7 2025 Jitka Plesnikova <jplesnik(a)redhat.com> - 2.83-4 - Perl 5.42 rebuild * Sat Jan 18 2025 Fedora Release Engineering <releng(a)fedoraproject.org> - 2.83-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild * Fri Jul 19 2024 Fedora Release Engineering <releng(a)fedoraproject.org> - 2.83-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ php-zstd-0.16.0-1.el10_3 (FEDORA-EPEL-2026-84d8796da7) Zstandard extension -------------------------------------------------------------------------------- Update Information: Version 0.16.0 add: configurable compression level for APCu serializer (zstd.apcu_compression_level) fix: undefined behavior in zstd_uncompress_add by switching to smart_str API -------------------------------------------------------------------------------- ChangeLog: * Fri Jun 5 2026 Remi Collet <remi(a)remirepo.net> - 0.16.0-1 - update to 0.16.0 - drop pear/pecl dependency - sources from github -------------------------------------------------------------------------------- ================================================================================ python-astropy-iers-data-0.2026.6.8.17.49.5-1.el10_3 (FEDORA-EPEL-2026-e38b74cc45) IERS Earth Rotation and Leap Second tables for the astropy core package -------------------------------------------------------------------------------- Update Information: Automatic update for python-astropy-iers-data-0.2026.6.8.17.49.5-1.el10_3. Changelog for python-astropy-iers-data * Mon Jun 08 2026 Packit <hello(a)packit.dev> - 0.2026.6.8.17.49.5-1 - Update to 0.2026.6.8.17.49.5 upstream release - Resolves: rhbz#2483795 -------------------------------------------------------------------------------- ChangeLog: * Mon Jun 8 2026 Packit <hello(a)packit.dev> - 0.2026.6.8.17.49.5-1 - Update to 0.2026.6.8.17.49.5 upstream release - Resolves: rhbz#2483795 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2483795 - python-astropy-iers-data-0.2026.6.8.17.49.5 is available https://bugzilla.redhat.com/show_bug.cgi?id=2483795 -------------------------------------------------------------------------------- ================================================================================ radcli-1.5.2-3.el10_3 (FEDORA-EPEL-2026-321d05cead) RADIUS protocol client library -------------------------------------------------------------------------------- Update Information: radcli.spec: removed unnecessary dictionary files -------------------------------------------------------------------------------- ChangeLog: * Wed Jun 10 2026 Nikos Mavrogiannopoulos <n.mavrogiannopoulos(a)gmail.com> - 1.5.2-3 - radcli.spec: removed unnecessary dictionary files * Wed Jun 10 2026 Nikos Mavrogiannopoulos <n.mavrogiannopoulos(a)gmail.com> - 1.5.2-2 - build with static lib to allow tests * Sun Jun 7 2026 Packit <hello(a)packit.dev> - 1.5.2-1 - Update to 1.5.2 upstream release * Fri May 1 2026 Packit <hello(a)packit.dev> - 1.5.1-1 - Update to 1.5.1 upstream release -------------------------------------------------------------------------------- ================================================================================ ranger-1.9.4-8.el10_3 (FEDORA-EPEL-2026-366b4e4f04) A vim-like file manager -------------------------------------------------------------------------------- Update Information: Provide ranger for epel10 -------------------------------------------------------------------------------- ChangeLog: * Fri Sep 19 2025 Python Maint <python-maint(a)redhat.com> - 1.9.4-8 - Rebuilt for Python 3.14.0rc3 bytecode * Fri Aug 15 2025 Python Maint <python-maint(a)redhat.com> - 1.9.4-7 - Rebuilt for Python 3.14.0rc2 bytecode * Fri Jul 25 2025 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.9.4-6 - Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild * Wed Jul 9 2025 Ben Boeckel <fedora(a)me.benboeckel.net> - 1.9.4-5 - Modernize RPM Macros (rhbz#2378430) * Mon Jun 2 2025 Python Maint <python-maint(a)redhat.com> - 1.9.4-4 - Rebuilt for Python 3.14 * Sat Jan 18 2025 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.9.4-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild * Sun Nov 10 2024 Ben Boeckel <fedora(a)me.benboeckel.net> - 1.9.4-2 - Add "-only" suffix to License * Thu Nov 7 2024 Ben Boeckel <fedora(a)me.benboeckel.net> - 1.9.4-1 - Update to 1.9.4 (rhbz#2324228) - Support Python 3.13 (rhbz#2315724) - Update license to GPL-3.0 (no "or later" present in comment headers) * Thu Jul 25 2024 Miroslav Suchý <msuchy(a)redhat.com> - 1.9.3-17 - convert license to SPDX * Fri Jul 19 2024 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.9.3-16 - Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild * Fri Jun 7 2024 Python Maint <python-maint(a)redhat.com> - 1.9.3-15 - Rebuilt for Python 3.13 * Fri Jan 26 2024 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.9.3-14 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild * Mon Jan 22 2024 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.9.3-13 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #2446539 - Please branch and build ranger in epel10/epel10.1 https://bugzilla.redhat.com/show_bug.cgi?id=2446539 -------------------------------------------------------------------------------- ================================================================================ restic-0.19.0-1.el10_3 (FEDORA-EPEL-2026-9a0e292bed) Fast, secure, efficient backup program -------------------------------------------------------------------------------- Update Information: Update to 0.19.0 -------------------------------------------------------------------------------- ChangeLog: * Wed Jun 10 2026 Mikel Olasagasti Uranga <mikel(a)olasagasti.info> - 0.19.0-1 - Update to 0.19.0 - Closes rhbz#2487290 * Tue Feb 3 2026 Maxwell G <maxwell(a)gtmx.me> - 0.18.1-3 - Rebuild for https://fedoraproject.org/wiki/Changes/golang1.26 * Sat Jan 17 2026 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.18.1-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #2455642 - CVE-2026-34986 restic: Go JOSE: Denial of Service via crafted JSON Web Encryption (JWE) object [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2455642 [ 2 ] Bug #2464131 - CVE-2026-41179 restic: Rclone: Unauthenticated local command execution via exposed RC endpoint [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2464131 [ 3 ] Bug #2464139 - CVE-2026-41176 restic: Rclone: Unauthorized access to administrative functions through unauthenticated Remote Control endpoint. [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2464139 [ 4 ] Bug #2486206 - CVE-2026-45287 restic: OpenTelemetry-Go: Denial of Service due to file descriptor leak [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2486206 -------------------------------------------------------------------------------- ================================================================================ rust-clap-4.6.1-1.el10_3 (FEDORA-EPEL-2026-6162712b3a) Simple to use, efficient, and full-featured Command Line Argument Parser -------------------------------------------------------------------------------- Update Information: Update the clap and clap_derive crates to version 4.6.1. Update the clap_complete crate to version 4.6.5. -------------------------------------------------------------------------------- ChangeLog: * Wed Jun 10 2026 Fabio Valentini <decathorpe(a)gmail.com> - 4.6.1-1 - Update to version 4.6.1; Fixes RHBZ#2458762 -------------------------------------------------------------------------------- ================================================================================ rust-clap_complete-4.6.5-1.el10_3 (FEDORA-EPEL-2026-6162712b3a) Generate shell completion scripts for your clap::Command -------------------------------------------------------------------------------- Update Information: Update the clap and clap_derive crates to version 4.6.1. Update the clap_complete crate to version 4.6.5. -------------------------------------------------------------------------------- ChangeLog: * Wed Jun 10 2026 Fabio Valentini <decathorpe(a)gmail.com> - 4.6.5-1 - Update to version 4.6.5; Fixes RHBZ#2457489 -------------------------------------------------------------------------------- ================================================================================ rust-clap_derive-4.6.1-1.el10_3 (FEDORA-EPEL-2026-6162712b3a) Parse command line argument by defining a struct, derive crate -------------------------------------------------------------------------------- Update Information: Update the clap and clap_derive crates to version 4.6.1. Update the clap_complete crate to version 4.6.5. -------------------------------------------------------------------------------- ChangeLog: * Wed Jun 10 2026 Fabio Valentini <decathorpe(a)gmail.com> - 4.6.1-1 - Update to version 4.6.1; Fixes RHBZ#2458763 -------------------------------------------------------------------------------- ================================================================================ singularity-ce-4.4.2-1.el10_3 (FEDORA-EPEL-2026-15e8597d17) Application and environment virtualization -------------------------------------------------------------------------------- Update Information: Upgrade to 4.4.2 upstream version. -------------------------------------------------------------------------------- ChangeLog: * Wed Jun 10 2026 David Trudgian <dtrudg(a)sylabs.io> - 4.4.2-1 - Upgrade to 4.4.2 upstream version. - Fix rhbz#2452368 - Fix rhbz#2453084 - Fix rhbz#2455643 - Fix rhbz#2458928 - Fix CVE-2026-47215 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2452368 - CVE-2026-32285 singularity-ce: github.com/buger/jsonparser: Denial of Service via malformed JSON input [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2452368 [ 2 ] Bug #2453084 - CVE-2026-33748 singularity-ce: BuildKit: Unauthorized file access via Git URL fragment subdir components [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2453084 [ 3 ] Bug #2455643 - CVE-2026-34986 singularity-ce: Go JOSE: Denial of Service via crafted JSON Web Encryption (JWE) object [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2455643 [ 4 ] Bug #2456377 - CVE-2026-39395 singularity-ce: Cosign: Incorrect attestation verification due to malformed payloads or mismatched predicate types [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2456377 [ 5 ] Bug #2458928 - CVE-2026-39984 singularity-ce: improper certificate validation in verifier [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2458928 -------------------------------------------------------------------------------- ================================================================================ xournalpp-1.3.5-1.el10_3 (FEDORA-EPEL-2026-7d4fd8e135) Handwriting note-taking software with PDF annotation support -------------------------------------------------------------------------------- Update Information: What's new in version 1.3.5 Fixed crash when exiting after playing sound Fixed some button-to-tools configuration issues Fixed crash involving page background selection Added multidevice support for X11 palm rejection Reduced PDF cache retention for off-screen pages Fixed moving display when selecting "Fit to Screen" Fixed disabled "Merge layer" menu entry Fixed a concurrency crash when using layers Fixed typos in some displayed strings Fixed "Missing background" display when missing PDF page Added Georgian translations Updated translations See the change log for a more detailled list of changes. -------------------------------------------------------------------------------- ChangeLog: * Tue Jun 9 2026 Luya Tshimbalanga <luya(a)fedoraproject.org> - 1.3.5-1 - Update to 1.3.5 (#2486189) -------------------------------------------------------------------------------- References: [ 1 ] Bug #2486189 - xournalpp-1.3.5 is available https://bugzilla.redhat.com/show_bug.cgi?id=2486189 --------------------------------------------------------------------------------

1 0

Fedora EPEL 9 updates-testing report
by updates＠fedoraproject.org 11 Jun '26

11 Jun '26

The following Fedora EPEL 9 Security updates need testing: Age URL 203 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-9a55de96db xpdf-4.06-1.el9 49 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-e794b68cc6 nuclei-3.8.0-1.el9 6 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-b1204dff3a php-extras-8.0.30-3.el9 6 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-b41e450a81 vaultwarden-web-2026.4.1-1.el9 6 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-759c8b25a3 vaultwarden-1.36.0-1.el9 5 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-b18955a7ae chezmoi-2.70.5-1.el9 5 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-5497484804 composer-2.10.1-1.el9 5 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-78c9d246b0 apptainer-1.5.1-1.el9 3 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-4d0b588a17 python-django4.2-4.2.30-2.el9 1 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-ec3d774387 openslide-3.4.1-20.el9 0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-204e38b37f python-ujson-5.8.0-5.el9 0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-2d971fc3b0 ImageMagick-6.9.13.49-1.el9 0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-af4408a35e bird-3.3.1-1.el9 The following builds have been pushed to Fedora EPEL 9 updates-testing perl-GD-2.86-1.el9 php-pecl-mongodb-1.20.1-2.el9 php-zstd-0.16.0-1.el9 restic-0.19.0-1.el9 rust-clap-4.6.1-1.el9 rust-clap_complete-4.6.5-1.el9 rust-clap_derive-4.6.1-1.el9 rust-warp-0.3.7-7.el9 singularity-ce-4.4.2-1.el9 xournalpp-1.3.5-1.el9 Details about builds: ================================================================================ perl-GD-2.86-1.el9 (FEDORA-EPEL-2026-dc3d293a5d) Perl interface to the GD graphics library -------------------------------------------------------------------------------- Update Information: This update fixes a command injection issue resulting from the use of the 2-argument form of open (CVE-2026-11526). -------------------------------------------------------------------------------- ChangeLog: * Tue Jun 9 2026 Paul Howarth <paul(a)city-fan.org> - 2.86-1 - Update to 2.86 - Fix command injection via 2-arg open() in _make_filehandle (CVE-2026-11526) * Tue Jun 2 2026 Paul Howarth <paul(a)city-fan.org> - 2.85-1 - Update to 2.85 - Tolerate runtime TIFF decode failures in autodetect (GH#62) - Replace cpm with cpanm in github actions - Fixed a minor precedence bug in t/z_manifest.t * Sat Jan 17 2026 Fedora Release Engineering <releng(a)fedoraproject.org> - 2.84-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild * Mon Jan 5 2026 Paul Howarth <paul(a)city-fan.org> - 2.84-1 - Update to 2.84 - Added Makefile.PL --with and --without options to bypass autodetection errors or upstream libgd or subsequent library errors (GH#55) - Better support MSWin32 without gdlib.pc (requires manual --options and --lib_gd_path) - Work around broken ExtUtils::PkgConfig->find (GH#61) - Fixed snprintf for newer MSVC (>= VS 2015) - Added GD::Image::supported() image types method - Added newFromTiffData() method - Fixed t/GD.t for unsupported image types - Add GIFANIM to the default since 2.0.33 (GH#56) - Honor PKG_CONFIG_PATH for finding gdlib.pc (GH#57) - Add demos/png2jpeg.pl - Don't disable XPM support if GD config doesn't explicitly require -lX11 - Use %{make_build} and %{make_install} * Fri Jul 25 2025 Fedora Release Engineering <releng(a)fedoraproject.org> - 2.83-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild * Mon Jul 7 2025 Jitka Plesnikova <jplesnik(a)redhat.com> - 2.83-4 - Perl 5.42 rebuild * Sat Jan 18 2025 Fedora Release Engineering <releng(a)fedoraproject.org> - 2.83-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild * Fri Jul 19 2024 Fedora Release Engineering <releng(a)fedoraproject.org> - 2.83-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild * Tue Jun 25 2024 Paul Howarth <paul(a)city-fan.org> - 2.83-1 - Update to 2.83 - Fix missing PNG regression (CPAN RT#153923) on old systems without the .pc, but gdlib-config (the check was too strict) * Mon Jun 10 2024 Jitka Plesnikova <jplesnik(a)redhat.com> - 2.82-2 - Perl 5.40 rebuild -------------------------------------------------------------------------------- ================================================================================ php-pecl-mongodb-1.20.1-2.el9 (FEDORA-EPEL-2026-8112fc6e20) MongoDB driver for PHP -------------------------------------------------------------------------------- Update Information: PHPC-2636: Respect libbson nesting limit when parsing PHP objects (CVE-2026-6811) -------------------------------------------------------------------------------- ChangeLog: * Wed Jun 10 2026 Remi Collet <remi(a)remirepo.net> - 1.20.1-2 - Respect libbson nesting limit when parsing PHP objects CVE-2026-6811 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2487466 - CVE-2026-6811 php-pecl-mongodb: MongoDB PHP driver: Denial of Service due to stack exhaustion when processing deeply nested BSON documents [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2487466 -------------------------------------------------------------------------------- ================================================================================ php-zstd-0.16.0-1.el9 (FEDORA-EPEL-2026-930195f308) Zstandard extension -------------------------------------------------------------------------------- Update Information: Version 0.16.0 add: configurable compression level for APCu serializer (zstd.apcu_compression_level) fix: undefined behavior in zstd_uncompress_add by switching to smart_str API -------------------------------------------------------------------------------- ChangeLog: * Tue Jun 9 2026 Remi Collet <remi(a)remirepo.net> - 0.16.0-1 - update to 0.16.0 -------------------------------------------------------------------------------- ================================================================================ restic-0.19.0-1.el9 (FEDORA-EPEL-2026-dd9886a057) Fast, secure, efficient backup program -------------------------------------------------------------------------------- Update Information: Update to 0.19.0 -------------------------------------------------------------------------------- ChangeLog: * Wed Jun 10 2026 Mikel Olasagasti Uranga <mikel(a)olasagasti.info> - 0.19.0-1 - Update to 0.19.0 - Closes rhbz#2487290 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2455642 - CVE-2026-34986 restic: Go JOSE: Denial of Service via crafted JSON Web Encryption (JWE) object [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2455642 [ 2 ] Bug #2464131 - CVE-2026-41179 restic: Rclone: Unauthenticated local command execution via exposed RC endpoint [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2464131 [ 3 ] Bug #2464139 - CVE-2026-41176 restic: Rclone: Unauthorized access to administrative functions through unauthenticated Remote Control endpoint. [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2464139 [ 4 ] Bug #2486206 - CVE-2026-45287 restic: OpenTelemetry-Go: Denial of Service due to file descriptor leak [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2486206 -------------------------------------------------------------------------------- ================================================================================ rust-clap-4.6.1-1.el9 (FEDORA-EPEL-2026-9dbfd79096) Simple to use, efficient, and full-featured Command Line Argument Parser -------------------------------------------------------------------------------- Update Information: Update the clap and clap_derive crates to version 4.6.1. Update the clap_complete crate to version 4.6.5. -------------------------------------------------------------------------------- ChangeLog: * Wed Jun 10 2026 Fabio Valentini <decathorpe(a)gmail.com> - 4.6.1-1 - Update to version 4.6.1; Fixes RHBZ#2458762 -------------------------------------------------------------------------------- ================================================================================ rust-clap_complete-4.6.5-1.el9 (FEDORA-EPEL-2026-9dbfd79096) Generate shell completion scripts for your clap::Command -------------------------------------------------------------------------------- Update Information: Update the clap and clap_derive crates to version 4.6.1. Update the clap_complete crate to version 4.6.5. -------------------------------------------------------------------------------- ChangeLog: * Wed Jun 10 2026 Fabio Valentini <decathorpe(a)gmail.com> - 4.6.5-1 - Update to version 4.6.5; Fixes RHBZ#2457489 -------------------------------------------------------------------------------- ================================================================================ rust-clap_derive-4.6.1-1.el9 (FEDORA-EPEL-2026-9dbfd79096) Parse command line argument by defining a struct, derive crate -------------------------------------------------------------------------------- Update Information: Update the clap and clap_derive crates to version 4.6.1. Update the clap_complete crate to version 4.6.5. -------------------------------------------------------------------------------- ChangeLog: * Wed Jun 10 2026 Fabio Valentini <decathorpe(a)gmail.com> - 4.6.1-1 - Update to version 4.6.1; Fixes RHBZ#2458763 -------------------------------------------------------------------------------- ================================================================================ rust-warp-0.3.7-7.el9 (FEDORA-EPEL-2026-509ee45ca2) Serve the web at warp speeds -------------------------------------------------------------------------------- Update Information: This update drops an unnecessary dependency on "handlebars" that was only pulled in for example code, which is a change that is invisible to dependent packages. -------------------------------------------------------------------------------- ChangeLog: * Wed Jun 10 2026 Fabio Valentini <decathorpe(a)gmail.com> - 0.3.7-7 - Drop example-only handlebars dev-dependency * Sat Jan 17 2026 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.3.7-6 - Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild * Fri Jul 25 2025 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.3.7-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild * Sun Jan 19 2025 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.3.7-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild * Sat Jul 20 2024 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.3.7-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ singularity-ce-4.4.2-1.el9 (FEDORA-EPEL-2026-d9f99fbd40) Application and environment virtualization -------------------------------------------------------------------------------- Update Information: Upgrade to 4.4.2 upstream version. -------------------------------------------------------------------------------- ChangeLog: * Wed Jun 10 2026 David Trudgian <dtrudg(a)sylabs.io> - 4.4.2-1 - Upgrade to 4.4.2 upstream version. - Fix rhbz#2452368 - Fix rhbz#2453084 - Fix rhbz#2455643 - Fix rhbz#2458928 - Fix CVE-2026-47215 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2452368 - CVE-2026-32285 singularity-ce: github.com/buger/jsonparser: Denial of Service via malformed JSON input [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2452368 [ 2 ] Bug #2453084 - CVE-2026-33748 singularity-ce: BuildKit: Unauthorized file access via Git URL fragment subdir components [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2453084 [ 3 ] Bug #2455643 - CVE-2026-34986 singularity-ce: Go JOSE: Denial of Service via crafted JSON Web Encryption (JWE) object [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2455643 [ 4 ] Bug #2456377 - CVE-2026-39395 singularity-ce: Cosign: Incorrect attestation verification due to malformed payloads or mismatched predicate types [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2456377 [ 5 ] Bug #2458928 - CVE-2026-39984 singularity-ce: improper certificate validation in verifier [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2458928 -------------------------------------------------------------------------------- ================================================================================ xournalpp-1.3.5-1.el9 (FEDORA-EPEL-2026-5458c8de9c) Handwriting note-taking software with PDF annotation support -------------------------------------------------------------------------------- Update Information: What's new in version 1.3.5 Fixed crash when exiting after playing sound Fixed some button-to-tools configuration issues Fixed crash involving page background selection Added multidevice support for X11 palm rejection Reduced PDF cache retention for off-screen pages Fixed moving display when selecting "Fit to Screen" Fixed disabled "Merge layer" menu entry Fixed a concurrency crash when using layers Fixed typos in some displayed strings Fixed "Missing background" display when missing PDF page Added Georgian translations Updated translations See the change log for a more detailled list of changes. -------------------------------------------------------------------------------- ChangeLog: * Tue Jun 9 2026 Luya Tshimbalanga <luya(a)fedoraproject.org> - 1.3.5-1 - Update to 1.3.5 (#2486189) -------------------------------------------------------------------------------- References: [ 1 ] Bug #2486189 - xournalpp-1.3.5 is available https://bugzilla.redhat.com/show_bug.cgi?id=2486189 --------------------------------------------------------------------------------

1 0

Upcoming EPEL 10.1 retirement
by Carl George 11 Jun '26

11 Jun '26

Howdy EPEL packagers, In accordance with the EPEL policy for minor version end-of-life [0], EPEL 10.1 will be retired once RHEL 10.2 is released. Based on historical RHEL release dates [1], this is expected to occur sometime this month. After the retirement, MirrorManager will direct RHEL 10 users to the EPEL 10.2 repo instead. Similar to a Fedora release end-of-life, any EPEL 10.1 updates that have not been pushed to stable by the time of the retirement will be marked as obsolete and will not be promoted to stable. Additionally, any outstanding epel10.1 side tags will be removed during the retirement. If you have any questions, feel free to reply here or stop by the EPEL Matrix channel [2]. [0] https://docs.fedoraproject.org/en-US/epel/epel-policy/#policy_for_end_of_li… [1] https://access.redhat.com/articles/red-hat-enterprise-linux-release-dates [2] https://matrix.to/#/#epel:fedoraproject.org -- Carl George

3 4

Fedora EPEL 9 updates-testing report
by updates＠fedoraproject.org 10 Jun '26

10 Jun '26

The following Fedora EPEL 9 Security updates need testing: Age URL 202 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-9a55de96db xpdf-4.06-1.el9 48 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-e794b68cc6 nuclei-3.8.0-1.el9 5 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-b1204dff3a php-extras-8.0.30-3.el9 5 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-b41e450a81 vaultwarden-web-2026.4.1-1.el9 5 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-759c8b25a3 vaultwarden-1.36.0-1.el9 4 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-b18955a7ae chezmoi-2.70.5-1.el9 4 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-5497484804 composer-2.10.1-1.el9 4 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-78c9d246b0 apptainer-1.5.1-1.el9 2 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-df841da3a5 chromium-149.0.7827.53-1.el9 2 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-4d0b588a17 python-django4.2-4.2.30-2.el9 0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-ec3d774387 openslide-3.4.1-20.el9 The following builds have been pushed to Fedora EPEL 9 updates-testing ImageMagick-6.9.13.49-1.el9 bird-3.3.1-1.el9 golang-github-evanw-esbuild-0.27.2-2.el9 python-ujson-5.8.0-5.el9 rust-alphanumeric-sort-1.5.7-1.el9 rust-base64-simd-0.8.0-3.el9 rust-bcder-0.7.7-1.el9 rust-const-oid-0.10.2-1.el9 rust-const-oid0.9-0.9.6-1.el9 rust-const-str-1.1.0-1.el9 rust-const-str-proc-macro-1.1.0-1.el9 rust-digest-0.11.3-1.el9 rust-digest0.10-0.10.7-1.el9 rust-hmac-0.13.0-1.el9 rust-hmac0.12-0.12.1-1.el9 rust-http-1.4.2-1.el9 rust-hyper-1.10.1-1.el9 rust-ignore-0.4.26-1.el9 rust-md-5-0.11.0-1.el9 rust-md-5_0.10-0.10.6-1.el9 rust-pbkdf2-0.12.2-9.el9 rust-platforms-3.11.0-1.el9 rust-quick-xml-0.40.1-1.el9 rust-sha1-0.11.0-1.el9 rust-sha1_0.10-0.10.6-1.el9 rust-sha2-0.11.0-1.el9 rust-sha2_0.10-0.10.9-1.el9 rust-streebog-0.11.0-1.el9 rust-uuid-1.23.3-1.el9 rust-vsimd-0.8.0-6.el9 rust-wayland-scanner-0.31.10-2.el9 Details about builds: ================================================================================ ImageMagick-6.9.13.49-1.el9 (FEDORA-EPEL-2026-2d971fc3b0) An X application for displaying and manipulating images -------------------------------------------------------------------------------- Update Information: Summary This update fixes several security vulnerabilities, including multiple high-severity CVEs: Security fixes CVE-2026-33901 (High) — Heap buffer overflow in the MVG decoder that could result in an out-of-bounds write when processing a crafted image. CVE-2026-33908 (High) — Recursive DestroyXMLTree() call with no depth limit causes stack exhaustion when processing deeply nested XML structures, resulting in a Denial of Service (DoS). CVE-2026-40310 (High) — Heap out-of-bounds write in the JP2 encoder triggered when a user specifies an invalid sampling index. Additional security and bug fixes are included in the upstream releases between 6.9.13.25 and 6.9.13.49. See the upstream release history at: https://github.com/ImageMagick/ImageMagick6/releases -------------------------------------------------------------------------------- ChangeLog: * Wed May 27 2026 Jens Viebig <jens.viebig(a)vitec.com> - 1:6.9.13.49-1 - Update ImageMagick to 6.9.13.49 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2361978 - CVE-2025-46393 ImageMagick: Incorrect Calculation of Buffer Size in ImageMagick's Multispectral MIFF Processing [epel-8] https://bugzilla.redhat.com/show_bug.cgi?id=2361978 [ 2 ] Bug #2361979 - CVE-2025-46393 ImageMagick: Incorrect Calculation of Buffer Size in ImageMagick's Multispectral MIFF Processing [epel-9] https://bugzilla.redhat.com/show_bug.cgi?id=2361979 [ 3 ] Bug #2361980 - CVE-2025-43965 ImageMagick: Incorrect Handling of Image Depth in MIFF Processing in ImageMagick [epel-8] https://bugzilla.redhat.com/show_bug.cgi?id=2361980 [ 4 ] Bug #2361982 - CVE-2025-43965 ImageMagick: Incorrect Handling of Image Depth in MIFF Processing in ImageMagick [epel-9] https://bugzilla.redhat.com/show_bug.cgi?id=2361982 [ 5 ] Bug #2379979 - CVE-2025-53014 ImageMagick: ImageMagick Heap Buffer Overflow [epel-10] https://bugzilla.redhat.com/show_bug.cgi?id=2379979 [ 6 ] Bug #2379983 - CVE-2025-53014 ImageMagick: ImageMagick Heap Buffer Overflow [epel-8] https://bugzilla.redhat.com/show_bug.cgi?id=2379983 [ 7 ] Bug #2379984 - CVE-2025-53015 ImageMagick: ImageMagick unbounded loop [epel-8] https://bugzilla.redhat.com/show_bug.cgi?id=2379984 [ 8 ] Bug #2379985 - CVE-2025-53014 ImageMagick: ImageMagick Heap Buffer Overflow [epel-9] https://bugzilla.redhat.com/show_bug.cgi?id=2379985 [ 9 ] Bug #2379986 - CVE-2025-53019 ImageMagick: ImageMagick Memory Leak [epel-8] https://bugzilla.redhat.com/show_bug.cgi?id=2379986 [ 10 ] Bug #2379987 - CVE-2025-53015 ImageMagick: ImageMagick unbounded loop [epel-9] https://bugzilla.redhat.com/show_bug.cgi?id=2379987 [ 11 ] Bug #2379989 - CVE-2025-53101 ImageMagick: ImageMagick Stack Buffer Overflow [epel-8] https://bugzilla.redhat.com/show_bug.cgi?id=2379989 [ 12 ] Bug #2379991 - CVE-2025-53019 ImageMagick: ImageMagick Memory Leak [epel-9] https://bugzilla.redhat.com/show_bug.cgi?id=2379991 [ 13 ] Bug #2379993 - CVE-2025-53101 ImageMagick: ImageMagick Stack Buffer Overflow [epel-9] https://bugzilla.redhat.com/show_bug.cgi?id=2379993 [ 14 ] Bug #2388310 - CVE-2025-55160 ImageMagick: ImageMagick: Undefined Behavior [epel-8] https://bugzilla.redhat.com/show_bug.cgi?id=2388310 -------------------------------------------------------------------------------- ================================================================================ bird-3.3.1-1.el9 (FEDORA-EPEL-2026-af4408a35e) BIRD Internet Routing Daemon -------------------------------------------------------------------------------- Update Information: BIRD 3.3.1 (2026-06-09) BGP: Fix crash when incoming connection for disabled protocol arrives BGP: Fix parsing labelled NLRIs with no next hop BGP: Fix cork behavior in collision with graceful restart BGP: Fix crash on dumping pending export statistics BGP: Fix several issues in Flowspec handling BMP/Nest: No refeed after listener or protocol restart MPLS: Fix crash on reconfiguring CS_DOWN channel OSPF: Fix handling of LLS data length field OSPF: Fix OOB read in authentication check OSPF: Fix OOB read in Router-LSA validation Proto: Fix regression in protocol enabling Channel: Fix refeeds and reloads during graceful restart Export: Mitigate duplicate withdrawals Filters: Fix crash when setting gateway on recursive nexthops Filters: Fix path matching when AS path is too long Table: Fix RCU double-anchor Table: Propagate thread group config into aux RCU: Catch leaks sooner See also: https://trubka.network.cz/pipermail/bird-users/2026-June/018790.html -------------------------------------------------------------------------------- ChangeLog: * Wed Jun 10 2026 Robert Scheck <robert(a)fedoraproject.org> - 3.3.1-1 - Upgrade to 3.3.1 (#2487252) -------------------------------------------------------------------------------- ================================================================================ golang-github-evanw-esbuild-0.27.2-2.el9 (FEDORA-EPEL-2026-5d3e152c80) Fast JavaScript bundler and minifier -------------------------------------------------------------------------------- Update Information: Disable nodejs-esbuild subpackage -------------------------------------------------------------------------------- ChangeLog: * Mon Jun 8 2026 Carl George <carlwgeorge(a)gmail.com> - 0.27.2-2 - Disable nodejs-esbuild subpackage rhbz#2457184 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2457184 - nodejs-esbuild: fails to install from EPEL 9 https://bugzilla.redhat.com/show_bug.cgi?id=2457184 -------------------------------------------------------------------------------- ================================================================================ python-ujson-5.8.0-5.el9 (FEDORA-EPEL-2026-204e38b37f) Ultra fast JSON encoder and decoder written in pure C -------------------------------------------------------------------------------- Update Information: Backport fix for CVE-2026-44660 -------------------------------------------------------------------------------- ChangeLog: -------------------------------------------------------------------------------- References: [ 1 ] Bug #2486949 - CVE-2026-44660 python-ujson: UltraJSON: Memory leak leading to Denial of Service [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2486949 -------------------------------------------------------------------------------- ================================================================================ rust-alphanumeric-sort-1.5.7-1.el9 (FEDORA-EPEL-2026-0ea59245af) Can help you sort order for files and folders whose names contain numerals -------------------------------------------------------------------------------- Update Information: Update to version 1.5.7. -------------------------------------------------------------------------------- ChangeLog: * Tue Jun 9 2026 Fabio Valentini <decathorpe(a)gmail.com> - 1.5.7-1 - Update to version 1.5.7; Fixes RHBZ#2486085 -------------------------------------------------------------------------------- ================================================================================ rust-base64-simd-0.8.0-3.el9 (FEDORA-EPEL-2026-7c5f5513ef) SIMD-accelerated base64 encoding and decoding -------------------------------------------------------------------------------- Update Information: Update rust-const-str / rust-const-str-proc-macro to 1.1.0. -------------------------------------------------------------------------------- ChangeLog: * Sun Jun 7 2026 Benjamin A. Beasley <code(a)musicinmybrain.net> - 0.8.0-3 - Allow const-str 1 * Wed Mar 18 2026 Benjamin A. Beasley <code(a)musicinmybrain.net> - 0.8.0-2 - Update rand dev-dependency to 0.10 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2392497 - rust-const-str-proc-macro-1.1.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2392497 [ 2 ] Bug #2392498 - rust-const-str-1.1.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2392498 -------------------------------------------------------------------------------- ================================================================================ rust-bcder-0.7.7-1.el9 (FEDORA-EPEL-2026-19890d0a5c) Handling of data encoded in BER, CER, and DER -------------------------------------------------------------------------------- Update Information: Update to version 0.7.7. -------------------------------------------------------------------------------- ChangeLog: * Tue Jun 9 2026 Fabio Valentini <decathorpe(a)gmail.com> - 0.7.7-1 - Update to version 0.7.7; Fixes RHBZ#2486384 * Sat Jan 17 2026 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.7.6-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ rust-const-oid-0.10.2-1.el9 (FEDORA-EPEL-2026-b89b964abe) Const-friendly implementation of the ISO/IEC Object Identifier (OID) standard -------------------------------------------------------------------------------- Update Information: Update a number of RustCrypto crates, providing compat packages for most of them. Update the quick-xml crate to 0.40.1. -------------------------------------------------------------------------------- ChangeLog: * Sun Jun 7 2026 Benjamin A. Beasley <code(a)musicinmybrain.net> - 0.10.2-1 - Update to version 0.10.2; Fixes RHBZ#2347316 * Sat Jan 17 2026 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.9.6-6 - Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild * Fri Jul 25 2025 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.9.6-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild * Sun Jan 19 2025 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.9.6-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild * Fri Jul 19 2024 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.9.6-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #2347316 - rust-const-oid-0.10.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=2347316 [ 2 ] Bug #2439655 - rust-digest-0.11.3 is available https://bugzilla.redhat.com/show_bug.cgi?id=2439655 [ 3 ] Bug #2451399 - rust-sha2-0.11.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2451399 [ 4 ] Bug #2452243 - rust-sha1-0.11.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2452243 [ 5 ] Bug #2452306 - rust-md-5-0.11.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2452306 [ 6 ] Bug #2452336 - rust-streebog-0.11.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2452336 [ 7 ] Bug #2452924 - rust-hmac-0.13.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2452924 [ 8 ] Bug #2466588 - rust-quick-xml-0.40.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=2466588 -------------------------------------------------------------------------------- ================================================================================ rust-const-oid0.9-0.9.6-1.el9 (FEDORA-EPEL-2026-b89b964abe) Const-friendly implementation of the ISO/IEC Object Identifier (OID) standard -------------------------------------------------------------------------------- Update Information: Update a number of RustCrypto crates, providing compat packages for most of them. Update the quick-xml crate to 0.40.1. -------------------------------------------------------------------------------- ChangeLog: * Tue Jun 9 2026 Benjamin A. Beasley <code(a)musicinmybrain.net> - 0.9.6-1 - Initial compat package -------------------------------------------------------------------------------- References: [ 1 ] Bug #2347316 - rust-const-oid-0.10.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=2347316 [ 2 ] Bug #2439655 - rust-digest-0.11.3 is available https://bugzilla.redhat.com/show_bug.cgi?id=2439655 [ 3 ] Bug #2451399 - rust-sha2-0.11.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2451399 [ 4 ] Bug #2452243 - rust-sha1-0.11.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2452243 [ 5 ] Bug #2452306 - rust-md-5-0.11.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2452306 [ 6 ] Bug #2452336 - rust-streebog-0.11.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2452336 [ 7 ] Bug #2452924 - rust-hmac-0.13.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2452924 [ 8 ] Bug #2466588 - rust-quick-xml-0.40.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=2466588 -------------------------------------------------------------------------------- ================================================================================ rust-const-str-1.1.0-1.el9 (FEDORA-EPEL-2026-7c5f5513ef) Compile-time string operations -------------------------------------------------------------------------------- Update Information: Update rust-const-str / rust-const-str-proc-macro to 1.1.0. -------------------------------------------------------------------------------- ChangeLog: * Sun Jun 7 2026 Dominik 'Rathann' Mierzejewski <dominik(a)greysector.net> - 1.1.0-1 - update to 1.1.0 (resolves rhbz#2392498) -------------------------------------------------------------------------------- References: [ 1 ] Bug #2392497 - rust-const-str-proc-macro-1.1.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2392497 [ 2 ] Bug #2392498 - rust-const-str-1.1.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2392498 -------------------------------------------------------------------------------- ================================================================================ rust-const-str-proc-macro-1.1.0-1.el9 (FEDORA-EPEL-2026-7c5f5513ef) Compile-time string operations -------------------------------------------------------------------------------- Update Information: Update rust-const-str / rust-const-str-proc-macro to 1.1.0. -------------------------------------------------------------------------------- ChangeLog: * Sun Jun 7 2026 Benjamin A. Beasley <code(a)musicinmybrain.net> - 1.1.0-1 - Update to version 1.1.0; Fixes RHBZ#2392497 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2392497 - rust-const-str-proc-macro-1.1.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2392497 [ 2 ] Bug #2392498 - rust-const-str-1.1.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2392498 -------------------------------------------------------------------------------- ================================================================================ rust-digest-0.11.3-1.el9 (FEDORA-EPEL-2026-b89b964abe) Traits for cryptographic hash functions and message authentication codes -------------------------------------------------------------------------------- Update Information: Update a number of RustCrypto crates, providing compat packages for most of them. Update the quick-xml crate to 0.40.1. -------------------------------------------------------------------------------- ChangeLog: * Sun Jun 7 2026 Benjamin A. Beasley <code(a)musicinmybrain.net> - 0.11.3-1 - Update to version 0.11.3; Fixes RHBZ#2439655 * Sat Jan 17 2026 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.10.7-7 - Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild * Fri Jul 25 2025 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.10.7-6 - Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild * Sun Jan 19 2025 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.10.7-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild * Fri Jul 19 2024 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.10.7-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #2347316 - rust-const-oid-0.10.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=2347316 [ 2 ] Bug #2439655 - rust-digest-0.11.3 is available https://bugzilla.redhat.com/show_bug.cgi?id=2439655 [ 3 ] Bug #2451399 - rust-sha2-0.11.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2451399 [ 4 ] Bug #2452243 - rust-sha1-0.11.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2452243 [ 5 ] Bug #2452306 - rust-md-5-0.11.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2452306 [ 6 ] Bug #2452336 - rust-streebog-0.11.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2452336 [ 7 ] Bug #2452924 - rust-hmac-0.13.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2452924 [ 8 ] Bug #2466588 - rust-quick-xml-0.40.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=2466588 -------------------------------------------------------------------------------- ================================================================================ rust-digest0.10-0.10.7-1.el9 (FEDORA-EPEL-2026-b89b964abe) Traits for cryptographic hash functions and message authentication codes -------------------------------------------------------------------------------- Update Information: Update a number of RustCrypto crates, providing compat packages for most of them. Update the quick-xml crate to 0.40.1. -------------------------------------------------------------------------------- ChangeLog: * Tue Jun 9 2026 Benjamin A. Beasley <code(a)musicinmybrain.net> - 0.10.7-1 - Initial compat package -------------------------------------------------------------------------------- References: [ 1 ] Bug #2347316 - rust-const-oid-0.10.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=2347316 [ 2 ] Bug #2439655 - rust-digest-0.11.3 is available https://bugzilla.redhat.com/show_bug.cgi?id=2439655 [ 3 ] Bug #2451399 - rust-sha2-0.11.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2451399 [ 4 ] Bug #2452243 - rust-sha1-0.11.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2452243 [ 5 ] Bug #2452306 - rust-md-5-0.11.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2452306 [ 6 ] Bug #2452336 - rust-streebog-0.11.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2452336 [ 7 ] Bug #2452924 - rust-hmac-0.13.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2452924 [ 8 ] Bug #2466588 - rust-quick-xml-0.40.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=2466588 -------------------------------------------------------------------------------- ================================================================================ rust-hmac-0.13.0-1.el9 (FEDORA-EPEL-2026-b89b964abe) Generic implementation of Hash-based Message Authentication Code (HMAC) -------------------------------------------------------------------------------- Update Information: Update a number of RustCrypto crates, providing compat packages for most of them. Update the quick-xml crate to 0.40.1. -------------------------------------------------------------------------------- ChangeLog: * Mon Jun 1 2026 Benjamin A. Beasley <code(a)musicinmybrain.net> - 0.13.0-1 - Update to version 0.13.0; Fixes RHBZ#2452924 * Sat Jan 17 2026 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.12.1-10 - Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild * Fri Jul 25 2025 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.12.1-9 - Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild * Sun Jan 19 2025 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.12.1-8 - Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild * Fri Jul 19 2024 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.12.1-7 - Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #2347316 - rust-const-oid-0.10.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=2347316 [ 2 ] Bug #2439655 - rust-digest-0.11.3 is available https://bugzilla.redhat.com/show_bug.cgi?id=2439655 [ 3 ] Bug #2451399 - rust-sha2-0.11.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2451399 [ 4 ] Bug #2452243 - rust-sha1-0.11.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2452243 [ 5 ] Bug #2452306 - rust-md-5-0.11.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2452306 [ 6 ] Bug #2452336 - rust-streebog-0.11.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2452336 [ 7 ] Bug #2452924 - rust-hmac-0.13.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2452924 [ 8 ] Bug #2466588 - rust-quick-xml-0.40.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=2466588 -------------------------------------------------------------------------------- ================================================================================ rust-hmac0.12-0.12.1-1.el9 (FEDORA-EPEL-2026-b89b964abe) Generic implementation of Hash-based Message Authentication Code (HMAC) -------------------------------------------------------------------------------- Update Information: Update a number of RustCrypto crates, providing compat packages for most of them. Update the quick-xml crate to 0.40.1. -------------------------------------------------------------------------------- ChangeLog: * Tue Jun 9 2026 Benjamin A. Beasley <code(a)musicinmybrain.net> - 0.12.1-1 - Initial compat package -------------------------------------------------------------------------------- References: [ 1 ] Bug #2347316 - rust-const-oid-0.10.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=2347316 [ 2 ] Bug #2439655 - rust-digest-0.11.3 is available https://bugzilla.redhat.com/show_bug.cgi?id=2439655 [ 3 ] Bug #2451399 - rust-sha2-0.11.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2451399 [ 4 ] Bug #2452243 - rust-sha1-0.11.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2452243 [ 5 ] Bug #2452306 - rust-md-5-0.11.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2452306 [ 6 ] Bug #2452336 - rust-streebog-0.11.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2452336 [ 7 ] Bug #2452924 - rust-hmac-0.13.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2452924 [ 8 ] Bug #2466588 - rust-quick-xml-0.40.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=2466588 -------------------------------------------------------------------------------- ================================================================================ rust-http-1.4.2-1.el9 (FEDORA-EPEL-2026-1dcb5bb577) Set of types for representing HTTP requests and responses -------------------------------------------------------------------------------- Update Information: Update to version 1.4.2. -------------------------------------------------------------------------------- ChangeLog: * Tue Jun 9 2026 Fabio Valentini <decathorpe(a)gmail.com> - 1.4.2-1 - Update to version 1.4.2; Fixes RHBZ#2486365 -------------------------------------------------------------------------------- ================================================================================ rust-hyper-1.10.1-1.el9 (FEDORA-EPEL-2026-db618db919) Protective and efficient HTTP library for all -------------------------------------------------------------------------------- Update Information: Update to version 1.10.1. -------------------------------------------------------------------------------- ChangeLog: * Tue Jun 9 2026 Fabio Valentini <decathorpe(a)gmail.com> - 1.10.1-1 - Update to version 1.10.1; Fixes RHBZ#2483423 -------------------------------------------------------------------------------- ================================================================================ rust-ignore-0.4.26-1.el9 (FEDORA-EPEL-2026-4f520e5105) Fast library for efficiently matching ignore files -------------------------------------------------------------------------------- Update Information: Update to version 0.4.26. -------------------------------------------------------------------------------- ChangeLog: * Tue Jun 9 2026 Fabio Valentini <decathorpe(a)gmail.com> - 0.4.26-1 - Update to version 0.4.26; Fixes RHBZ#2485417 * Sat Jan 17 2026 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.4.25-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ rust-md-5-0.11.0-1.el9 (FEDORA-EPEL-2026-b89b964abe) MD5 hash function -------------------------------------------------------------------------------- Update Information: Update a number of RustCrypto crates, providing compat packages for most of them. Update the quick-xml crate to 0.40.1. -------------------------------------------------------------------------------- ChangeLog: * Mon Jun 8 2026 Benjamin A. Beasley <code(a)musicinmybrain.net> - 0.11.0-1 - Update to version 0.11.0; Fixes RHBZ#2452306 * Sat Jan 17 2026 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.10.6-6 - Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild * Fri Jul 25 2025 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.10.6-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild * Sun Jan 19 2025 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.10.6-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild * Sat Jul 20 2024 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.10.6-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #2347316 - rust-const-oid-0.10.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=2347316 [ 2 ] Bug #2439655 - rust-digest-0.11.3 is available https://bugzilla.redhat.com/show_bug.cgi?id=2439655 [ 3 ] Bug #2451399 - rust-sha2-0.11.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2451399 [ 4 ] Bug #2452243 - rust-sha1-0.11.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2452243 [ 5 ] Bug #2452306 - rust-md-5-0.11.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2452306 [ 6 ] Bug #2452336 - rust-streebog-0.11.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2452336 [ 7 ] Bug #2452924 - rust-hmac-0.13.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2452924 [ 8 ] Bug #2466588 - rust-quick-xml-0.40.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=2466588 -------------------------------------------------------------------------------- ================================================================================ rust-md-5_0.10-0.10.6-1.el9 (FEDORA-EPEL-2026-b89b964abe) MD5 hash function -------------------------------------------------------------------------------- Update Information: Update a number of RustCrypto crates, providing compat packages for most of them. Update the quick-xml crate to 0.40.1. -------------------------------------------------------------------------------- ChangeLog: * Tue Jun 9 2026 Benjamin A. Beasley <code(a)musicinmybrain.net> - 0.10.6-1 - Initial compat package -------------------------------------------------------------------------------- References: [ 1 ] Bug #2347316 - rust-const-oid-0.10.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=2347316 [ 2 ] Bug #2439655 - rust-digest-0.11.3 is available https://bugzilla.redhat.com/show_bug.cgi?id=2439655 [ 3 ] Bug #2451399 - rust-sha2-0.11.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2451399 [ 4 ] Bug #2452243 - rust-sha1-0.11.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2452243 [ 5 ] Bug #2452306 - rust-md-5-0.11.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2452306 [ 6 ] Bug #2452336 - rust-streebog-0.11.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2452336 [ 7 ] Bug #2452924 - rust-hmac-0.13.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2452924 [ 8 ] Bug #2466588 - rust-quick-xml-0.40.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=2466588 -------------------------------------------------------------------------------- ================================================================================ rust-pbkdf2-0.12.2-9.el9 (FEDORA-EPEL-2026-b89b964abe) Generic implementation of PBKDF2 -------------------------------------------------------------------------------- Update Information: Update a number of RustCrypto crates, providing compat packages for most of them. Update the quick-xml crate to 0.40.1. -------------------------------------------------------------------------------- ChangeLog: * Mon Jun 8 2026 Benjamin A. Beasley <code(a)musicinmybrain.net> - 0.12.2-9 - Avoid the streebog dev-dependency * Sat Jan 17 2026 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.12.2-8 - Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #2347316 - rust-const-oid-0.10.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=2347316 [ 2 ] Bug #2439655 - rust-digest-0.11.3 is available https://bugzilla.redhat.com/show_bug.cgi?id=2439655 [ 3 ] Bug #2451399 - rust-sha2-0.11.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2451399 [ 4 ] Bug #2452243 - rust-sha1-0.11.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2452243 [ 5 ] Bug #2452306 - rust-md-5-0.11.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2452306 [ 6 ] Bug #2452336 - rust-streebog-0.11.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2452336 [ 7 ] Bug #2452924 - rust-hmac-0.13.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2452924 [ 8 ] Bug #2466588 - rust-quick-xml-0.40.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=2466588 -------------------------------------------------------------------------------- ================================================================================ rust-platforms-3.11.0-1.el9 (FEDORA-EPEL-2026-4955709647) Rust platform registry with information about valid Rust platforms -------------------------------------------------------------------------------- Update Information: Update to version 3.11.0. -------------------------------------------------------------------------------- ChangeLog: * Tue Jun 9 2026 Fabio Valentini <decathorpe(a)gmail.com> - 3.11.0-1 - Update to version 3.11.0; Fixes RHBZ#2485512 -------------------------------------------------------------------------------- ================================================================================ rust-quick-xml-0.40.1-1.el9 (FEDORA-EPEL-2026-b89b964abe) High performance xml reader and writer -------------------------------------------------------------------------------- Update Information: Update a number of RustCrypto crates, providing compat packages for most of them. Update the quick-xml crate to 0.40.1. -------------------------------------------------------------------------------- ChangeLog: * Mon Jun 8 2026 Benjamin A. Beasley <code(a)musicinmybrain.net> - 0.40.1-1 - Update to version 0.40.1; Fixes RHBZ#2466588 * Mon Jun 8 2026 Benjamin A. Beasley <code(a)musicinmybrain.net> - 0.39.4-1 - Update to version 0.39.4 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2347316 - rust-const-oid-0.10.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=2347316 [ 2 ] Bug #2439655 - rust-digest-0.11.3 is available https://bugzilla.redhat.com/show_bug.cgi?id=2439655 [ 3 ] Bug #2451399 - rust-sha2-0.11.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2451399 [ 4 ] Bug #2452243 - rust-sha1-0.11.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2452243 [ 5 ] Bug #2452306 - rust-md-5-0.11.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2452306 [ 6 ] Bug #2452336 - rust-streebog-0.11.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2452336 [ 7 ] Bug #2452924 - rust-hmac-0.13.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2452924 [ 8 ] Bug #2466588 - rust-quick-xml-0.40.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=2466588 -------------------------------------------------------------------------------- ================================================================================ rust-sha1-0.11.0-1.el9 (FEDORA-EPEL-2026-b89b964abe) SHA-1 hash function -------------------------------------------------------------------------------- Update Information: Update a number of RustCrypto crates, providing compat packages for most of them. Update the quick-xml crate to 0.40.1. -------------------------------------------------------------------------------- ChangeLog: * Mon Jun 8 2026 Benjamin A. Beasley <code(a)musicinmybrain.net> - 0.11.0-1 - Update to version 0.11.0; Fixes RHBZ#2452243 * Sat Jan 17 2026 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.10.6-6 - Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild * Fri Jul 25 2025 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.10.6-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild * Sun Jan 19 2025 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.10.6-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild * Sat Jul 20 2024 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.10.6-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #2347316 - rust-const-oid-0.10.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=2347316 [ 2 ] Bug #2439655 - rust-digest-0.11.3 is available https://bugzilla.redhat.com/show_bug.cgi?id=2439655 [ 3 ] Bug #2451399 - rust-sha2-0.11.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2451399 [ 4 ] Bug #2452243 - rust-sha1-0.11.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2452243 [ 5 ] Bug #2452306 - rust-md-5-0.11.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2452306 [ 6 ] Bug #2452336 - rust-streebog-0.11.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2452336 [ 7 ] Bug #2452924 - rust-hmac-0.13.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2452924 [ 8 ] Bug #2466588 - rust-quick-xml-0.40.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=2466588 -------------------------------------------------------------------------------- ================================================================================ rust-sha1_0.10-0.10.6-1.el9 (FEDORA-EPEL-2026-b89b964abe) SHA-1 hash function -------------------------------------------------------------------------------- Update Information: Update a number of RustCrypto crates, providing compat packages for most of them. Update the quick-xml crate to 0.40.1. -------------------------------------------------------------------------------- ChangeLog: * Tue Jun 9 2026 Benjamin A. Beasley <code(a)musicinmybrain.net> - 0.10.6-1 - Initial compat package -------------------------------------------------------------------------------- References: [ 1 ] Bug #2347316 - rust-const-oid-0.10.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=2347316 [ 2 ] Bug #2439655 - rust-digest-0.11.3 is available https://bugzilla.redhat.com/show_bug.cgi?id=2439655 [ 3 ] Bug #2451399 - rust-sha2-0.11.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2451399 [ 4 ] Bug #2452243 - rust-sha1-0.11.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2452243 [ 5 ] Bug #2452306 - rust-md-5-0.11.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2452306 [ 6 ] Bug #2452336 - rust-streebog-0.11.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2452336 [ 7 ] Bug #2452924 - rust-hmac-0.13.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2452924 [ 8 ] Bug #2466588 - rust-quick-xml-0.40.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=2466588 -------------------------------------------------------------------------------- ================================================================================ rust-sha2-0.11.0-1.el9 (FEDORA-EPEL-2026-b89b964abe) Pure Rust implementation of the SHA-2 hash function family -------------------------------------------------------------------------------- Update Information: Update a number of RustCrypto crates, providing compat packages for most of them. Update the quick-xml crate to 0.40.1. -------------------------------------------------------------------------------- ChangeLog: * Mon Jun 8 2026 Benjamin A. Beasley <code(a)musicinmybrain.net> - 0.11.0-1 - Update to version 0.11.0; Fixes RHBZ#2451399 * Sat Jan 17 2026 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.10.9-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild * Fri Jul 25 2025 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.10.9-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #2347316 - rust-const-oid-0.10.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=2347316 [ 2 ] Bug #2439655 - rust-digest-0.11.3 is available https://bugzilla.redhat.com/show_bug.cgi?id=2439655 [ 3 ] Bug #2451399 - rust-sha2-0.11.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2451399 [ 4 ] Bug #2452243 - rust-sha1-0.11.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2452243 [ 5 ] Bug #2452306 - rust-md-5-0.11.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2452306 [ 6 ] Bug #2452336 - rust-streebog-0.11.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2452336 [ 7 ] Bug #2452924 - rust-hmac-0.13.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2452924 [ 8 ] Bug #2466588 - rust-quick-xml-0.40.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=2466588 -------------------------------------------------------------------------------- ================================================================================ rust-sha2_0.10-0.10.9-1.el9 (FEDORA-EPEL-2026-b89b964abe) Pure Rust implementation of the SHA-2 hash function family -------------------------------------------------------------------------------- Update Information: Update a number of RustCrypto crates, providing compat packages for most of them. Update the quick-xml crate to 0.40.1. -------------------------------------------------------------------------------- ChangeLog: * Tue Jun 9 2026 Benjamin A. Beasley <code(a)musicinmybrain.net> - 0.10.9-1 - Initial compat package -------------------------------------------------------------------------------- References: [ 1 ] Bug #2347316 - rust-const-oid-0.10.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=2347316 [ 2 ] Bug #2439655 - rust-digest-0.11.3 is available https://bugzilla.redhat.com/show_bug.cgi?id=2439655 [ 3 ] Bug #2451399 - rust-sha2-0.11.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2451399 [ 4 ] Bug #2452243 - rust-sha1-0.11.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2452243 [ 5 ] Bug #2452306 - rust-md-5-0.11.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2452306 [ 6 ] Bug #2452336 - rust-streebog-0.11.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2452336 [ 7 ] Bug #2452924 - rust-hmac-0.13.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2452924 [ 8 ] Bug #2466588 - rust-quick-xml-0.40.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=2466588 -------------------------------------------------------------------------------- ================================================================================ rust-streebog-0.11.0-1.el9 (FEDORA-EPEL-2026-b89b964abe) Streebog (GOST R 34.11-2012) hash function -------------------------------------------------------------------------------- Update Information: Update a number of RustCrypto crates, providing compat packages for most of them. Update the quick-xml crate to 0.40.1. -------------------------------------------------------------------------------- ChangeLog: * Mon Jun 8 2026 Benjamin A. Beasley <code(a)musicinmybrain.net> - 0.11.0-1 - Update to version 0.11.0; Fixes RHBZ#2452336 * Sat Jan 17 2026 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.10.2-7 - Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild * Fri Jul 25 2025 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.10.2-6 - Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild * Sun Jan 19 2025 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.10.2-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild * Sat Jul 20 2024 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.10.2-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #2347316 - rust-const-oid-0.10.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=2347316 [ 2 ] Bug #2439655 - rust-digest-0.11.3 is available https://bugzilla.redhat.com/show_bug.cgi?id=2439655 [ 3 ] Bug #2451399 - rust-sha2-0.11.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2451399 [ 4 ] Bug #2452243 - rust-sha1-0.11.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2452243 [ 5 ] Bug #2452306 - rust-md-5-0.11.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2452306 [ 6 ] Bug #2452336 - rust-streebog-0.11.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2452336 [ 7 ] Bug #2452924 - rust-hmac-0.13.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2452924 [ 8 ] Bug #2466588 - rust-quick-xml-0.40.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=2466588 -------------------------------------------------------------------------------- ================================================================================ rust-uuid-1.23.3-1.el9 (FEDORA-EPEL-2026-cc6dd668f2) Library to generate and parse UUIDs -------------------------------------------------------------------------------- Update Information: Update to version 1.23.3. Update to version 1.23.2. -------------------------------------------------------------------------------- ChangeLog: * Tue Jun 9 2026 Fabio Valentini <decathorpe(a)gmail.com> - 1.23.3-1 - Update to version 1.23.3; Fixes RHBZ#2486944 * Thu Jun 4 2026 Fabio Valentini <decathorpe(a)gmail.com> - 1.23.2-1 - Update to version 1.23.2; Fixes RHBZ#2458891 -------------------------------------------------------------------------------- ================================================================================ rust-vsimd-0.8.0-6.el9 (FEDORA-EPEL-2026-7c5f5513ef) SIMD utilities -------------------------------------------------------------------------------- Update Information: Update rust-const-str / rust-const-str-proc-macro to 1.1.0. -------------------------------------------------------------------------------- ChangeLog: * Sun Jun 7 2026 Benjamin A. Beasley <code(a)musicinmybrain.net> - 0.8.0-6 - Allow const-str 1 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2392497 - rust-const-str-proc-macro-1.1.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2392497 [ 2 ] Bug #2392498 - rust-const-str-1.1.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2392498 -------------------------------------------------------------------------------- ================================================================================ rust-wayland-scanner-0.31.10-2.el9 (FEDORA-EPEL-2026-b89b964abe) Wayland Scanner for generating rust APIs from XML wayland protocol files -------------------------------------------------------------------------------- Update Information: Update a number of RustCrypto crates, providing compat packages for most of them. Update the quick-xml crate to 0.40.1. -------------------------------------------------------------------------------- ChangeLog: * Tue Jun 9 2026 Benjamin A. Beasley <code(a)musicinmybrain.net> - 0.31.10-2 - Update quick-xml to 0.40 and similar to v3 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2347316 - rust-const-oid-0.10.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=2347316 [ 2 ] Bug #2439655 - rust-digest-0.11.3 is available https://bugzilla.redhat.com/show_bug.cgi?id=2439655 [ 3 ] Bug #2451399 - rust-sha2-0.11.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2451399 [ 4 ] Bug #2452243 - rust-sha1-0.11.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2452243 [ 5 ] Bug #2452306 - rust-md-5-0.11.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2452306 [ 6 ] Bug #2452336 - rust-streebog-0.11.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2452336 [ 7 ] Bug #2452924 - rust-hmac-0.13.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2452924 [ 8 ] Bug #2466588 - rust-quick-xml-0.40.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=2466588 --------------------------------------------------------------------------------

1 0

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

epel-devel June 2026