December 2025 - Epel-packagers-sig - Fedora mailing-lists

[Bug 2417543] New: python-hypothesis-6.148.3 is available
by bugzilla＠redhat.com 23 Jan '26

23 Jan '26

https://bugzilla.redhat.com/show_bug.cgi?id=2417543 Bug ID: 2417543 Summary: python-hypothesis-6.148.3 is available Product: Fedora Version: rawhide Status: NEW Component: python-hypothesis Keywords: FutureFeature, Triaged Assignee: mhroncok(a)redhat.com Reporter: upstream-release-monitoring(a)fedoraproject.org QA Contact: extras-qa(a)fedoraproject.org CC: davide(a)cavalca.name, epel-packagers-sig(a)lists.fedoraproject.org, igor.raits(a)gmail.com, kkeithle(a)redhat.com, mhroncok(a)redhat.com, michel(a)michel-slm.name, pingou(a)pingoured.fr, python-packagers-sig(a)lists.fedoraproject.org Target Milestone: --- Classification: Fedora Releases retrieved: 6.148.3 Upstream release that is considered latest: 6.148.3 Current version/release in rawhide: 6.123.0-7.fc44 URL: https://hypothesis.works/ Please consult the package updates policy before you issue an update to a stable branch: https://docs.fedoraproject.org/en-US/fesco/Updates_Policy/ More information about the service that created this bug can be found at: https://docs.fedoraproject.org/en-US/package-maintainers/Upstream_Release_M… Please keep in mind that with any upstream change, there may also be packaging changes that need to be made. Specifically, please remember that it is your responsibility to review the new version to ensure that the licensing is still correct and that no non-free or legally problematic items have been added upstream. Based on the information from Anitya: https://release-monitoring.org/project/7372/ To change the monitoring settings for the project, please visit: https://src.fedoraproject.org/rpms/python-hypothesis -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2417543 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-sp…

1 12

[Bug 2426332] New: fennel-1.6.1 is available
by bugzilla＠redhat.com 23 Jan '26

23 Jan '26

https://bugzilla.redhat.com/show_bug.cgi?id=2426332 Bug ID: 2426332 Summary: fennel-1.6.1 is available Product: Fedora Version: rawhide Status: NEW Component: fennel Keywords: FutureFeature, Triaged Assignee: michel(a)michel-slm.name Reporter: upstream-release-monitoring(a)fedoraproject.org QA Contact: extras-qa(a)fedoraproject.org CC: epel-packagers-sig(a)lists.fedoraproject.org, lua-packagers-sig(a)lists.fedoraproject.org, michel(a)michel-slm.name Target Milestone: --- Classification: Fedora Releases retrieved: 1.6.1 Upstream release that is considered latest: 1.6.1 Current version/release in rawhide: 1.6.0-1.fc44 URL: https://fennel-lang.org/ Please consult the package updates policy before you issue an update to a stable branch: https://docs.fedoraproject.org/en-US/fesco/Updates_Policy/ More information about the service that created this bug can be found at: https://docs.fedoraproject.org/en-US/package-maintainers/Upstream_Release_M… Please keep in mind that with any upstream change, there may also be packaging changes that need to be made. Specifically, please remember that it is your responsibility to review the new version to ensure that the licensing is still correct and that no non-free or legally problematic items have been added upstream. Based on the information from Anitya: https://release-monitoring.org/project/22691/ To change the monitoring settings for the project, please visit: https://src.fedoraproject.org/rpms/fennel -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2426332 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-sp…

1 16

[Bug 2420140] New: FBX exporter does not work
by bugzilla＠redhat.com 23 Jan '26

23 Jan '26

https://bugzilla.redhat.com/show_bug.cgi?id=2420140 Bug ID: 2420140 Summary: FBX exporter does not work Product: Fedora Version: 43 Hardware: x86_64 OS: Linux Status: NEW Component: blender Severity: high Assignee: luya_tfz(a)thefinalzone.net Reporter: snuutti(a)protonmail.com QA Contact: extras-qa(a)fedoraproject.org CC: code(a)musicinmybrain.net, design-devel(a)lists.fedoraproject.org, epel-packagers-sig(a)lists.fedoraproject.org, luya_tfz(a)thefinalzone.net, negativo17(a)gmail.com Target Milestone: --- Classification: Fedora Blender's FBX export functionality no longer works after upgrading to Fedora 43. When attempting to export to the FBX format, an error popup is shown instead. This issue doesn't require a specific blender file to happen, it happens even with just the default unchanged scene. This happens on both of my machines, both with fresh Blender installations. Reproducible: Always Steps to Reproduce: 1. Open Blender 2. Go to File->Export->FBX 3. Click Export FBX 4. Notice the error popup Actual Results: A popup displaying a bunch of Python tracebacks is shown. Expected Results: Create the FBX file of the 3D model. -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2420140 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-sp…

1 9

[Bug 2415198] New: python-asttokens-3.0.1 is available
by bugzilla＠redhat.com 22 Jan '26

22 Jan '26

https://bugzilla.redhat.com/show_bug.cgi?id=2415198 Bug ID: 2415198 Summary: python-asttokens-3.0.1 is available Product: Fedora Version: rawhide Status: NEW Component: python-asttokens Keywords: FutureFeature, Triaged Assignee: zbyszek(a)in.waw.pl Reporter: upstream-release-monitoring(a)fedoraproject.org QA Contact: extras-qa(a)fedoraproject.org CC: epel-packagers-sig(a)lists.fedoraproject.org, michel(a)michel-slm.name, romain.geissler(a)amadeus.com, zbyszek(a)in.waw.pl Target Milestone: --- Classification: Fedora Releases retrieved: 3.0.1 Upstream release that is considered latest: 3.0.1 Current version/release in rawhide: 3.0.0-5.fc44 URL: https://pypi.python.org/pypi/asttokens Please consult the package updates policy before you issue an update to a stable branch: https://docs.fedoraproject.org/en-US/fesco/Updates_Policy/ More information about the service that created this bug can be found at: https://docs.fedoraproject.org/en-US/package-maintainers/Upstream_Release_M… Please keep in mind that with any upstream change, there may also be packaging changes that need to be made. Specifically, please remember that it is your responsibility to review the new version to ensure that the licensing is still correct and that no non-free or legally problematic items have been added upstream. Based on the information from Anitya: https://release-monitoring.org/project/19936/ To change the monitoring settings for the project, please visit: https://src.fedoraproject.org/rpms/python-asttokens -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2415198 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-sp…

1 2

[Bug 2419631] New: CVE-2025-66577 cpp-httplib: cpp-httplib Untrusted HTTP Header Handling: X-Forwarded-For/X-Real-IP Trust [fedora-42]
by bugzilla＠redhat.com 22 Jan '26

22 Jan '26

https://bugzilla.redhat.com/show_bug.cgi?id=2419631 Bug ID: 2419631 Summary: CVE-2025-66577 cpp-httplib: cpp-httplib Untrusted HTTP Header Handling: X-Forwarded-For/X-Real-IP Trust [fedora-42] Product: Fedora Version: 42 Status: NEW Whiteboard: {"flaws": ["64ef2a64-7089-421a-86ab-7b8bc2d0d192"]} Component: cpp-httplib Keywords: Security, SecurityTracking Severity: medium Priority: medium Assignee: pemensik(a)redhat.com Reporter: jmoroney(a)redhat.com CC: epel-packagers-sig(a)lists.fedoraproject.org, orion(a)nwra.com, pemensik(a)redhat.com Blocks: 2419506 Target Milestone: --- Classification: Fedora Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process. The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT. https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essent… -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2419631 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-sp…

1 3

[Bug 2419548] New: CVE-2025-66570 cpp-httplib: cpp-httplib Untrusted HTTP Header Handling [fedora-42]
by bugzilla＠redhat.com 22 Jan '26

22 Jan '26

https://bugzilla.redhat.com/show_bug.cgi?id=2419548 Bug ID: 2419548 Summary: CVE-2025-66570 cpp-httplib: cpp-httplib Untrusted HTTP Header Handling [fedora-42] Product: Fedora Version: 42 Status: NEW Whiteboard: {"flaws": ["0069bd81-787e-4cd2-a322-abbd4281ad3c"]} Component: cpp-httplib Keywords: Security, SecurityTracking Severity: urgent Priority: urgent Assignee: pemensik(a)redhat.com Reporter: jmoroney(a)redhat.com CC: epel-packagers-sig(a)lists.fedoraproject.org, orion(a)nwra.com, pemensik(a)redhat.com Blocks: 2419501 Target Milestone: --- Classification: Fedora Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process. The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT. https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essent… -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2419548 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-sp…

1 3

[Bug 2379431] New: CVE-2025-53629 cpp-httplib: cpp-httplib Unbounded Memory Allocation in Chunked/No-Length Requests Vulnerability [fedora-42]
by bugzilla＠redhat.com 22 Jan '26

22 Jan '26

https://bugzilla.redhat.com/show_bug.cgi?id=2379431 Bug ID: 2379431 Summary: CVE-2025-53629 cpp-httplib: cpp-httplib Unbounded Memory Allocation in Chunked/No-Length Requests Vulnerability [fedora-42] Product: Fedora Version: 42 Status: NEW Whiteboard: {"flaws": ["a887e510-2f3f-43f8-a1d6-2407f9573f38"]} Component: cpp-httplib Keywords: Security, SecurityTracking Severity: high Priority: high Assignee: pemensik(a)redhat.com Reporter: jmoroney(a)redhat.com CC: epel-packagers-sig(a)lists.fedoraproject.org, orion(a)nwra.com, pemensik(a)redhat.com Blocks: 2379389 Target Milestone: --- Classification: Fedora More information about this security flaw is available in the following bug: https://bugzilla.redhat.com/show_bug.cgi?id=2379389 Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process. -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2379431 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-sp…

1 3

[Bug 2364284] New: CVE-2025-46728 cpp-httplib: cpp-httplib has Unbounded Memory Allocation in Chunked/No-Length Requests [fedora-42]
by bugzilla＠redhat.com 22 Jan '26

22 Jan '26

https://bugzilla.redhat.com/show_bug.cgi?id=2364284 Bug ID: 2364284 Summary: CVE-2025-46728 cpp-httplib: cpp-httplib has Unbounded Memory Allocation in Chunked/No-Length Requests [fedora-42] Product: Fedora Version: 42 Status: NEW Whiteboard: {"flaws": ["01fb962b-0af2-4cde-81a7-2ce8beff6043"]} Component: cpp-httplib Keywords: Security, SecurityTracking Severity: high Priority: high Assignee: pemensik(a)redhat.com Reporter: ahanwate(a)redhat.com CC: epel-packagers-sig(a)lists.fedoraproject.org, orion(a)nwra.com, pemensik(a)redhat.com Blocks: 2364271 Target Milestone: --- Classification: Fedora More information about this security flaw is available in the following bug: https://bugzilla.redhat.com/show_bug.cgi?id=2364271 Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process. -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2364284 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-sp…

1 3

[Bug 2403696] New: CVE-2025-11731 mingw-libxslt: Type Confusion in exsltFuncResultCompfunction of libxslt [fedora-all]
by bugzilla＠redhat.com 22 Jan '26

22 Jan '26

https://bugzilla.redhat.com/show_bug.cgi?id=2403696 Bug ID: 2403696 Summary: CVE-2025-11731 mingw-libxslt: Type Confusion in exsltFuncResultCompfunction of libxslt [fedora-all] Product: Fedora Version: 42 Status: NEW Whiteboard: {"flaws": ["90c8e177-1af9-4400-8110-d44e8ef710c0"]} Component: mingw-libxslt Keywords: Security, SecurityTracking Severity: low Priority: low Assignee: kalevlember(a)gmail.com Reporter: abhraj(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: epel-packagers-sig(a)lists.fedoraproject.org, kalevlember(a)gmail.com, manisandro(a)gmail.com, orion(a)nwra.com, rjones(a)redhat.com Blocks: 2403688 Target Milestone: --- Classification: Fedora Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process. The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT. https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essent… -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2403696 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-sp…

1 6

[Bug 2398129] New: CVE-2025-10911 mingw-libxslt: use-after-free with key data stored cross-RVT [fedora-42]
by bugzilla＠redhat.com 22 Jan '26

22 Jan '26

https://bugzilla.redhat.com/show_bug.cgi?id=2398129 Bug ID: 2398129 Summary: CVE-2025-10911 mingw-libxslt: use-after-free with key data stored cross-RVT [fedora-42] Product: Fedora Version: 42 Status: NEW Whiteboard: {"flaws": ["cd207b46-2579-4110-9899-3eebc5197e84"]} Component: mingw-libxslt Keywords: Security, SecurityTracking Severity: medium Priority: medium Assignee: kalevlember(a)gmail.com Reporter: psampaio(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: epel-packagers-sig(a)lists.fedoraproject.org, kalevlember(a)gmail.com, manisandro(a)gmail.com, orion(a)nwra.com, rjones(a)redhat.com Blocks: 2397838 Target Milestone: --- Classification: Fedora Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process. The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT. https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essent… -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2398129 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-sp…

1 6

2026

2025

2024

2023

2022

2021

Epel-packagers-sig December 2025