- Epel-packagers-sig - Fedora mailing-lists

[Bug 2418489] New: CVE-2025-65896 python-asyncmy: Asyncmy SQL injection [fedora-43]
by bugzilla＠redhat.com 11 Dec '25

11 Dec '25

https://bugzilla.redhat.com/show_bug.cgi?id=2418489 Bug ID: 2418489 Summary: CVE-2025-65896 python-asyncmy: Asyncmy SQL injection [fedora-43] Product: Fedora Version: 43 Status: NEW Whiteboard: {"flaws": ["15c909b6-40cb-48a6-8eef-a770c657891e"]} Component: python-asyncmy Keywords: Security, SecurityTracking Severity: high Priority: high Assignee: nphilipp(a)redhat.com Reporter: jmoroney(a)redhat.com CC: epel-packagers-sig(a)lists.fedoraproject.org, nphilipp(a)redhat.com, python-packagers-sig(a)lists.fedoraproject.org Blocks: 2418446 Target Milestone: --- Classification: Fedora Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process. The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT. https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essent… -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2418489 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-sp…

1 1

[Bug 2418488] New: CVE-2025-65896 python-asyncmy: Asyncmy SQL injection [fedora-42]
by bugzilla＠redhat.com 11 Dec '25

11 Dec '25

https://bugzilla.redhat.com/show_bug.cgi?id=2418488 Bug ID: 2418488 Summary: CVE-2025-65896 python-asyncmy: Asyncmy SQL injection [fedora-42] Product: Fedora Version: 42 Status: NEW Whiteboard: {"flaws": ["15c909b6-40cb-48a6-8eef-a770c657891e"]} Component: python-asyncmy Keywords: Security, SecurityTracking Severity: high Priority: high Assignee: nphilipp(a)redhat.com Reporter: jmoroney(a)redhat.com CC: epel-packagers-sig(a)lists.fedoraproject.org, nphilipp(a)redhat.com, python-packagers-sig(a)lists.fedoraproject.org Blocks: 2418446 Target Milestone: --- Classification: Fedora Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process. The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT. https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essent… -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2418488 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-sp…

1 1

[Bug 2413786] New: python-django-compressor-4.6.0 is available
by bugzilla＠redhat.com 11 Dec '25

11 Dec '25

https://bugzilla.redhat.com/show_bug.cgi?id=2413786 Bug ID: 2413786 Summary: python-django-compressor-4.6.0 is available Product: Fedora Version: rawhide Status: NEW Component: python-django-compressor Keywords: FutureFeature, Triaged Assignee: aekoroglu(a)gmail.com Reporter: upstream-release-monitoring(a)fedoraproject.org QA Contact: extras-qa(a)fedoraproject.org CC: aekoroglu(a)gmail.com, epel-packagers-sig(a)lists.fedoraproject.org, infra-sig(a)lists.fedoraproject.org, michel(a)michel-slm.name, mrunge(a)redhat.com Target Milestone: --- Classification: Fedora Releases retrieved: 4.6.0 Upstream release that is considered latest: 4.6.0 Current version/release in rawhide: 4.5.1-8.fc44 URL: http://pypi.python.org/pypi/django_compressor/2.1 Please consult the package updates policy before you issue an update to a stable branch: https://docs.fedoraproject.org/en-US/fesco/Updates_Policy/ More information about the service that created this bug can be found at: https://docs.fedoraproject.org/en-US/package-maintainers/Upstream_Release_M… Please keep in mind that with any upstream change, there may also be packaging changes that need to be made. Specifically, please remember that it is your responsibility to review the new version to ensure that the licensing is still correct and that no non-free or legally problematic items have been added upstream. Based on the information from Anitya: https://release-monitoring.org/project/3833/ To change the monitoring settings for the project, please visit: https://src.fedoraproject.org/rpms/python-django-compressor -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2413786 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-sp…

1 9

[Bug 2418538] New: CVE-2025-64756 yarnpkg: glob CLI: Command injection via -c/--cmd executes matches with shell:true [fedora-43]
by bugzilla＠redhat.com 11 Dec '25

11 Dec '25

https://bugzilla.redhat.com/show_bug.cgi?id=2418538 Bug ID: 2418538 Summary: CVE-2025-64756 yarnpkg: glob CLI: Command injection via -c/--cmd executes matches with shell:true [fedora-43] Product: Fedora Version: 43 Status: NEW Whiteboard: {"flaws": ["7ad95cb4-2965-4f70-8f15-6308b9c0ec95"]} Component: yarnpkg Keywords: Security, SecurityTracking Severity: high Priority: high Assignee: ngompa13(a)gmail.com Reporter: mbenatto(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: epel-packagers-sig(a)lists.fedoraproject.org, manisandro(a)gmail.com, ngompa13(a)gmail.com Blocks: 2415451 Target Milestone: --- Classification: Fedora Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process. The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT. https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essent… -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2418538 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-sp…

1 12

[Bug 2418532] New: CVE-2025-64756 yarnpkg: glob CLI: Command injection via -c/--cmd executes matches with shell:true [fedora-42]
by bugzilla＠redhat.com 11 Dec '25

11 Dec '25

https://bugzilla.redhat.com/show_bug.cgi?id=2418532 Bug ID: 2418532 Summary: CVE-2025-64756 yarnpkg: glob CLI: Command injection via -c/--cmd executes matches with shell:true [fedora-42] Product: Fedora Version: 42 Status: NEW Whiteboard: {"flaws": ["7ad95cb4-2965-4f70-8f15-6308b9c0ec95"]} Component: yarnpkg Keywords: Security, SecurityTracking Severity: high Priority: high Assignee: ngompa13(a)gmail.com Reporter: mbenatto(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: epel-packagers-sig(a)lists.fedoraproject.org, manisandro(a)gmail.com, ngompa13(a)gmail.com Blocks: 2415451 Target Milestone: --- Classification: Fedora Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process. The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT. https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essent… -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2418532 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-sp…

1 12

[Bug 2418529] New: CVE-2025-64756 yarnpkg: glob CLI: Command injection via -c/--cmd executes matches with shell:true [epel-10]
by bugzilla＠redhat.com 11 Dec '25

11 Dec '25

https://bugzilla.redhat.com/show_bug.cgi?id=2418529 Bug ID: 2418529 Summary: CVE-2025-64756 yarnpkg: glob CLI: Command injection via -c/--cmd executes matches with shell:true [epel-10] Product: Fedora EPEL Version: epel10 Status: NEW Whiteboard: {"flaws": ["7ad95cb4-2965-4f70-8f15-6308b9c0ec95"]} Component: yarnpkg Keywords: Security, SecurityTracking Severity: high Priority: high Assignee: ngompa13(a)gmail.com Reporter: mbenatto(a)redhat.com CC: epel-packagers-sig(a)lists.fedoraproject.org, manisandro(a)gmail.com, ngompa13(a)gmail.com Blocks: 2415451 Target Milestone: --- Classification: Fedora Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process. The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT. https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essent… -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2418529 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-sp…

1 10

[Bug 2400659] New: CVE-2025-9230 openssl3: Out-of-bounds read & write in RFC 3211 KEK Unwrap [epel-8]
by bugzilla＠redhat.com 11 Dec '25

11 Dec '25

https://bugzilla.redhat.com/show_bug.cgi?id=2400659 Bug ID: 2400659 Summary: CVE-2025-9230 openssl3: Out-of-bounds read & write in RFC 3211 KEK Unwrap [epel-8] Product: Fedora EPEL Version: epel8 Status: NEW Whiteboard: {"flaws": ["40846a52-d986-44af-b942-12ac2aa656f3"]} Component: openssl3 Keywords: Security, SecurityTracking Severity: medium Priority: medium Assignee: michel(a)michel-slm.name Reporter: mfindra(a)redhat.com CC: epel-packagers-sig(a)lists.fedoraproject.org, michel(a)michel-slm.name Blocks: 2396054 (CVE-2025-9230) Target Milestone: --- Classification: Fedora Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process. The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT. https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essent… Referenced Bugs: https://bugzilla.redhat.com/show_bug.cgi?id=2396054 [Bug 2396054] CVE-2025-9230 openssl: Out-of-bounds read & write in RFC 3211 KEK Unwrap -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2400659 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-sp…

1 4

[Bug 2351408] New: zile-2.6.3 is available
by bugzilla＠redhat.com 11 Dec '25

11 Dec '25

https://bugzilla.redhat.com/show_bug.cgi?id=2351408 Bug ID: 2351408 Summary: zile-2.6.3 is available Product: Fedora Version: rawhide Status: NEW Component: zile Keywords: FutureFeature, Triaged Assignee: spacewar(a)gmail.com Reporter: upstream-release-monitoring(a)fedoraproject.org QA Contact: extras-qa(a)fedoraproject.org CC: epel-packagers-sig(a)lists.fedoraproject.org, michel(a)michel-slm.name, spacewar(a)gmail.com Target Milestone: --- Classification: Fedora Releases retrieved: 2.6.3 Upstream release that is considered latest: 2.6.3 Current version/release in rawhide: 2.6.2-8.fc42 URL: http://www.gnu.org/software/zile/ Please consult the package updates policy before you issue an update to a stable branch: https://docs.fedoraproject.org/en-US/fesco/Updates_Policy/ More information about the service that created this bug can be found at: https://docs.fedoraproject.org/en-US/package-maintainers/Upstream_Release_M… Please keep in mind that with any upstream change, there may also be packaging changes that need to be made. Specifically, please remember that it is your responsibility to review the new version to ensure that the licensing is still correct and that no non-free or legally problematic items have been added upstream. Based on the information from Anitya: https://release-monitoring.org/project/5300/ To change the monitoring settings for the project, please visit: https://src.fedoraproject.org/rpms/zile -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2351408 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-sp…

1 19

[Bug 2420960] New: Please branch and build zile in epel10
by bugzilla＠redhat.com 11 Dec '25

11 Dec '25

https://bugzilla.redhat.com/show_bug.cgi?id=2420960 Bug ID: 2420960 Summary: Please branch and build zile in epel10 Product: Fedora EPEL Version: epel10 Status: NEW Component: zile Assignee: epel-packagers-sig(a)lists.fedoraproject.org Reporter: michel(a)michel-slm.name QA Contact: extras-qa(a)fedoraproject.org CC: epel-packagers-sig(a)lists.fedoraproject.org, michel(a)michel-slm.name, spacewar(a)gmail.com Target Milestone: --- Classification: Fedora Please branch and build zile in epel10. -- You are receiving this mail because: You are on the CC list for the bug. You are the assignee for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2420960 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-sp…

1 3

[Bug 2368746] New: python-oslo-log fails to build with Python 3.14: 2 test failures (MismatchErrors)
by bugzilla＠redhat.com 11 Dec '25

11 Dec '25

https://bugzilla.redhat.com/show_bug.cgi?id=2368746 Bug ID: 2368746 Summary: python-oslo-log fails to build with Python 3.14: 2 test failures (MismatchErrors) Product: Fedora Version: rawhide Status: NEW Component: python-oslo-log Severity: urgent Assignee: extras-orphan(a)fedoraproject.org Reporter: mhroncok(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: apevec(a)redhat.com, epel-packagers-sig(a)lists.fedoraproject.org, extras-orphan(a)fedoraproject.org, karlthered(a)gmail.com, ksurma(a)redhat.com, mhroncok(a)redhat.com, openstack-sig(a)lists.fedoraproject.org Blocks: 2322407 (PYTHON3.14) Target Milestone: --- Classification: Fedora python-oslo-log fails to build with Python 3.14.0b2. ============================== Failed 2 tests - output below: ============================== oslo_log.tests.unit.test_rate_limit.LogRateLimitTestCase.test_rate_limit_except_level ------------------------------------------------------------------------------------- Captured traceback: ~~~~~~~~~~~~~~~~~~~ Traceback (most recent call last): File "/usr/lib64/python3.14/unittest/mock.py", line 1427, in patched return func(*newargs, **newkeywargs) File "/builddir/build/BUILD/python-oslo-log-6.1.2-build/oslo.log-6.1.2/oslo_log/tests/unit/test_rate_limit.py", line 87, in test_rate_limit_except_level self.assertEqual(stream.getvalue(), ~~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^ 'error 1\n' ^^^^^^^^^^^ 'Logging rate limit: drop after 1 records/1 sec\n' ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ 'critical 3\n' ^^^^^^^^^^^^^^ 'critical 4\n') ^^^^^^^^^^^^^^^ File "/usr/lib/python3.14/site-packages/testtools/testcase.py", line 421, in assertEqual self.assertThat(observed, matcher, message) ~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/lib/python3.14/site-packages/testtools/testcase.py", line 511, in assertThat raise mismatch_error testtools.matchers._impl.MismatchError: !=: reference = '''\ error 1 critical 3 critical 4 ''' actual = '''\ error 1 Logging rate limit: drop after 1 records/1 sec critical 3 critical 4 ''' oslo_log.tests.unit.test_rate_limit.LogRateLimitTestCase.test_rate_limit ------------------------------------------------------------------------ Captured traceback: ~~~~~~~~~~~~~~~~~~~ Traceback (most recent call last): File "/usr/lib64/python3.14/unittest/mock.py", line 1427, in patched return func(*newargs, **newkeywargs) File "/builddir/build/BUILD/python-oslo-log-6.1.2-build/oslo.log-6.1.2/oslo_log/tests/unit/test_rate_limit.py", line 59, in test_rate_limit self.assertEqual(stream.getvalue(), ~~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^ 'message 1\n' ^^^^^^^^^^^^^ 'message 2\n' ^^^^^^^^^^^^^ 'Logging rate limit: drop after 2 records/1 sec\n') ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/lib/python3.14/site-packages/testtools/testcase.py", line 421, in assertEqual self.assertThat(observed, matcher, message) ~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/lib/python3.14/site-packages/testtools/testcase.py", line 511, in assertThat raise mismatch_error testtools.matchers._impl.MismatchError: !=: reference = '''\ message 1 message 2 ''' actual = '''\ message 1 message 2 Logging rate limit: drop after 2 records/1 sec ''' ====== Totals ====== Ran: 187 tests in 1.2868 sec. - Passed: 184 - Skipped: 1 - Expected Fail: 0 - Unexpected Success: 0 - Failed: 2 Sum of execute time for each test: 1.4155 sec. ============== Worker Balance ============== - Worker 0 (94 tests) => 0:00:00.200413 - Worker 1 (93 tests) => 0:00:01.249145 py314: exit 1 (2.22 seconds) /builddir/build/BUILD/python-oslo-log-6.1.2-build/oslo.log-6.1.2> stestr run pid=855 py314: FAIL code 1 (2.23 seconds) evaluation failed :( (2.32 seconds) https://docs.python.org/3.14/whatsnew/3.14.html For the build logs, see: https://copr-be.cloud.fedoraproject.org/results/@python/python3.14/fedora-r… For all our attempts to build python-oslo-log with Python 3.14, see: https://copr.fedorainfracloud.org/coprs/g/python/python3.14/package/python-… Testing and mass rebuild of packages is happening in copr. You can follow these instructions to test locally in mock if your package builds with Python 3.14: https://copr.fedorainfracloud.org/coprs/g/python/python3.14/ Let us know here if you have any questions. Python 3.14 is planned to be included in Fedora 43. To make that update smoother, we're building Fedora packages with all pre-releases of Python 3.14. A build failure prevents us from testing all dependent packages (transitive [Build]Requires), so if this package is required a lot, it's important for us to get it fixed soon. We'd appreciate help from the people who know this package best, but if you don't want to work on this now, let us know so we can try to work around it on our side. Referenced Bugs: https://bugzilla.redhat.com/show_bug.cgi?id=2322407 [Bug 2322407] Python 3.14 -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2368746 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-sp…

1 6

2025

2024

2023

2022

2021

Epel-packagers-sig