- Epel-packagers-sig - Fedora mailing-lists

[Bug 2283798] New: Location of unix socket is hardcoded in /etc/sysconfig/valkey
by bugzilla＠redhat.com 17 Apr '26

17 Apr '26

https://bugzilla.redhat.com/show_bug.cgi?id=2283798 Bug ID: 2283798 Summary: Location of unix socket is hardcoded in /etc/sysconfig/valkey Product: Fedora Version: 39 Hardware: x86_64 OS: Linux Status: NEW Component: valkey Severity: high Assignee: jonathan(a)almalinux.org Reporter: fedora(a)joshuanoeske.de CC: epel-packagers-sig(a)lists.fedoraproject.org, fedora(a)famillecollet.com, jonathan(a)almalinux.org, nathans(a)redhat.com, ngompa13(a)gmail.com Target Milestone: --- Classification: Fedora Changing the location of the unixsocket in /etc/valkey/valkey.conf does not actually change its location as it is hardcoded in /etc/sysconfig/valkey. It took me quite some time to figure out why the location of my socket was not changing although I changed it. Either inform users about that or remove the hardcoded location of the socket, please Reproducible: Always Steps to Reproduce: 1. Change location of unix socket in /etc/valkey/valkey.conf 2. Restart valkey Actual Results: Unix socket still at /var/run/valkey/valkey.conf Expected Results: Change the location of the unixsocket. -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2283798 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-sp…

1 20

[Bug 2459120] New: CVE-2026-31988 yarnpkg: yauzl: Denial of Service vulnerability in zip file processing [fedora-all]
by bugzilla＠redhat.com 17 Apr '26

17 Apr '26

https://bugzilla.redhat.com/show_bug.cgi?id=2459120 Bug ID: 2459120 Summary: CVE-2026-31988 yarnpkg: yauzl: Denial of Service vulnerability in zip file processing [fedora-all] Product: Fedora Version: rawhide Status: NEW Whiteboard: {"flaws": ["bfb7320a-4811-418d-8af7-ef92c1aea9d3"]} Component: yarnpkg Keywords: Security, SecurityTracking Severity: medium Priority: medium Assignee: ngompa13(a)gmail.com Reporter: saroy(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: epel-packagers-sig(a)lists.fedoraproject.org, manisandro(a)gmail.com, ngompa13(a)gmail.com Blocks: 2446882 Target Milestone: --- Classification: Fedora Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process. -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2459120 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-sp…

1 0

[Bug 2459117] New: CVE-2026-31988 yarnpkg: yauzl: Denial of Service vulnerability in zip file processing [epel-all]
by bugzilla＠redhat.com 17 Apr '26

17 Apr '26

https://bugzilla.redhat.com/show_bug.cgi?id=2459117 Bug ID: 2459117 Summary: CVE-2026-31988 yarnpkg: yauzl: Denial of Service vulnerability in zip file processing [epel-all] Product: Fedora EPEL Version: epel10 Status: NEW Whiteboard: {"flaws": ["bfb7320a-4811-418d-8af7-ef92c1aea9d3"]} Component: yarnpkg Keywords: Security, SecurityTracking Severity: medium Priority: medium Assignee: ngompa13(a)gmail.com Reporter: saroy(a)redhat.com CC: epel-packagers-sig(a)lists.fedoraproject.org, manisandro(a)gmail.com, ngompa13(a)gmail.com Blocks: 2446882 Target Milestone: --- Classification: Fedora Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process. -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2459117 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-sp…

1 0

[Red Hat Bugzilla] Your Outstanding Requests
by bugzilla＠redhat.com 17 Apr '26

17 Apr '26

The following is a list of bugs or attachments to bugs in which a user has been waiting more than 3 days for a response from you. Please take action on these requests as quickly as possible. (Note that some of these bugs might already be closed, but a user is still waiting for your response.) We'll remind you again tomorrow if these requests are still outstanding, or if there are any new requests where users have been waiting more than 3 days for your response. If you want these mails to stop you need to go to the bug[s] and cancel or ack the needinfo flags. See: * https://bugzilla.redhat.com/page.cgi?id=faq.html#flags point 3 * https://bugzilla.redhat.com/page.cgi?id=faq.html#miscellaneous point 2 needinfo -------- Bug 2390252: Please branch and build python-pylibmc in epel10 (77 days old) https://bugzilla.redhat.com/show_bug.cgi?id=2390252 To see all your outstanding requests, visit: https://bugzilla.redhat.com/request.cgi?action=queue&requestee=epel-package…

1 0

[Bug 2448894] New: python-django-rest-framework-3.17.0 is available
by bugzilla＠redhat.com 17 Apr '26

17 Apr '26

https://bugzilla.redhat.com/show_bug.cgi?id=2448894 Bug ID: 2448894 Summary: python-django-rest-framework-3.17.0 is available Product: Fedora Version: rawhide Status: NEW Component: python-django-rest-framework Keywords: FutureFeature, Triaged Assignee: aekoroglu(a)gmail.com Reporter: upstream-release-monitoring(a)fedoraproject.org QA Contact: extras-qa(a)fedoraproject.org CC: aekoroglu(a)gmail.com, epel-packagers-sig(a)lists.fedoraproject.org, infra-sig(a)lists.fedoraproject.org, michel(a)michel-slm.name, mrunge(a)redhat.com Target Milestone: --- Classification: Fedora Releases retrieved: 3.17.0 Upstream release that is considered latest: 3.17.0 Current version/release in rawhide: 3.16.1-1.fc45 URL: http://www.django-rest-framework.org/ Please consult the package updates policy before you issue an update to a stable branch: https://docs.fedoraproject.org/en-US/fesco/Updates_Policy/ More information about the service that created this bug can be found at: https://docs.fedoraproject.org/en-US/package-maintainers/Upstream_Release_M… Please keep in mind that with any upstream change, there may also be packaging changes that need to be made. Specifically, please remember that it is your responsibility to review the new version to ensure that the licensing is still correct and that no non-free or legally problematic items have been added upstream. Based on the information from Anitya: https://release-monitoring.org/project/9175/ To change the monitoring settings for the project, please visit: https://src.fedoraproject.org/rpms/python-django-rest-framework -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2448894 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-sp…

1 3

[Bug 2459007] New: CVE-2026-40192 python-pillow: Pillow: Denial of Service via decompression bomb in FITS image processing [fedora-all]
by bugzilla＠redhat.com 16 Apr '26

16 Apr '26

https://bugzilla.redhat.com/show_bug.cgi?id=2459007 Bug ID: 2459007 Summary: CVE-2026-40192 python-pillow: Pillow: Denial of Service via decompression bomb in FITS image processing [fedora-all] Product: Fedora Version: rawhide Status: NEW Whiteboard: {"flaws": ["81a2bfd3-cd4e-4ab7-8c42-ad351ed85e88"]} Component: python-pillow Keywords: Security, SecurityTracking Severity: high Priority: high Assignee: manisandro(a)gmail.com Reporter: jmoroney(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: epel-packagers-sig(a)lists.fedoraproject.org, infra-sig(a)lists.fedoraproject.org, manisandro(a)gmail.com, python-packagers-sig(a)lists.fedoraproject.org Blocks: 2458856 (CVE-2026-40192) Target Milestone: --- Classification: Fedora Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process. Referenced Bugs: https://bugzilla.redhat.com/show_bug.cgi?id=2458856 [Bug 2458856] CVE-2026-40192 Pillow: Pillow: Denial of Service via decompression bomb in FITS image processing -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2459007 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-sp…

1 0

[Bug 2459001] New: CVE-2026-40192 python-pillow: Pillow: Denial of Service via decompression bomb in FITS image processing [epel-all]
by bugzilla＠redhat.com 16 Apr '26

16 Apr '26

https://bugzilla.redhat.com/show_bug.cgi?id=2459001 Bug ID: 2459001 Summary: CVE-2026-40192 python-pillow: Pillow: Denial of Service via decompression bomb in FITS image processing [epel-all] Product: Fedora EPEL Version: epel10 Status: NEW Whiteboard: {"flaws": ["81a2bfd3-cd4e-4ab7-8c42-ad351ed85e88"]} Component: python-pillow Keywords: Security, SecurityTracking Severity: high Priority: high Assignee: manisandro(a)gmail.com Reporter: jmoroney(a)redhat.com CC: epel-packagers-sig(a)lists.fedoraproject.org, infra-sig(a)lists.fedoraproject.org, manisandro(a)gmail.com, python-packagers-sig(a)lists.fedoraproject.org Blocks: 2458856 Target Milestone: --- Classification: Fedora Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process. -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2459001 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-sp…

1 0

[Bug 2458995] New: CVE-2026-5160 hugo: github.com/yuin/goldmark/renderer/html: Cross-site Scripting due to improper URL validation [fedora-all]
by bugzilla＠redhat.com 16 Apr '26

16 Apr '26

https://bugzilla.redhat.com/show_bug.cgi?id=2458995 Bug ID: 2458995 Summary: CVE-2026-5160 hugo: github.com/yuin/goldmark/renderer/html: Cross-site Scripting due to improper URL validation [fedora-all] Product: Fedora Version: rawhide Status: NEW Whiteboard: {"flaws": ["cb382483-f9e5-4f20-accc-9fec2d2dfdfa"]} Component: hugo Keywords: Security, SecurityTracking Severity: medium Priority: medium Assignee: athoscribeiro(a)gmail.com Reporter: mbenatto(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: athoscribeiro(a)gmail.com, epel-packagers-sig(a)lists.fedoraproject.org, go-sig(a)lists.fedoraproject.org, loranallensmith(a)gmail.com, neil(a)shrug.pw, quantum.analyst(a)gmail.com, redhat(a)flyn.org Blocks: 2458616 Target Milestone: --- Classification: Fedora Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process. -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2458995 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-sp…

1 0

[Bug 2458992] New: CVE-2026-5160 golang-x-tools: github.com/yuin/goldmark/renderer/html: Cross-site Scripting due to improper URL validation [fedora-all]
by bugzilla＠redhat.com 16 Apr '26

16 Apr '26

https://bugzilla.redhat.com/show_bug.cgi?id=2458992 Bug ID: 2458992 Summary: CVE-2026-5160 golang-x-tools: github.com/yuin/goldmark/renderer/html: Cross-site Scripting due to improper URL validation [fedora-all] Product: Fedora Version: rawhide Status: NEW Whiteboard: {"flaws": ["cb382483-f9e5-4f20-accc-9fec2d2dfdfa"]} Component: golang-x-tools Keywords: Security, SecurityTracking Severity: medium Priority: medium Assignee: mark.e.fuller(a)gmx.de Reporter: mbenatto(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: epel-packagers-sig(a)lists.fedoraproject.org, go-sig(a)lists.fedoraproject.org, mark.e.fuller(a)gmx.de, quantum.analyst(a)gmail.com Blocks: 2458616 Target Milestone: --- Classification: Fedora Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process. -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2458992 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-sp…

1 0

[Bug 2458989] New: CVE-2026-5160 golang-github-yuin-goldmark: github.com/yuin/goldmark/renderer/html: Cross-site Scripting due to improper URL validation [fedora-all]
by bugzilla＠redhat.com 16 Apr '26

16 Apr '26

https://bugzilla.redhat.com/show_bug.cgi?id=2458989 Bug ID: 2458989 Summary: CVE-2026-5160 golang-github-yuin-goldmark: github.com/yuin/goldmark/renderer/html: Cross-site Scripting due to improper URL validation [fedora-all] Product: Fedora Version: rawhide Status: NEW Whiteboard: {"flaws": ["cb382483-f9e5-4f20-accc-9fec2d2dfdfa"]} Component: golang-github-yuin-goldmark Keywords: Security, SecurityTracking Severity: medium Priority: medium Assignee: quantum.analyst(a)gmail.com Reporter: mbenatto(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: epel-packagers-sig(a)lists.fedoraproject.org, go-sig(a)lists.fedoraproject.org, quantum.analyst(a)gmail.com Blocks: 2458616 Target Milestone: --- Classification: Fedora Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process. -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2458989 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-sp…

1 0

2026

2025

2024

2023

2022

2021

Epel-packagers-sig