The following Fedora EPEL 9 Security updates need testing: Age URL 4 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-8e5425643f lua-http-0.3-11.el9 4 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-dcd0590d66 libmodsecurity-3.0.14-1.el9

The following builds have been pushed to Fedora EPEL 9 updates-testing

fcgi-2.4.0-52.el9 jello-1.6.1-1.el9 libev-epel-4.33-6.el9 prosody-13.0.2-1.el9 python-pylero-0.1.1-1.el9 rust-clap2-2.34.0-12.el9 rust-clap3-3.2.25-6.el9 rust-petgraph0.7-0.7.1-1.el9

Details about builds:

================================================================================ fcgi-2.4.0-52.el9 (FEDORA-EPEL-2025-70ce865582) FastCGI development kit -------------------------------------------------------------------------------- Update Information:

Fix CVE-2025-23016 -------------------------------------------------------------------------------- ChangeLog:

* Fri May 30 2025 Andrew Bauer zonexpertconsulting@outlook.com - 2.4.0-52 - Fix CVE-2025-23016 * Thu Jan 16 2025 Fedora Release Engineering releng@fedoraproject.org - 2.4.0-51 - Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild * Wed Jul 17 2024 Fedora Release Engineering releng@fedoraproject.org - 2.4.0-50 - Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild * Wed Jan 24 2024 Fedora Release Engineering releng@fedoraproject.org - 2.4.0-49 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild * Fri Jan 19 2024 Fedora Release Engineering releng@fedoraproject.org - 2.4.0-48 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild * Wed Jul 19 2023 Fedora Release Engineering releng@fedoraproject.org - 2.4.0-47 - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild -------------------------------------------------------------------------------- References:

[ 1 ] Bug #2369269 - CVE-2025-23016 FastCGI integer overflow https://bugzilla.redhat.com/show_bug.cgi?id=2369269 --------------------------------------------------------------------------------

================================================================================ jello-1.6.1-1.el9 (FEDORA-EPEL-2025-78332c98d8) Query JSON at the command line with Python syntax -------------------------------------------------------------------------------- Update Information:

jello 20250529 v1.6.1 Add the -R option to ingest the data as a raw string instead of converting to a dict/list Add more information to query errors Add the ability to add more information to the query scope Add Python runtime information to -v option -------------------------------------------------------------------------------- ChangeLog:

* Fri May 30 2025 Benjamin A. Beasley code@musicinmybrain.net - 1.6.1-1 - Update to 1.6.1 (close RHBZ#2369302) * Fri May 30 2025 Benjamin A. Beasley code@musicinmybrain.net - 1.6.0-4 - Replace deprecated license_file with license_files in setup.cfg * Fri May 30 2025 Benjamin A. Beasley code@musicinmybrain.net - 1.6.0-3 - Assert that %pyproject_files contains a license file * Fri May 30 2025 Benjamin A. Beasley code@musicinmybrain.net - 1.6.0-2 - F38+: Use %{py3_test_envvars} -------------------------------------------------------------------------------- References:

[ 1 ] Bug #2369302 - jello-1.6.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=2369302 --------------------------------------------------------------------------------

================================================================================ libev-epel-4.33-6.el9 (FEDORA-EPEL-2025-6c98adc63f) High-performance event loop/event model with lots of features -------------------------------------------------------------------------------- Update Information:

Synchronize with CentOS Stream sources -------------------------------------------------------------------------------- ChangeLog:

* Fri May 30 2025 Peter Georg peter.georg@physik.uni-regensburg.de - 4.33-6 - EPEL missing subpackages (-libevent-devel, -source) only package * Tue Sep 17 2024 Mohan Boddu mboddu@redhat.com - 4.33-6 - add -devel subpackage into CRB - Resolves: RHEL-38617 --------------------------------------------------------------------------------

================================================================================ prosody-13.0.2-1.el9 (FEDORA-EPEL-2025-4d01463b03) Flexible communications server for Jabber/XMPP -------------------------------------------------------------------------------- Update Information:

Prosody 13.0.2 Upstream is pleased to announce a new minor release from their stable branch. This update addresses various issues that have been noticed since the previous release, as well as a few improvements, including some important fixes for invites. Some log messages and prosodyctl commands have been improved as well. Fixes and improvements mod_storage_internal: Fix queries with only start returning extra items mod_invites_register: Stricter validation of registration events Minor changes MUC: Ensure allow MUC PM setting has valid value mod_storage_sql: Delay showing SQL library error until attempted load mod_storage_sql: Handle failure to deploy new UNIQUE index mod_storage_sql: Add shell command to create tables and indices (again) mod_s2s: Fix log to use formatting instead of concatenation modulemanager, util.pluginloader: Improve error message when load fails but some candidates were filtered prosodyctl check config: add recommendation to switch from admin_telnet to shell mod_storage_sql: Retrieve all indices to see if the new one exists prosodyctl check config: List modules which Prosody cannot successfully load net.http.files: Fix issue with caching util.jsonschema: Fix handling of false as schema mod_invites: Consider password reset a distinct type wrt invite page configmanager: Emit config warning when referencing non-existent value mod_admin_shell: Add role:list() and role:show() commands MUC: Fix nickname registration form error handling MUC: Fix Error when join stanza sent without resource MUC: Factor out identification of join stanza mod_invites_register: Don’t restrict username for roster invites mod_admin_shell: Fix matching logic in s2s:close mod_authz_internal: Improve error message when invalid role specified mod_http_file_share: Add media-src ‘self’ to Content-Security-Policy header mod_admin_shell: Visual tweaks to the output of debug:cert_index() mod_http: Log problems parsing IP addresses in X-Forwarded-For mod_http: Fix IP address normalization util.prosodyctl.check: Improve reporting of DNS lookup problems -------------------------------------------------------------------------------- ChangeLog:

* Fri May 30 2025 Robert Scheck robert@fedoraproject.org 13.0.2-1 - Upgrade to 13.0.2 (#2369268) -------------------------------------------------------------------------------- References:

[ 1 ] Bug #2369268 - prosody-13.0.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=2369268 --------------------------------------------------------------------------------

================================================================================ python-pylero-0.1.1-1.el9 (FEDORA-EPEL-2025-bbdbf77c1e) Python SDK for Polarion -------------------------------------------------------------------------------- Update Information:

python-pylero 0.1.1-1 -------------------------------------------------------------------------------- ChangeLog:

* Fri May 30 2025 Wayne Sun gsun@redhat.com 0.1.1-1 - Update to 0.1.1 --------------------------------------------------------------------------------

================================================================================ rust-clap2-2.34.0-12.el9 (FEDORA-EPEL-2025-973345d0ea) Simple to use, efficient, and full-featured Command Line Argument Parser -------------------------------------------------------------------------------- Update Information:

Port clap v2 and v3 from the unmaintained and obsolete attycrate to interfaces provided by the Rust standard library since 1.70.0. -------------------------------------------------------------------------------- ChangeLog:

* Fri May 30 2025 Fabio Valentini decathorpe@gmail.com - 2.34.0-12 - Drop atty dependency and replace with std::io::IsTerminal * Sat Mar 15 2025 Benjamin A. Beasley code@musicinmybrain.net - 2.34.0-11 - Update strsim to 0.11 * Sun Jan 19 2025 Fedora Release Engineering releng@fedoraproject.org - 2.34.0-10 - Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild --------------------------------------------------------------------------------

================================================================================ rust-clap3-3.2.25-6.el9 (FEDORA-EPEL-2025-973345d0ea) Simple to use, efficient, and full-featured Command Line Argument Parser -------------------------------------------------------------------------------- Update Information:

Port clap v2 and v3 from the unmaintained and obsolete attycrate to interfaces provided by the Rust standard library since 1.70.0. -------------------------------------------------------------------------------- ChangeLog:

* Fri May 30 2025 Fabio Valentini decathorpe@gmail.com - 3.2.25-6 - Drop atty dependency and replace with std::io::IsTerminal * Sat Mar 15 2025 Benjamin A. Beasley code@musicinmybrain.net - 3.2.25-5 - Update strsim to 0.11 * Sun Jan 19 2025 Fedora Release Engineering releng@fedoraproject.org - 3.2.25-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild * Fri Jul 19 2024 Fedora Release Engineering releng@fedoraproject.org - 3.2.25-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild * Fri Jan 26 2024 Fedora Release Engineering releng@fedoraproject.org - 3.2.25-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild --------------------------------------------------------------------------------

================================================================================ rust-petgraph0.7-0.7.1-1.el9 (FEDORA-EPEL-2025-6d955ce542) Graph data structure library -------------------------------------------------------------------------------- Update Information:

Initial import of the petgraph 0.7 compat package for EPEL 9. -------------------------------------------------------------------------------- ChangeLog:

* Wed May 14 2025 Fabio Valentini decathorpe@gmail.com - 0.7.1-1 - Initial import (petgraph 0.7 compat package) --------------------------------------------------------------------------------