Fedora 41 Update: mysql8.0-8.0.41-1.fc41
Fedora 41 Update: trunk-0.21.13-1.fc41
Fedora 41 Update: workrave-1.11.0~rc.1-1.fc41
Fedora 41 Update: mod_auth_openidc-2.4.16.11-1.fc41
Fedora 40 Update: perl-String-Compare-ConstantTime-0.321-19.fc40
Fedora 40 Update: rust-openssl-0.10.72-1.fc40
Fedora 40 Update: rust-openssl-sys-0.9.107-1.fc40
Fedora 40 Update: mysql8.0-8.0.41-1.fc40
Fedora 40 Update: workrave-1.11.0~rc.1-1.fc40
Fedora 40 Update: mod_auth_openidc-2.4.16.11-1.fc40
Fedora 42 Update: giflib-5.2.2-6.fc42
Fedora 42 Update: perl-PAR-Packer-1.063-6.fc42
Fedora 42 Update: perl-Devel-Cover-1.44-5.fc42
Fedora 42 Update: perl-5.40.2-517.fc42
Fedora 42 Update: perl-String-Compare-ConstantTime-0.321-22.fc42
Fedora 42 Update: rust-openssl-0.10.72-1.fc42
Fedora 42 Update: rust-openssl-sys-0.9.107-1.fc42
Fedora 42 Update: workrave-1.11.0~rc.1-1.fc42
[SECURITY] Fedora 41 Update: mysql8.0-8.0.41-1.fc41
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-8352a35e30
2025-04-17 19:46:50.126388+00:00
--------------------------------------------------------------------------------
Name : mysql8.0
Product : Fedora 41
Version : 8.0.41
Release : 1.fc41
URL : http://www.mysql.com
Summary : MySQL client programs and shared libraries
Description :
MySQL is a multi-user, multi-threaded SQL database server. MySQL is a
client/server implementation consisting of a server daemon (mysqld)
and many different client programs and libraries. The base package
contains the standard MySQL client programs and generic MySQL files.
--------------------------------------------------------------------------------
Update Information:
MySQL 8.0.41
Reease notes: https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-41.html
--------------------------------------------------------------------------------
ChangeLog:
* Fri Feb 28 2025 Michal Schorm [mschorm@redhat.com] - 8.0.41-1
- Rebase to MySQL 8.0.41
* Fri Jan 17 2025 Fedora Release Engineering [releng@fedoraproject.org] - 8.0.40-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
* Sun Dec 8 2024 Pete Walter [pwalter@fedoraproject.org] - 8.0.40-2
- Rebuild for ICU 76
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2341770 - mysql8.0: Oracle CPU 2025-01 [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2341770
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-8352a35e30' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 41 Update: trunk-0.21.13-1.fc41
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-a265e06eb2
2025-04-17 19:46:50.126377+00:00
--------------------------------------------------------------------------------
Name : trunk
Product : Fedora 41
Version : 0.21.13
Release : 1.fc41
URL : https://github.com/trunk-rs/trunk
Summary : Build, bundle & ship your Rust WASM application to the web
Description :
Build, bundle & ship your Rust WASM application to the web.
--------------------------------------------------------------------------------
Update Information:
Update Trunk to v0.21.13
--------------------------------------------------------------------------------
ChangeLog:
* Tue Apr 8 2025 Jens Reimann [ctron@dentrassi.de] - 0.21.13-1
- Update Trunk to v0.21.13
* Mon Feb 3 2025 Jens Reimann [ctron@dentrassi.de] - 0.21.7-1
- chore: update to version 0.21.7
* Sun Jan 19 2025 Fedora Release Engineering [releng@fedoraproject.org] - 0.21.4-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2357944 - CVE-2025-3416 trunk: rust-openssl Use-After-Free in `Md::fetch` and `Cipher::fetch` [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2357944
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-a265e06eb2' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 41 Update: workrave-1.11.0~rc.1-1.fc41
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-d611c8d114
2025-04-17 19:46:50.126382+00:00
--------------------------------------------------------------------------------
Name : workrave
Product : Fedora 41
Version : 1.11.0~rc.1
Release : 1.fc41
URL : https://workrave.org/
Summary : Program that assists in the recovery and prevention of RSI
Description :
Workrave is a program that assists in the recovery and prevention of
Repetitive Strain Injury (RSI). The program frequently alerts you to
take micro-pauses, rest breaks and restricts you to your daily limit.
--------------------------------------------------------------------------------
Update Information:
Unretireing the package.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Apr 8 2025 ??ukasz Wojni??owicz [lukasz.wojnilowicz@gmail.com] - 1.11.0~rc.1-1
- Unretirement import (fedora#2351398).
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2322802 - GNOME applet incompatible with GNOME 47
https://bugzilla.redhat.com/show_bug.cgi?id=2322802
[ 2 ] Bug #2328917 - CVE-2023-2142 workrave: Nunjucks autoescape bypass leads to cross site scripting [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2328917
[ 3 ] Bug #2328918 - CVE-2023-2142 workrave: Nunjucks autoescape bypass leads to cross site scripting [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2328918
[ 4 ] Bug #2351398 - Review Request: workrave - Program that assists in the recovery and prevention of RSI
https://bugzilla.redhat.com/show_bug.cgi?id=2351398
[ 5 ] Bug #2358210 - F42FailsToInstall: workrave
https://bugzilla.redhat.com/show_bug.cgi?id=2358210
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-d611c8d114' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
[SECURITY] Fedora 41 Update: mod_auth_openidc-2.4.16.11-1.fc41
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-7d661758bd
2025-04-17 19:46:50.126349+00:00
--------------------------------------------------------------------------------
Name : mod_auth_openidc
Product : Fedora 41
Version : 2.4.16.11
Release : 1.fc41
URL : https://github.com/OpenIDC/mod_auth_openidc
Summary : OpenID Connect auth module for Apache HTTP Server
Description :
This module enables an Apache 2.x web server to operate as
an OpenID Connect Relying Party and/or OAuth 2.0 Resource Server.
--------------------------------------------------------------------------------
Update Information:
REbase mod_auth_openidc-2.4.16.11 resolves CVE-2025-31492 - mod_auth_openidc
allows OIDCProviderAuthRequestMethod POSTs to leak protected data
--------------------------------------------------------------------------------
ChangeLog:
* Tue Apr 8 2025 Tomas Halman [thalman@redhat.com] - 2.4.16.11-1
Rebase to version 2.4.16.11
- Resolves: rhbz#2357672 - mod_auth_openidc-2.4.16.11 is available
- Resolves: rhbz#2357849 - CVE-2025-31492 mod_auth_openidc allows
OIDCProviderAuthRequestMethod POSTs to leak protected data
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-7d661758bd' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 40 Update: perl-String-Compare-ConstantTime-0.321-19.fc40
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-e6f5710dba
2025-04-17 19:32:14.984687+00:00
--------------------------------------------------------------------------------
Name : perl-String-Compare-ConstantTime
Product : Fedora 40
Version : 0.321
Release : 19.fc40
URL : https://metacpan.org/release/String-Compare-ConstantTime
Summary : Timing side-channel protected string compare
Description :
This module provides one function, "equals", which works like perl's "eq", but
which does not provide a timing side-channel. Such comparison is useful when
matching against a secret string.
--------------------------------------------------------------------------------
Update Information:
This release fixes CVE-2024-13939 (leaking the length of a secret string)
--------------------------------------------------------------------------------
ChangeLog:
* Tue Apr 1 2025 Petr Pisar [ppisar@redhat.com] - 0.321-19
- Fix CVE-2024-13939 (leaking the length of a secret string) (bug #2355704)
* Tue Aug 6 2024 Miroslav Such?? [msuchy@redhat.com] - 0.321-18
- convert license to SPDX
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2355663 - CVE-2024-13939 String-Compare-ConstantTime: String::Compare::ConstantTime for Perl through 0.321 is vulnerable to timing attacks that allow an attacker to guess the length of a secret string
https://bugzilla.redhat.com/show_bug.cgi?id=2355663
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-e6f5710dba' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
[SECURITY] Fedora 40 Update: rust-openssl-0.10.72-1.fc40
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-472776e5dc
2025-04-17 19:32:14.984584+00:00
--------------------------------------------------------------------------------
Name : rust-openssl
Product : Fedora 40
Version : 0.10.72
Release : 1.fc40
URL : https://crates.io/crates/openssl
Summary : OpenSSL bindings
Description :
OpenSSL bindings.
--------------------------------------------------------------------------------
Update Information:
Update the openssl crate to version 0.10.72.
Update the openssl-sys crate to version 0.9.107.
This update addresses CVE-2025-3416 / RUSTSEC-2025-0022 (a possible use-after-
free issue in two public functions). A survey of dependent packages in Fedora
shows that none of them use the affected API, or do not use them in a way that
triggers this issue.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Apr 8 2025 Fabio Valentini [decathorpe@gmail.com] - 0.10.72-1
- Update to version 0.10.72; Fixes RHBZ#2357489
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-472776e5dc' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 40 Update: rust-openssl-sys-0.9.107-1.fc40
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-472776e5dc
2025-04-17 19:32:14.984584+00:00
--------------------------------------------------------------------------------
Name : rust-openssl-sys
Product : Fedora 40
Version : 0.9.107
Release : 1.fc40
URL : https://crates.io/crates/openssl-sys
Summary : FFI bindings to OpenSSL
Description :
FFI bindings to OpenSSL.
--------------------------------------------------------------------------------
Update Information:
Update the openssl crate to version 0.10.72.
Update the openssl-sys crate to version 0.9.107.
This update addresses CVE-2025-3416 / RUSTSEC-2025-0022 (a possible use-after-
free issue in two public functions). A survey of dependent packages in Fedora
shows that none of them use the affected API, or do not use them in a way that
triggers this issue.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Apr 8 2025 Fabio Valentini [decathorpe@gmail.com] - 0.9.107-1
- Update to version 0.9.107; Fixes RHBZ#2357490
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-472776e5dc' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 40 Update: mysql8.0-8.0.41-1.fc40
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-ebdcfc0f27
2025-04-17 19:32:14.984562+00:00
--------------------------------------------------------------------------------
Name : mysql8.0
Product : Fedora 40
Version : 8.0.41
Release : 1.fc40
URL : http://www.mysql.com
Summary : MySQL client programs and shared libraries
Description :
MySQL is a multi-user, multi-threaded SQL database server. MySQL is a
client/server implementation consisting of a server daemon (mysqld)
and many different client programs and libraries. The base package
contains the standard MySQL client programs and generic MySQL files.
--------------------------------------------------------------------------------
Update Information:
MySQL 8.0.41
Reease notes: https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-41.html
--------------------------------------------------------------------------------
ChangeLog:
* Fri Feb 28 2025 Michal Schorm [mschorm@redhat.com] - 8.0.41-1
- Rebase to MySQL 8.0.41
* Fri Jan 17 2025 Fedora Release Engineering [releng@fedoraproject.org] - 8.0.40-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
* Sun Dec 8 2024 Pete Walter [pwalter@fedoraproject.org] - 8.0.40-2
- Rebuild for ICU 76
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2341770 - mysql8.0: Oracle CPU 2025-01 [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2341770
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-ebdcfc0f27' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 40 Update: workrave-1.11.0~rc.1-1.fc40
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-2d5726abb8
2025-04-17 19:32:14.984556+00:00
--------------------------------------------------------------------------------
Name : workrave
Product : Fedora 40
Version : 1.11.0~rc.1
Release : 1.fc40
URL : https://workrave.org/
Summary : Program that assists in the recovery and prevention of RSI
Description :
Workrave is a program that assists in the recovery and prevention of
Repetitive Strain Injury (RSI). The program frequently alerts you to
take micro-pauses, rest breaks and restricts you to your daily limit.
--------------------------------------------------------------------------------
Update Information:
Unretireing the package.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Apr 8 2025 ??ukasz Wojni??owicz [lukasz.wojnilowicz@gmail.com] - 1.11.0~rc.1-1
- Unretirement import (fedora#2351398).
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2322802 - GNOME applet incompatible with GNOME 47
https://bugzilla.redhat.com/show_bug.cgi?id=2322802
[ 2 ] Bug #2328917 - CVE-2023-2142 workrave: Nunjucks autoescape bypass leads to cross site scripting [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2328917
[ 3 ] Bug #2328918 - CVE-2023-2142 workrave: Nunjucks autoescape bypass leads to cross site scripting [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2328918
[ 4 ] Bug #2351398 - Review Request: workrave - Program that assists in the recovery and prevention of RSI
https://bugzilla.redhat.com/show_bug.cgi?id=2351398
[ 5 ] Bug #2358210 - F42FailsToInstall: workrave
https://bugzilla.redhat.com/show_bug.cgi?id=2358210
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-2d5726abb8' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
[SECURITY] Fedora 40 Update: mod_auth_openidc-2.4.16.11-1.fc40
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-80600b51c5
2025-04-17 19:32:14.984529+00:00
--------------------------------------------------------------------------------
Name : mod_auth_openidc
Product : Fedora 40
Version : 2.4.16.11
Release : 1.fc40
URL : https://github.com/OpenIDC/mod_auth_openidc
Summary : OpenID Connect auth module for Apache HTTP Server
Description :
This module enables an Apache 2.x web server to operate as
an OpenID Connect Relying Party and/or OAuth 2.0 Resource Server.
--------------------------------------------------------------------------------
Update Information:
REbase mod_auth_openidc-2.4.16.11 resolves CVE-2025-31492 - mod_auth_openidc
allows OIDCProviderAuthRequestMethod POSTs to leak protected data
--------------------------------------------------------------------------------
ChangeLog:
* Tue Apr 8 2025 Tomas Halman [thalman@redhat.com] - 2.4.16.11-1
Rebase to version 2.4.16.11
- Resolves: rhbz#2357672 - mod_auth_openidc-2.4.16.11 is available
- Resolves: rhbz#2357848 - CVE-2025-31492 mod_auth_openidc allows
OIDCProviderAuthRequestMethod POSTs to leak protected data
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-80600b51c5' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 42 Update: giflib-5.2.2-6.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-928071dafb
2025-04-17 18:59:47.310591+00:00
--------------------------------------------------------------------------------
Name : giflib
Product : Fedora 42
Version : 5.2.2
Release : 6.fc42
URL : http://www.sourceforge.net/projects/giflib/
Summary : A library and utilities for processing GIFs
Description :
giflib is a library for reading and writing gif images.
--------------------------------------------------------------------------------
Update Information:
Backport proposed fix for CVE-2025-31344 from OpenMandriva.
Install gif_getarg.h header.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Apr 15 2025 Sandro Mani [manisandro@gmail.com] - 5.2.2-6
- Add proposed patch for CVE-2025-31334
* Wed Apr 2 2025 Benson Muite [fed500@fedoraproject.org] - 5.2.2-5
- Rename getarg.h to gif_getarg.h
* Wed Apr 2 2025 Benson Muite [fed500@fedoraproject.org] - 5.2.2-4
- Install getarg.h header file
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2356849 - Install header file getarg.h
https://bugzilla.redhat.com/show_bug.cgi?id=2356849
[ 2 ] Bug #2359431 - CVE-2025-31344 giflib: The giflib open-source component has a buffer overflow vulnerability [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2359431
[ 3 ] Bug #2359442 - CVE-2025-31344 giflib: The giflib open-source component has a buffer overflow vulnerability [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2359442
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-928071dafb' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 42 Update: perl-PAR-Packer-1.063-6.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-26c0346398
2025-04-17 18:59:47.310510+00:00
--------------------------------------------------------------------------------
Name : perl-PAR-Packer
Product : Fedora 42
Version : 1.063
Release : 6.fc42
URL : https://metacpan.org/release/PAR-Packer
Summary : PAR Packager
Description :
This module implements the App::Packer::Backend interface, for generating
stand-alone executables, perl scripts and PAR files.
--------------------------------------------------------------------------------
Update Information:
Fix CVE-2024-56406
--------------------------------------------------------------------------------
ChangeLog:
* Tue Apr 15 2025 Jitka Plesnikova [jplesnik@redhat.com] - 1.063-6
- Rebuild for Perl 5.40.2
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-26c0346398' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 42 Update: perl-Devel-Cover-1.44-5.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-26c0346398
2025-04-17 18:59:47.310510+00:00
--------------------------------------------------------------------------------
Name : perl-Devel-Cover
Product : Fedora 42
Version : 1.44
Release : 5.fc42
URL : https://metacpan.org/release/Devel-Cover
Summary : Code coverage metrics for Perl
Description :
This module provides code coverage metrics for Perl. Code coverage metrics
describe how thoroughly tests exercise code. By using Devel::Cover you can
discover areas of code not exercised by your tests and determine which
tests to create to increase coverage. Code coverage can be considered as an
indirect measure of quality.
--------------------------------------------------------------------------------
Update Information:
Fix CVE-2024-56406
--------------------------------------------------------------------------------
ChangeLog:
* Tue Apr 15 2025 Jitka Plesnikova [jplesnik@redhat.com] - 1.44-5
- Rebuild for Perl 5.40.2
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-26c0346398' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 42 Update: perl-5.40.2-517.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-26c0346398
2025-04-17 18:59:47.310510+00:00
--------------------------------------------------------------------------------
Name : perl
Product : Fedora 42
Version : 5.40.2
Release : 517.fc42
URL : https://www.perl.org/
Summary : Practical Extraction and Report Language
Description :
Perl is a high-level programming language with roots in C, sed, awk and shell
scripting. Perl is good at handling processes and files, and is especially
good at handling text. Perl's hallmarks are practicality and efficiency.
While it is used to do a lot of different things, Perl's most common
applications are system administration utilities and web programming.
This is a metapackage with all the Perl bits and core modules that can be
found in the upstream tarball from perl.org.
If you need only a specific feature, you can install a specific package
instead. E.g. to handle Perl scripts with /usr/bin/perl interpreter,
install perl-interpreter package. See perl-interpreter description for more
details on the Perl decomposition into packages.
--------------------------------------------------------------------------------
Update Information:
Fix CVE-2024-56406
--------------------------------------------------------------------------------
ChangeLog:
* Mon Apr 14 2025 Jitka Plesnikova [jplesnik@redhat.com] - 4:5.40.2-517
- Fix MODULE_COMPAT
* Mon Apr 14 2025 Jitka Plesnikova [jplesnik@redhat.com] - 4:5.40.2-516
- 5.40.2 bump (see ( https://metacpan.org/release/SHAY/perl-5.40.2/view/pod/perldelta.pod) )
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-26c0346398' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 42 Update: perl-String-Compare-ConstantTime-0.321-22.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-ce51c124a5
2025-04-17 18:59:47.310408+00:00
--------------------------------------------------------------------------------
Name : perl-String-Compare-ConstantTime
Product : Fedora 42
Version : 0.321
Release : 22.fc42
URL : https://metacpan.org/release/String-Compare-ConstantTime
Summary : Timing side-channel protected string compare
Description :
This module provides one function, "equals", which works like perl's "eq", but
which does not provide a timing side-channel. Such comparison is useful when
matching against a secret string.
--------------------------------------------------------------------------------
Update Information:
This release fixes CVE-2024-13939 (leaking the length of a secret string)
--------------------------------------------------------------------------------
ChangeLog:
* Tue Apr 1 2025 Petr Pisar [ppisar@redhat.com] - 0.321-22
- Fix CVE-2024-13939 (leaking the length of a secret string) (bug #2355705)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2355663 - CVE-2024-13939 String-Compare-ConstantTime: String::Compare::ConstantTime for Perl through 0.321 is vulnerable to timing attacks that allow an attacker to guess the length of a secret string
https://bugzilla.redhat.com/show_bug.cgi?id=2355663
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-ce51c124a5' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 42 Update: rust-openssl-0.10.72-1.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-c263d3ebd9
2025-04-17 18:59:47.310294+00:00
--------------------------------------------------------------------------------
Name : rust-openssl
Product : Fedora 42
Version : 0.10.72
Release : 1.fc42
URL : https://crates.io/crates/openssl
Summary : OpenSSL bindings
Description :
OpenSSL bindings.
--------------------------------------------------------------------------------
Update Information:
Update the openssl crate to version 0.10.72.
Update the openssl-sys crate to version 0.9.107.
This update addresses CVE-2025-3416 / RUSTSEC-2025-0022 (a possible use-after-
free issue in two public functions). A survey of dependent packages in Fedora
shows that none of them use the affected API, or do not use them in a way that
triggers this issue.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Apr 8 2025 Fabio Valentini [decathorpe@gmail.com] - 0.10.72-1
- Update to version 0.10.72; Fixes RHBZ#2357489
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-c263d3ebd9' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 42 Update: rust-openssl-sys-0.9.107-1.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-c263d3ebd9
2025-04-17 18:59:47.310294+00:00
--------------------------------------------------------------------------------
Name : rust-openssl-sys
Product : Fedora 42
Version : 0.9.107
Release : 1.fc42
URL : https://crates.io/crates/openssl-sys
Summary : FFI bindings to OpenSSL
Description :
FFI bindings to OpenSSL.
--------------------------------------------------------------------------------
Update Information:
Update the openssl crate to version 0.10.72.
Update the openssl-sys crate to version 0.9.107.
This update addresses CVE-2025-3416 / RUSTSEC-2025-0022 (a possible use-after-
free issue in two public functions). A survey of dependent packages in Fedora
shows that none of them use the affected API, or do not use them in a way that
triggers this issue.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Apr 8 2025 Fabio Valentini [decathorpe@gmail.com] - 0.9.107-1
- Update to version 0.9.107; Fixes RHBZ#2357490
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-c263d3ebd9' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 42 Update: workrave-1.11.0~rc.1-1.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-85867bd98f
2025-04-17 18:59:47.310248+00:00
--------------------------------------------------------------------------------
Name : workrave
Product : Fedora 42
Version : 1.11.0~rc.1
Release : 1.fc42
URL : https://workrave.org/
Summary : Program that assists in the recovery and prevention of RSI
Description :
Workrave is a program that assists in the recovery and prevention of
Repetitive Strain Injury (RSI). The program frequently alerts you to
take micro-pauses, rest breaks and restricts you to your daily limit.
--------------------------------------------------------------------------------
Update Information:
Unretireing the package.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Apr 8 2025 ??ukasz Wojni??owicz [lukasz.wojnilowicz@gmail.com] - 1.11.0~rc.1-1
- Unretirement import (fedora#2351398).
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2322802 - GNOME applet incompatible with GNOME 47
https://bugzilla.redhat.com/show_bug.cgi?id=2322802
[ 2 ] Bug #2328917 - CVE-2023-2142 workrave: Nunjucks autoescape bypass leads to cross site scripting [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2328917
[ 3 ] Bug #2328918 - CVE-2023-2142 workrave: Nunjucks autoescape bypass leads to cross site scripting [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2328918
[ 4 ] Bug #2351398 - Review Request: workrave - Program that assists in the recovery and prevention of RSI
https://bugzilla.redhat.com/show_bug.cgi?id=2351398
[ 5 ] Bug #2358210 - F42FailsToInstall: workrave
https://bugzilla.redhat.com/show_bug.cgi?id=2358210
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-85867bd98f' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
