mailing list post: https://lists.fedoraproject.org/archives/list/epel-devel@lists.fedoraproject.org/thread/LAOTUMW7QKXGU7OWXUDFAUKXJMSVJKQG/
TL;DR: The version currently in EPEL 9 is affected by a security issue (RHBZ#2264940 - CVE-2024-1580) for which it is 1) unclear which commits all need to be backported, 2) changes don't apply cleanly to the current version, and 3) there have been other "security fixes" in recent releases that just didn't get assigned a CVE number. Updating from 1.2.1 → 1.5.0 would include an soname bump due to an ABI change in 1.3.0, but there were no actual API changes. These six packages would need to be rebuilt:
+1
Metadata Update from @carlwgeorge: - Issue tagged with: meeting
This was brought up at this weeks EPEL Steeing Committee meeting. It passed unanimously. You may now proceed with the rest of the steps.
Metadata Update from @tdawson: - Issue close_status updated to: Approved - Issue status updated to: Closed (was: Open)
Log in to comment on this ticket.