Aggregator

FEDORA-2026-2809f801f3 Packages in this update:

• yarnpkg-1.22.22-16.fc42

Update description:

Regenerate vendor tarball. Fixes CVE-2025-13465.

FEDORA-2026-a75abb3f2b Packages in this update:

• yarnpkg-1.22.22-16.fc43

Update description:

Regenerate vendor tarball. Fixes CVE-2025-13465.

FEDORA-2026-3062e10d87 Packages in this update:

• pgadmin4-9.11-3.fc42

Update description:

Regenerate vendor tarball. Fixes CVE-2025-13465.

FEDORA-2026-4e47f4d911 Packages in this update:

• pgadmin4-9.11-3.fc43

Update description:

Regenerate vendor tarball. Fixes CVE-2025-13465.

FEDORA-2026-8c25940d05 Packages in this update:

• phpunit12-12.5.8-1.fc42

Update description: Version 12.5.8 - 2026-01-27 Changed

• To prevent Poisoned Pipeline Execution (PPE) attacks using prepared .coverage files in pull requests, a PHPT test will no longer be run if the temporary file for writing code coverage information already exists before the test runs

Version 12.5.7 - 2026-01-24 Fixed

• #6362: Manually instantiated test doubles are broken since PHPUnit 11.2
• #6470: Infinite recursion in Count::getCountOf() for unusal implementations of Iterator or IteratorAggregate

Version 12.5.6 - 2026-01-16 Changed

• Reverted a change that caused a build failure for the PHP project's nightly community job

Version 12.5.5 - 2026-01-15 Deprecated

• #6461: any() matcher (soft deprecation)

Fixed

• #6470: Mocking a class with a property hook setter accepting more types than the property results in a fatal error

FEDORA-2026-470a48f838 Packages in this update:

• phpunit12-12.5.8-1.fc43

Update description: Version 12.5.8 - 2026-01-27 Changed

• To prevent Poisoned Pipeline Execution (PPE) attacks using prepared .coverage files in pull requests, a PHPT test will no longer be run if the temporary file for writing code coverage information already exists before the test runs

Version 12.5.7 - 2026-01-24 Fixed

• #6362: Manually instantiated test doubles are broken since PHPUnit 11.2
• #6470: Infinite recursion in Count::getCountOf() for unusal implementations of Iterator or IteratorAggregate

Version 12.5.6 - 2026-01-16 Changed

• Reverted a change that caused a build failure for the PHP project's nightly community job

Version 12.5.5 - 2026-01-15 Deprecated

• #6461: any() matcher (soft deprecation)

Fixed

• #6470: Mocking a class with a property hook setter accepting more types than the property results in a fatal error

FEDORA-2026-8ccfe50c58 Packages in this update:

• phpunit11-11.5.50-1.fc43

Update description: Version 11.5.50 - 2026-01-27 Changed

• To prevent Poisoned Pipeline Execution (PPE) attacks using prepared .coverage files in pull requests, a PHPT test will no longer be run if the temporary file for writing code coverage information already exists before the test runs

Version 11.5.49 - 2026-01-24 Fixed

• #6362: Manually instantiated test doubles are broken since PHPUnit 11.2
• #6470: Infinite recursion in Count::getCountOf() for unusal implementations of Iterator or IteratorAggregate

Version 11.5.48 - 2026-01-16 Changed

• Reverted a change that caused a build failure for the PHP project's nightly community job

Version 11.5.47 - 2026-01-15 Fixed

• #6470: Mocking a class with a property hook setter accepting more types than the property results in a fatal error

FEDORA-2026-c3b42a28dd Packages in this update:

• phpunit11-11.5.50-1.fc42

Update description: Version 11.5.50 - 2026-01-27 Changed

• To prevent Poisoned Pipeline Execution (PPE) attacks using prepared .coverage files in pull requests, a PHPT test will no longer be run if the temporary file for writing code coverage information already exists before the test runs

Version 11.5.49 - 2026-01-24 Fixed

• #6362: Manually instantiated test doubles are broken since PHPUnit 11.2
• #6470: Infinite recursion in Count::getCountOf() for unusal implementations of Iterator or IteratorAggregate

Version 11.5.48 - 2026-01-16 Changed

• Reverted a change that caused a build failure for the PHP project's nightly community job

Version 11.5.47 - 2026-01-15 Fixed

• #6470: Mocking a class with a property hook setter accepting more types than the property results in a fatal error

FEDORA-EPEL-2026-cf486df588 Packages in this update:

• opencc-1.0.5-4.el8

Update description:

Fix CVE-2025-15536

FEDORA-2026-abd2d2d60c Packages in this update:

• openqa-5^20260126git19189f0-1.fc43
• os-autoinst-5^20260123git72cabd0-1.fc43

Update description:

This update provides new upstream snapshots of openQA and os-autoinst, with various fixes and enhancements. Please see upstream changelogs for details. They also address a CVE by updating a bundled javascript library, though we're fairly sure openQA didn't actually expose the vulnerability anyway.

FEDORA-2026-d3c5092654 Packages in this update:

• python-jupytext-1.19.1-1.fc42

Update description:

See https://github.com/mwouts/jupytext/blob/main/CHANGELOG.md for changes in versions 1.19.0 and 1.19.1. This update contains a fix for CVE-2025-13465.

FEDORA-2026-9111b2e330 Packages in this update:

• python-jupytext-1.19.1-1.fc43

Update description:

See https://github.com/mwouts/jupytext/blob/main/CHANGELOG.md for changes in versions 1.19.0 and 1.19.1. This update contains a fix for CVE-2025-13465.

Version:next-20260126 (linux-next) Released:2026-01-26

FEDORA-EPEL-2026-0e3aa1d4ee Packages in this update:

• rust-sequoia-keystore-server-0.2.0-5.el9
• rust-sequoia-sq-1.3.1-9.el9

Update description:

Rebuild with sequoia-openpgp v2.1.0 to apply fixes for RUSTSEC-2025-0136 / CVE-2025-67897.

FEDORA-2026-9317b8ea7b Packages in this update:

• rust-sequoia-keystore-server-0.2.0-5.fc43
• rust-sequoia-octopus-librnp-1.11.1-4.fc43
• rust-sequoia-sq-1.3.1-9.fc43
• rust-sequoia-sqv-1.3.0-5.fc43

Update description:

Rebuild with sequoia-openpgp v2.1.0 to apply fixes for RUSTSEC-2025-0136 / CVE-2025-67897.

FEDORA-2026-304a740a0b Packages in this update:

• rust-sequoia-keystore-server-0.2.0-5.fc42
• rust-sequoia-octopus-librnp-1.11.1-4.fc42
• rust-sequoia-sq-1.3.1-9.fc42
• rust-sequoia-sqv-1.3.0-5.fc42

Update description:

Rebuild with sequoia-openpgp v2.1.0 to apply fixes for RUSTSEC-2025-0136 / CVE-2025-67897.

FEDORA-2026-5e8ffdd3b9 Packages in this update:

• retroarch-1.22.0-20.fc44

Update description:

Automatic update for retroarch-1.22.0-20.fc44.

Changelog * Mon Jan 26 2026 Artem Polishchuk <ego.cordatus@gmail.com> - 1.22.0-20 - Disable 7zip support due CVE - rhbz#2432835

It was discovered that GNU Screen incorrectly handled signals when setuid or setgid privileges were being used, which is not the default in Ubuntu. A local attacker could use this issue to send privileged signals, possibly leading to a denial of service. This issue only affected Ubuntu 22.04 LTS. (CVE-2023-24626) It was discovered that GNU Screen incorrectly handled PTY permissions. A local attacker could possibly use this issue to connect to an unauthorized screen session. (CVE-2025-46802) It was discovered that GNU Screen incorrectly handled file access when setuid privileges were being used, which is not the default in Ubuntu. A local attacker could use this issue to deduce information about certain file paths. (CVE-2025-46804) It was discovered that GNU Screen incorrectly handled signals when setuid privileges were being used, which is not the default in Ubuntu. A local attacker could use this issue to send privileged signals, possibly leading to a denial of service. (CVE-2025-46805)