Fedora Security Advisories

• thunderbird-128.9.2-1.fc42

Update to 128.9.2

• https://www.thunderbird.net/en-US/thunderbird/128.9.0esr/releasenotes/
• https://www.thunderbird.net/en-US/thunderbird/128.9.1esr/releasenotes/
• https://www.thunderbird.net/en-US/thunderbird/128.9.2esr/releasenotes/
• https://www.mozilla.org/en-US/security/advisories/mfsa2025-24/
• https://www.mozilla.org/en-US/security/advisories/mfsa2025-27/

• kappanhang-0-0.3.20250427gitdffb773.fc41

Update to git snapshot dffb773

• chromium-135.0.7049.114-1.fc41

Update to 135.0.7049.114

• chromium-135.0.7049.114-1.el9

Update to 135.0.7049.114

• chromium-135.0.7049.114-1.fc42

Update to 135.0.7049.114

• chromium-135.0.7049.114-1.el10_1

Update to 135.0.7049.114

• chromium-135.0.7049.114-1.fc40

Update to 135.0.7049.114

• xz-5.8.1-2.fc42

New upstream version 5.8.1 (with a rebuild to try and fix a gating problem).

New upstream version 5.8.1

• rust-hickory-proto-0.24.4-1.fc40

Update to version 0.24.4.

Also contains fixes for RUSTSEC-2025-0006.

• rust-hickory-proto-0.24.4-1.fc42

Update to version 0.24.4.

Also contains fixes for RUSTSEC-2025-0006.

• rust-hickory-proto-0.24.4-1.el9

Update to version 0.24.4.

Also contains fixes for RUSTSEC-2025-0006.

• rust-hickory-proto-0.24.4-1.fc41

Update to version 0.24.4.

Also contains fixes for RUSTSEC-2025-0006.

• rust-hickory-proto-0.24.4-1.el10_1

Update to version 0.24.4.

Also contains fixes for RUSTSEC-2025-0006.

• ntpd-rs-1.5.0-1.fc41

Update to version 1.5.0 (for now, without PPS feature enabled due to potential correctness issues in the code).

Release notes: https://github.com/pendulum-project/ntpd-rs/releases/tag/v1.5.0

Also contains the fix for GHSA-v83q-83hj-rw38.

• ntpd-rs-1.5.0-1.fc40

Update to version 1.5.0 (for now, without PPS feature enabled due to potential correctness issues in the code).

Release notes: https://github.com/pendulum-project/ntpd-rs/releases/tag/v1.5.0

Also contains the fix for GHSA-v83q-83hj-rw38.

• ntpd-rs-1.5.0-1.fc42

Update to version 1.5.0 (for now, without PPS feature enabled due to potential correctness issues in the code).

Release notes: https://github.com/pendulum-project/ntpd-rs/releases/tag/v1.5.0

Also contains the fix for GHSA-v83q-83hj-rw38.

• nodejs-bash-language-server-5.6.0-1.fc40
• nodejs-pnpm-10.9.0-1.fc40

Update pnpm to version 10.9.0 to fix CVE-2024-47829 and nodejs-bash-language-server to version 5.6.0

• nodejs-bash-language-server-5.6.0-1.fc41
• nodejs-pnpm-10.9.0-1.fc41

Update pnpm to version 10.9.0 to fix CVE-2024-47829 and nodejs-bash-language-server to version 5.6.0

• nodejs-bash-language-server-5.6.0-2.fc42
• nodejs-pnpm-10.9.0-1.fc42

Update pnpm to version 10.9.0 to fix CVE-2024-47829 and nodejs-bash-language-server to version 5.6.0

• valkey-8.0.3-1.fc41

Valkey 8.0.3 - Released Wed 23 Apr 2025

Upgrade urgency SECURITY: This release includes security fixes we recommend you apply as soon as possible.

Bug fixes

• Optimize RDB load performance and fix cluster mode resizing on replica side (#1199)
• Fix memory leak in forgotten node ping ext code path (#1574)
• Fix cluster info sent stats for message with light header (#1563)
• Fix module LatencyAddSample still work when latency-monitor-threshold is 0 (#1541)
• Fix potential crash in radix tree recompression of huge keys (#1722)
• Fix error "SSL routines::bad length" when connTLSWrite is called second time with smaller buffer (#1737)
• Fix temp file leak druing replication error handling (#1721)
• Fix ACL LOAD crash on replica since the primary client don't has a user (#1842)
• Fix RANDOMKEY infinite loop during CLIENT PAUSE (#1850)
• fix: add samples to stream object consumer trees (#1825)
• Fix cluster slot stats assertion during promotion of replica (#1950)
• Fix panic in primary when blocking shutdown after previous block with timeout (#1948)
• Ignore stale gossip packets that arrive out of order (#1777)
• Fix incorrect lag reported in XINFO GROUPS (#1952)
• Avoid shard id update of replica if not matching with primary shard id (#573)

Security fixes

• CVE-2025-21605 Limit output buffer for unauthenticated clients (#1993)