Repo Status -
Overall Status
Page updated: 2026-04-14 21:57
| 2303880 | ASSIGNED | EPEL 10 Tracker |
| 2304324 | POST | [RFE:EPEL10] EPEL10 branch of tigervnc |
| 2307589 | NEW | Please branch and build etcd in epel10 |
| 2308951 | NEW | [RFE:EPEL10] Please branch and build ansible for EPEL10 |
| 2310911 | ASSIGNED | [RFE:EPEL10] EPEL10 branch of openh264 |
| 2315560 | ASSIGNED | Please branch and build uboot-tools in epel10 |
| 2321352 | MODIFIED | inxi: fails to install from epel10 |
| 2324741 | NEW | Please branch and build ant-contrib in epel10 |
| 2325258 | NEW | Please branch and build google-gson in epel10 |
| 2325646 | ASSIGNED | Please branch and build golang-x-tools in epel10 |
| 2327000 | NEW | Please branch and build matio for EPEL-10 |
| 2328757 | NEW | [RFE:EPEL10] EPEL10 branch of checksec |
| 2332365 | NEW | golang-x-crypto: please provide epel10 package |
| 2332366 | NEW | golang-x-text: please provide epel10 package |
| 2332983 | NEW | Please branch and build android-tools in epel10 |
| 2333364 | ASSIGNED | Please branch and build mkosi in epel10 |
| 2333747 | NEW | Please branch and build evince in epel 10 |
| 2334275 | NEW | Please branch and build rust-dua-cli in epel10 |
| 2334937 | NEW | Please branch and build cdrdao for EPEL 10 |
| 2335292 | ASSIGNED | Please branch and build quilt in epel10 |
| 2344526 | NEW | [RFE:EPEL10] Please branch and build libyuv for EPEL10 |
| 2344925 | NEW | Please branch and build dump in epel10 |
| 2345748 | ON_QA | Please branch and build collectd in epel10 |
| 2347089 | NEW | CVE-2025-27091 openh264: decoding functions heap overflow [epel-all] |
| 2348444 | NEW | Please branch and build python-blessed in epel10 |
| 2349099 | NEW | Please branch and build tailscale in epel10. |
| 2351709 | NEW | golang-x-net-devel missing for epel10 |
| 2354814 | NEW | Please branch and build makeself in epel10 |
| 2356975 | NEW | Please build python-ciso8601 for EPEL9 and 10 |
| 2362303 | NEW | Please branch and build gcc-gnat in epel10 |
| 2362304 | NEW | Please branch and build gprbuild in epel10 |
| 2362305 | NEW | Please branch and build xmlada in epel10 |
| 2363141 | NEW | Is missing - please bring it back |
| 2363354 | NEW | Please branch and build dateutils in epel10 |
| 2365644 | NEW | Please branch and build libmcrypt in epel10 |
| 2365930 | NEW | Please branch and build perl-Encode-IMAPUTF7 in epel10 |
| 2366792 | NEW | Please branch and build xfce4 in epel10 |
| 2368454 | NEW | Please branch and build imapsync for EPEL 10 |
| 2368495 | NEW | Please branch and build cpuid in epel10 |
| 2368651 | NEW | pdns-recursor missing from EPEL 10 |
| 2368920 | NEW | Please branch and build et in epel10 |
| 2368938 | NEW | please branch and build puppet in epel10 |
| 2368992 | NEW | missing glances package |
| 2369077 | NEW | Please branch and build kBuild in epel10 |
| 2369325 | NEW | Please branch and build python-sdnotify in epel10 |
| 2369414 | NEW | Please branch and build python-oci in epel10 |
| 2369415 | NEW | Please branch and build oci-cli in epel10 |
| 2369416 | NEW | Please branch and build python-circuitbreaker in epel10 |
| 2369543 | NEW | Please branch and build tlp in epel10 |
| 2369802 | ASSIGNED | Request to add mod_qos to EPEL 10 |
| 2370027 | NEW | Please branch and build the_silver_searcher for epel10. |
| 2370161 | ASSIGNED | Please branch and build tinyfugue in epel10 |
| 2370244 | NEW | Please branch and build poco-devel in epel10 |
| 2370417 | NEW | Please branch and build timeshift in epel10 |
| 2370418 | NEW | Please branch and build blender in epel10 |
| 2370448 | NEW | Please branch and build rr-5.9 in epel10 |
| 2370892 | NEW | Please branch and build amazon-ec2-utils for EPEL10 |
| 2370893 | NEW | Please branch and build ec2-instance-connect for EPEL10 |
| 2370918 | NEW | Please branch and build lbzip2 in epel10 |
| 2370921 | NEW | Please branch and build unar in epel10 |
| 2371052 | NEW | Please branch and build pngquant in epel10 |
| 2371618 | ON_QA | Please branch and build ansible-collection-community-crypto for EPEL10 |
| 2372335 | ASSIGNED | No symlink for libslurmfull leads to problem when building PySlurm |
| 2372453 | NEW | Please branch and build nextcloud-client in epel10{,.0} |
| 2373101 | NEW | Please branch and build audacity in epel10 |
| 2373102 | NEW | Please branch and build rclone-browser in epel10 |
| 2373116 | ASSIGNED | Please branch and build mbuffer in epel10 |
| 2373698 | NEW | Please branch and build obs-studio in epel10 |
| 2373955 | NEW | python3-hypershell+postgres: fails to install from epel10 |
| 2373957 | POST | x2goclient: fails to install from EPEL 10.0/10.1 |
| 2374218 | NEW | Please branch and build gparted in epel10 |
| 2374258 | NEW | Please build pyproj for EPEL10 |
| 2374261 | NEW | Please build python-jdcal for EPEL10 |
| 2374262 | NEW | Please build python-sqlparse for EPEL10 |
| 2374293 | ASSIGNED | MATE Desktop Environment RHEL 10 |
| 2374373 | NEW | Please branch and build qgis in epel10 |
| 2374754 | NEW | Please branch and build wine in epel10 and epel10.0 |
| 2375114 | ASSIGNED | Please make OpenImageIO available on EPEL10 |
| 2375407 | NEW | Please build EPEL10 postgrey packages |
| 2376551 | NEW | Request to package file-roller package for EPEL10 |
| 2376913 | NEW | please build python-scramp for EPEL10 |
| 2378151 | NEW | Please branch and build lscoltui in epel10 |
| 2379303 | NEW | Please branch and build python-paho-mqtt in epel10 |
| 2380257 | NEW | [RFE:EPEL10] Please branch and build autossh in EPEL10 |
| 2380827 | NEW | Please branch and build netplan in epel10 |
| 2382234 | NEW | Please release it for EPEL-10 |
| 2383640 | NEW | Please branch and build nemo in epel10 |
| 2383641 | NEW | Please branch and build ibus-mozc in epel10 |
| 2383642 | NEW | Please branch and build grub-customizer in epel10 |
| 2383809 | NEW | Please branch and build ec2-hibinit-agent in epel10 |
| 2383925 | NEW | Please branch and build openvpn-auth-ldap in epel10 |
| 2383951 | NEW | request for fcitx5 package for EPEL |
| 2384092 | NEW | Please branch and build miller in epel10 |
| 2384187 | ASSIGNED | Please branch and build geany-plugins in epel10 |
| 2384310 | ASSIGNED | Please branch and build inxi in epel10 |
| 2384568 | NEW | Add qt5-qtwebengine and qt5-qtwebengine-devel to EPEL 10 |
| 2384785 | NEW | Add qt5-qtwebengine and qt5-qtwebengine-devel to EPEL 10 |
| 2385259 | NEW | slurm on RHEL10 |
| 2385402 | NEW | please build x509watch for EPEL10 |
| 2386364 | NEW | Please branch and build gammu in epel10 |
| 2386540 | NEW | Please branch and build amanda in epel10 |
| 2387055 | NEW | Please branch and build bwm-ng in epel10 and epel10.0 |
| 2387487 | ASSIGNED | Please branch and build nginx-mod-modsecurity in epel10 |
| 2387792 | NEW | Please branch and build python-docker in epel10 / epel10.0 |
| 2388017 | NEW | Please branch and build fastd in epel10 and epel10.0 |
| 2388756 | NEW | Please branch and build bleachbit in epel10 |
| 2389018 | NEW | Please branch and build gparted in epel10 |
| 2389026 | NEW | smem package missing on EPEL10 |
| 2390252 | NEW | Please branch and build python-pylibmc in epel10 |
| 2390780 | NEW | Please branch and build pdsh in epel10 |
| 2390899 | NEW | Please branch and build sendemail in epel10 |
| 2390998 | NEW | Please branch and build bear in epel10 and epel10.0 |
| 2391603 | NEW | CVE-2025-58058 image-builder: github.com/ulikunitz/xz leaks memory [epel-10] |
| 2391956 | NEW | Please branch and build iptables-legacy and iptables-legacy-devel in epel10 |
| 2392627 | NEW | CVE-2025-49794 qt5-qtwebengine: Heap use after free (UAF) leads to Denial of service (DoS) [epel-all] |
| 2392638 | NEW | CVE-2025-49796 qt5-qtwebengine: Type confusion leads to Denial of service (DoS) [epel-all] |
| 2392988 | NEW | Please branch and build epson-inkjet-printer-escpr in epel10 |
| 2393065 | NEW | Please build vokoscreenNG for EPEL 10 and 10.1 |
| 2393895 | NEW | Please branch and build tcllib for epel10 |
| 2394112 | NEW | CVE-2025-9951 qt5-qtwebengine: heap-based buffer overflow in jpeg2000dec [epel-all] |
| 2394497 | NEW | CVE-2025-10256 qt5-qtwebengine: NULL pointer dereference in Firequalizer filter (libavfilter/af_firequalizer.c) [epel-all] |
| 2394918 | POST | dnf5 does not set releasever_minor variable from system-release(releasever_minor) RPM provide |
| 2395126 | NEW | request adding checksec to epel 10 |
| 2395148 | NEW | CVE-2025-10201 qt5-qtwebengine: Inappropriate implementation in Mojo [epel-all] |
| 2395448 | ON_QA | CVE-2025-47779 asterisk: Using malformed From header can forge identity with ";" or NULL in name portion [epel-all] |
| 2397451 | NEW | [RFE:EPEL10] Please branch and build beep for EPEL10 |
| 2397452 | ASSIGNED | asciinema: add to EPEL 10 |
| 2398122 | NEW | CVE-2025-10911 mingw-libxslt: use-after-free with key data stored cross-RVT [epel-all] |
| 2398123 | NEW | CVE-2025-10911 qt5-qtwebengine: use-after-free with key data stored cross-RVT [epel-all] |
| 2398299 | NEW | CVE-2025-47910 image-builder: CrossOriginProtection bypass in net/http [epel-10] |
| 2398935 | NEW | CVE-2025-47906 image-builder: Unexpected paths returned from LookPath in os/exec [epel-10] |
| 2401145 | NEW | CVE-2025-51495 smplayer: From CVEorg collector [epel-all] |
| 2401885 | NEW | Please branch and build libb64 for EPEL 10 |
| 2401887 | NEW | Please branch and build transmission for EPEL 10 |
| 2402059 | NEW | CVE-2025-10502 qt5-qtwebengine: Heap buffer overflow in ANGLE [epel-all] |
| 2402066 | NEW | CVE-2025-10500 qt5-qtwebengine: Use after free in Dawn [epel-all] |
| 2402103 | NEW | CVE-2025-10200 qt5-qtwebengine: Use after free in Serviceworker. [epel-all] |
| 2402115 | NEW | CVE-2025-10890 qt5-qtwebengine: Side-channel information leakage in V8 [epel-all] |
| 2402124 | NEW | CVE-2025-10891 qt5-qtwebengine: Integer overflow in V8 [epel-all] |
| 2402131 | NEW | CVE-2025-10892 qt5-qtwebengine: Integer overflow in V8 [epel-all] |
| 2403256 | NEW | Please branch and build qr-code-generator in epel10 / epel10.1 |
| 2407403 | ASSIGNED | Please branch and build duplicity in epel10 |
| 2407422 | NEW | Please branch and build quilt in EPEL 10 |
| 2407484 | NEW | CVE-2025-58189 image-builder: go crypto/tls ALPN negotiation error contains attacker controlled information [epel-10] |
| 2408527 | NEW | CVE-2025-61725 image-builder: Excessive CPU consumption in ParseAddress in net/mail [epel-10] |
| 2408936 | NEW | CVE-2025-61723 image-builder: Quadratic complexity when parsing some invalid inputs in encoding/pem [epel-10] |
| 2409877 | NEW | CVE-2025-58185 image-builder: Parsing DER payload can cause memory exhaustion in encoding/asn1 [epel-10] |
| 2410818 | NEW | CVE-2025-58188 image-builder: Panic when validating certificates with DSA public keys in crypto/x509 [epel-10] |
| 2411694 | NEW | RFE: Build nginx-mod-http-geoip2 for EPEL10 (AlmaLinux 10) |
| 2412458 | NEW | Please branch and build cpuid in epel10 |
| 2412483 | NEW | CVE-2025-58183 golang-x-tools: Unbounded allocation when parsing GNU sparse map [epel-all] |
| 2412485 | NEW | CVE-2025-58183 image-builder: Unbounded allocation when parsing GNU sparse map [epel-all] |
| 2412494 | NEW | CVE-2025-58183 reg: Unbounded allocation when parsing GNU sparse map [epel-all] |
| 2413754 | NEW | Please branch and build gridsite for EPEL 10 |
| 2415385 | NEW | pngquant missing from EPEL10 |
| 2416112 | NEW | CVE-2025-59681 python-django3: Potential SQL injection in QuerySet.annotate(), alias(), aggregate(), and extra() on MySQL and MariaDB1 [epel-all] |
| 2416562 | NEW | please branch and build keychain for epel10 |
| 2417647 | NEW | Please branch and build gparted in EPEL 10 |
| 2417686 | NEW | Please branch and build python-django-rest-framework in EPEL10 |
| 2417687 | NEW | Please branch and build python-pytest-aiohttp in EPEL10 and EPEL10.1 |
| 2417716 | NEW | 32 bit OS does not boot using libvirt |
| 2418064 | NEW | Please consider branching and building python-mutagen in epel10.1 |
| 2419727 | ASSIGNED | Please branch and build vtk in epel10. |
| 2420428 | NEW | Please branch and build qbittorrent in epel10 |
| 2420460 | NEW | Fortune-mod not available in EPEL10 |
| 2421876 | NEW | CVE-2025-66506 image-builder: Fulcio: Denial of Service via crafted OpenID Connect (OIDC) token [epel-10] |
| 2423063 | NEW | CVE-2025-59029 pdns: PowerDNS: Assertion failure due to crafted DNS records [epel-10] |
| 2423626 | NEW | CVE-2025-9900 mingw-libtiff: Libtiff Write-What-Where [epel-all] |
| 2423635 | NEW | CVE-2025-59682 python-django3: Potential partial directory-traversal via archive.extract() [epel-all] |
| 2424266 | NEW | Please provide fatresize for EPEL-10 |
| 2427059 | NEW | fuse-encfs missing in EPEL 10 |
| 2427234 | NEW | Please branch and build python-tmuxp in epl10 |
| 2427492 | NEW | Please branch and build python-openapi-core in EPEL 10 and EPEL 10.1 |
| 2427561 | NEW | Please branch and build in epel10 |
| 2428150 | NEW | gnome-shell-extension-argos: update for compatibility with GNOME 49 |
| 2428167 | NEW | kubernetes1.34: fails to install from EPEL 10.2 |
| 2428669 | NEW | For RHEL10, don't see the facter package in the EPEL repo |
| 2428832 | NEW | Please branch and build gamemode in epel10 |
| 2429519 | ASSIGNED | recoll-gssp: fails to install from EPEL 10.2 |
| 2430407 | NEW | Please branch and build glances for EPEL 10 |
| 2432745 | NEW | Please branch and build jhead in epel10 |
| 2433733 | NEW | Please branch and build stompclt for EPEL 10 |
| 2433755 | NEW | Please build kf5-kcoreaddons for EPEL 10 (and 10.1) |
| 2433762 | NEW | Please build kf5-kwidgetsaddons for EPEL-10 (and 10.1) |
| 2435442 | NEW | Question: Can fcitx5 branch and build to EPEL? |
| 2435456 | ASSIGNED | [EPEL10 Request] Please build and branch Lutris for EPEL 10 |
| 2437321 | NEW | Please release it for EPEL-10 |
| 2440011 | ASSIGNED | Please branch and build atuin in epel10 |
| 2440344 | NEW | CVE-2026-2447 qt5-qtwebengine: Heap buffer overflow in libvpx [epel-all] |
| 2440556 | NEW | CVE-2026-2642 the_silver_searcher: the_silver_searcher: Denial of Service via null pointer dereference in search_stream [epel-all] |
| 2440986 | NEW | CVE-2026-2704 openbabel: heap-based buffer over-read when parsing a malformed MMCIF/CIF file [epel-all] |
| 2441019 | NEW | CVE-2026-2705 openbabel: NULL pointer dereference when parsing a malformed MOL2 file [epel-all] |
| 2441151 | NEW | CVE-2025-69725 jfrog-cli: Go-chi/chi: Open Redirect vulnerability allows redirection to malicious websites [epel-all] |
| 2441205 | NEW | CVE-2026-26203 pjproject: PJSIP: Denial of Service via malformed H.264 bitstream processing [epel-all] |
| 2441255 | NEW | CVE-2026-26967 pjproject: PJSIP: Arbitrary code execution via H.264 unpacketizer heap-based buffer overflow [epel-all] |
| 2441330 | NEW | CVE-2026-21620 erlang: Erlang OTP tftp_file modules: Information disclosure via relative path traversal [epel-all] |
| 2441338 | NEW | CVE-2026-26960 mozjs78: node-tar: Arbitrary file read/write via malicious archive hardlink creation [epel-all] |
| 2441873 | NEW | CVE-2026-2968 smplayer: Cesanta Mongoose: Improper cryptographic signature verification in Poly1305 Authentication Tag Handler [epel-all] |
| 2441880 | NEW | CVE-2026-2967 smplayer: Mongoose: Remote Denial of Service in TCP Sequence Number Handler [epel-all] |
| 2441887 | NEW | CVE-2026-2966 smplayer: Mongoose: Information disclosure due to insufficiently random values in DNS transaction ID handling [epel-all] |
| 2441971 | NEW | Please branch and build borgmatic in epel10 |
| 2442042 | NEW | CVE-2025-61144 mingw-libtiff: libtiff: Denial of Service via buffer overflow [epel-all] |
| 2442047 | NEW | CVE-2025-61143 mingw-libtiff: libtiff: Denial of Service via NULL pointer dereference in tif_open.c [epel-all] |
| 2442050 | NEW | CVE-2025-61145 mingw-libtiff: libtiff: Denial of service via double free in tiffcrop.c [epel-all] |
| 2443071 | NEW | CVE-2026-27970 mozjs78: Angular: Cross-site scripting via compromised translation files [epel-all] |
| 2443700 | NEW | Please branch and build rtorrent+libtorrent in EPEL10 |
| 2443741 | NEW | Please branch and build python3-untangle in epel10 |
| 2443879 | NEW | CVE-2026-3408 openbabel: NULL pointer dereference when parsing a malformed CDXML file [epel-all] |
| 2444079 | NEW | Please branch and build perl-DBIx-ContextualFetch for EPEL-10 |
| 2444080 | NEW | Please branch and build perl-Ima-DBI for EPEL-10 |
| 2444081 | NEW | Please branch and build perl-Class-DBI for EPEL-10 |
| 2444258 | NEW | CVE-2025-15599 ansible-collection-awx-awx: DOMPurify: Cross-site scripting [epel-all] |
| 2444293 | NEW | Please branch and build buildbot in epel10 / epel10.1 |
| 2444343 | NEW | Please add python-behave to EPEL 10 |
| 2444374 | NEW | Add python-parse_type to EPEL 10 |
| 2444767 | NEW | CVE-2026-27982 python-django-allauth: django-allauth: Open redirect via crafted URL in SAML IdP initiated SSO [epel-all] |
| 2445122 | NEW | CVE-2026-28799 pjproject: PJSIP: Denial of Service via heap use-after-free in event subscription [epel-all] |
| 2445123 | NEW | CVE-2026-29068 pjproject: PJSIP: Denial of Service via malformed RTP payload processing [epel-all] |
| 2445156 | NEW | CVE-2026-23925 zabbix: Zabbix: Confidentiality loss via improper access control in configuration.import API [epel-all] |
| 2445365 | NEW | CVE-2026-29074 mozjs78: SVGO: Denial of Service via XML entity expansion [epel-all] |
| 2445367 | NEW | CVE-2026-29074 qt5-qtwebengine: SVGO: Denial of Service via XML entity expansion [epel-all] |
| 2445667 | NEW | CVE-2026-3713 libpng12: libpng: Heap-based buffer overflow in pnm2png allows information disclosure and denial of service [epel-all] |
| 2445668 | NEW | CVE-2026-3713 mingw-libpng: libpng: Heap-based buffer overflow in pnm2png allows information disclosure and denial of service [epel-all] |
| 2446063 | NEW | CVE-2026-30928 glances: unauthenticated configuration secrets exposure [epel-all] |
| 2446065 | NEW | CVE-2026-30930 glances: SQL injection via process names in TimescaleDB export [epel-all] |
| 2446348 | NEW | CVE-2026-31808 perl-File-Type: file-type: Denial of Service due to infinite loop in ASF file parsing [epel-all] |
| 2446539 | NEW | Please branch and build ranger in epel10/epel10.1 |
| 2446746 | NEW | Please get a build of qbittorrent back into EPEL 10 |
| 2446769 | NEW | CVE-2026-31958 python-flit: Tornado: Denial of Service via large multipart bodies [epel-all] |
| 2446779 | NEW | CVE-2026-31958 python-pep517: Tornado: Denial of Service via large multipart bodies [epel-all] |
| 2447026 | NEW | Please branch and build tini in epel10 |
| 2447207 | NEW | CVE-2026-32141 ansible: flatted: Unbounded recursion DoS in parse() revive phase [epel-all] |
| 2447209 | NEW | CVE-2026-32141 magicmirror: flatted: Unbounded recursion DoS in parse() revive phase [epel-all] |
| 2447220 | NEW | Please branch and build python-treq in epel10 / epel10.1 |
| 2447303 | NEW | Please branch and build suil for EPEL 10 |
| 2447306 | NEW | CVE-2026-32239 capnproto: Cap'n Proto has an integer overflow in KJ-HTTP [epel-all] |
| 2447395 | NEW | CVE-2026-2673 openssl3: OpenSSL TLS 1.3 server may choose unexpected key agreement group [epel-all] |
| 2447398 | NEW | CVE-2026-2673 openssl3: OpenSSL TLS 1.3 server may choose unexpected key agreement group [epel-all] |
| 2447587 | ON_QA | Please branch and build python-neutronclient for EPEL10 |
| 2447591 | ON_QA | Please branch and build python-novaclient for EPEL10 |
| 2448089 | NEW | CVE-2026-32635 mozjs78: Angular has XSS in i18n attribute bindings [epel-all] |
| 2448129 | NEW | CVE-2025-71264 mumble: Mumble out of bound array access [epel-all] |
| 2448309 | NEW | CVE-2026-3312 pagure: Pagure: Information disclosure via unrestricted reStructuredText include directive [epel-all] |
| 2448633 | NEW | CVE-2026-32609 glances: Glances has Incomplete Secrets Redaction: /api/v4/args Endpoint Leaks Password Hash and SNMP Credentials [epel-all] |
| 2448635 | NEW | CVE-2026-32609 python-glances-api: Glances has Incomplete Secrets Redaction: /api/v4/args Endpoint Leaks Password Hash and SNMP Credentials [epel-all] |
| 2448667 | NEW | CVE-2026-32596 glances: unauthenticated API exposure [epel-all] |
| 2448670 | NEW | CVE-2026-32608 glances: command injection via process names in action command templates [epel-all] |
| 2448717 | NEW | CVE-2026-32610 glances: default CORS configuration allows Cross-Origin credential theft [epel-all] |
| 2448760 | NEW | CVE-2026-32611 glances: SQL injection in DuckDB export via unparameterized DDL statements [epel-all] |
| 2448762 | NEW | CVE-2026-32632 glances: REST/WebUI lacks host validation and remains exposed to DNS rebinding [epel-all] |
| 2448766 | NEW | CVE-2026-32634 glances: Central Browser autodiscovery leaks reusable credentials to Zeroconf-spoofed servers [epel-all] |
| 2448768 | NEW | CVE-2026-32633 glances: browser API exposes reusable downstream credentials via '/api/4/serverslist' [epel-all] |
| 2448796 | NEW | CVE-2026-28500 onnx: ONNX: Untrusted Model Repository Warnings Suppressed [epel-all] |
| 2448995 | NEW | CVE-2026-4407 xpdf: Out-of-bounds array write in Xpdf 4.06 due to missing validation [epel-all] |
| 2449705 | NEW | CVE-2026-33069 pjproject: PJSIP: Information disclosure vulnerability in SIP message processing [epel-all] |
| 2450253 | NEW | CVE-2026-32305 netdata: Traefik: mTLS bypass allows unauthorized service access via fragmented ClientHello. [epel-all] |
| 2450265 | NEW | CVE-2026-33151 magicmirror: Socket.IO: Denial of Service due to excessive buffering of specially crafted packets [epel-all] |
| 2450324 | NEW | CVE-2019-25544 pidgin: Pidgin: Denial of Service via excessively long username [epel-all] |
| 2450661 | NEW | CVE-2026-32942 pjproject: PJSIP: Arbitrary code execution or information disclosure via race condition in ICE session handling [epel-all] |
| 2450663 | NEW | CVE-2026-32945 pjproject: PJSIP: Heap-based buffer overflow in DNS parser may lead to arbitrary code execution or denial of service. [epel-all] |
| 2450769 | NEW | CVE-2026-4775 mingw-libtiff: libtiff: Arbitrary code execution or denial of service via signed integer overflow in TIFF file processing [epel-all] |
| 2450796 | NEW | CVE-2026-29063 mozjs78: Immutable.js: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in immutable [epel-all] |
| 2450930 | NEW | CVE-2026-23921 zabbix: Zabbix: Arbitrary database data exfiltration and administrator account compromise via blind SQL injection in API [epel-all] |
| 2450931 | NEW | CVE-2026-23921 zabbix6.0: Zabbix: Arbitrary database data exfiltration and administrator account compromise via blind SQL injection in API [epel-all] |
| 2450932 | NEW | CVE-2026-23919 zabbix: Zabbix Server and Proxy: Information disclosure via reused JavaScript contexts [epel-all] |
| 2450934 | NEW | CVE-2026-23919 zabbix6.0: Zabbix Server and Proxy: Information disclosure via reused JavaScript contexts [epel-all] |
| 2450936 | NEW | CVE-2026-23920 zabbix: Zabbix: Arbitrary code execution via newline injection in script input validation [epel-all] |
| 2450938 | NEW | CVE-2026-23920 zabbix6.0: Zabbix: Arbitrary code execution via newline injection in script input validation [epel-all] |
| 2450939 | NEW | CVE-2026-23923 zabbix: Zabbix: Limited availability impact via arbitrary PHP class instantiation [epel-all] |
| 2450940 | NEW | CVE-2026-23924 zabbix: Zabbix Agent 2 Docker plugin: Information disclosure via improper parameter sanitization [epel-all] |
| 2450942 | NEW | CVE-2026-23924 zabbix6.0: Zabbix Agent 2 Docker plugin: Information disclosure via improper parameter sanitization [epel-all] |
| 2450944 | NEW | CVE-2026-23923 zabbix6.0: Zabbix: Limited availability impact via arbitrary PHP class instantiation [epel-all] |
| 2450987 | NEW | Please branch and build libdxfrw in epel10 |
| 2450988 | NEW | Please branch and build qt5-qtwebkit in epel10 |
| 2451326 | NEW | CVE-2026-33228 ansible: Flatted: Prototype pollution vulnerability allows arbitrary code execution via crafted JSON. [epel-all] |
| 2451328 | NEW | CVE-2026-33228 magicmirror: Flatted: Prototype pollution vulnerability allows arbitrary code execution via crafted JSON. [epel-all] |
| 2451374 | ON_QA | Please branch and build nbd in epel10.1 |
| 2451656 | NEW | CVE-2026-31958 python-pytest-tornado: Tornado: Denial of Service via large multipart bodies [epel-all] |
| 2451657 | NEW | CVE-2026-31958 python-tornado: Tornado: Denial of Service via large multipart bodies [epel-all] |
| 2452110 | NEW | CVE-2026-33636 mingw-libpng: libpng: Information disclosure and denial of service via out-of-bounds read/write in Neon palette expansion [epel-all] |
| 2452137 | NEW | CVE-2026-33416 libpng12: libpng: Arbitrary code execution due to use-after-free vulnerability [epel-all] |
| 2452138 | NEW | CVE-2026-33416 mingw-libpng: libpng: Arbitrary code execution due to use-after-free vulnerability [epel-all] |
| 2452365 | NEW | CVE-2026-32285 jfrog-cli: github.com/buger/jsonparser: Denial of Service via malformed JSON input [epel-all] |
| 2452382 | NEW | CVE-2026-32286 netdata: github.com/jackc/pgproto3/v2: Denial of Service via malicious PostgreSQL server [epel-all] |
| 2452782 | NEW | Please branch and build reuse in epel10 |
| 2453045 | NEW | CVE-2026-4923 magicmirror: path-to-regexp: Denial of Service via specially crafted paths with multiple wildcards [epel-all] |
| 2453046 | NEW | CVE-2026-4923 mozjs78: path-to-regexp: Denial of Service via specially crafted paths with multiple wildcards [epel-all] |
| 2453972 | NEW | CVE-2026-4800 ansible: lodash: Arbitrary code execution via untrusted input in template imports [epel-all] |
| 2453974 | NEW | CVE-2026-4800 cockatrice: lodash: Arbitrary code execution via untrusted input in template imports [epel-all] |
| 2453976 | NEW | CVE-2026-4800 fkill-cli: lodash: Arbitrary code execution via untrusted input in template imports [epel-all] |
| 2453978 | NEW | CVE-2026-4800 glances: lodash: Arbitrary code execution via untrusted input in template imports [epel-all] |
| 2453982 | NEW | CVE-2026-4800 magicmirror: lodash: Arbitrary code execution via untrusted input in template imports [epel-all] |
| 2453983 | NEW | CVE-2026-4800 mozjs78: lodash: Arbitrary code execution via untrusted input in template imports [epel-all] |
| 2453992 | NEW | CVE-2026-4800 qt6-qtbase: lodash: Arbitrary code execution via untrusted input in template imports [epel-all] |
| 2454173 | NEW | CVE-2026-27489 onnx: ONNX: Information Disclosure via Path Traversal Vulnerability [epel-all] |
| 2454329 | NEW | CVE-2026-5244 smplayer: heap-based buffer overflow in the TLS 1.3 implementation [epel-all] |
| 2454333 | NEW | CVE-2026-5245 smplayer: stack-based buffer overflow in mDNS [epel-all] |
| 2454337 | NEW | CVE-2026-5246 smplayer: certificate verification bypass in mTLS [epel-all] |
| 2454462 | NEW | CVE-2026-5342 LibRaw-epel: LibRaw: Out-of-bounds read via `load_flags/raw_width` argument manipulation [epel-all] |
| 2454524 | NEW | CVE-2026-34165 jfrog-cli: go-git: Denial of Service via crafted .idx file [epel-all] |
| 2454525 | NEW | CVE-2026-33762 jfrog-cli: go-git: Denial of Service via crafted Git index file [epel-all] |
| 2454675 | NEW | CVE-2026-34446 onnx: ONNX: Information disclosure through hardlink path traversal [epel-all] |
| 2454892 | NEW | CVE-2026-34445 onnx: ONNX: Denial of Service and potential information disclosure via malicious model metadata [epel-all] |
| 2455434 | NEW | CVE-2026-34774 magicmirror: Electron: Memory corruption and crash due to use-after-free in offscreen rendering [epel-all] |
| 2455437 | NEW | CVE-2026-34778 magicmirror: Electron: Integrity issue due to IPC channel spoofing by a service worker [epel-all] |
| 2455439 | NEW | CVE-2026-34775 magicmirror: Electron: Arbitrary code execution and information disclosure due to incorrect Node.js integration scoping [epel-all] |
| 2455444 | NEW | CVE-2026-34777 magicmirror: Electron: Unauthorized permission granting and information disclosure via incorrect iframe origin [epel-all] |
| 2455446 | NEW | CVE-2026-34776 magicmirror: Electron: Information disclosure via crafted second-instance message [epel-all] |
| 2455448 | NEW | CVE-2026-34780 magicmirror: Electron: Context Isolation bypass via VideoFrame object transfer [epel-all] |
| 2455450 | NEW | CVE-2026-34772 magicmirror: Electron: Use-after-free vulnerability leads to memory corruption or crash [epel-all] |
| 2455452 | NEW | CVE-2026-34769 magicmirror: Electron: Arbitrary code execution and security bypass via undocumented command-line switches [epel-all] |
| 2455454 | NEW | CVE-2026-34767 magicmirror: Electron: HTTP Response Header Injection via attacker-controlled input [epel-all] |
| 2455456 | NEW | CVE-2026-34766 magicmirror: Electron: Unauthorized USB device access via select-usb-device event callback validation bypass [epel-all] |
| 2455458 | NEW | CVE-2026-34771 magicmirror: Electron: Memory corruption or application crash via use-after-free in permission request handling [epel-all] |
| 2455485 | NEW | CVE-2026-34764 magicmirror: Electron: Memory corruption or crash due to use-after-free in offscreen rendering with shared textures. [epel-all] |
| 2455638 | NEW | CVE-2026-34986 jfrog-cli: Go JOSE: Denial of Service via crafted JSON Web Encryption (JWE) object [epel-all] |
| 2455910 | ON_QA | Please branch and build ansible-collection-ansible-utils in epel10 and epel10.1/epel10.2 |
| 2456134 | NEW | CVE-2026-28810 erlang: Erlang/OTP kernel: DNS cache poisoning via predictable DNS transaction IDs [epel-all] |
| 2456137 | NEW | CVE-2026-28808 erlang: Erlang OTP inets modules: Unauthenticated access to protected CGI scripts via incorrect authorization [epel-all] |
| 2456292 | NEW | CVE-2026-33816 netdata: github.com/jackc/pgx: Memory-safety vulnerability [epel-all] |
| 2456295 | NEW | CVE-2026-33815 netdata: github.com/jackc/pgx: Memory-safety vulnerability [epel-all] |
| 2456385 | NEW | CVE-2026-34765 magicmirror: Electron: Arbitrary code execution or information disclosure via incorrect window handling [epel-all] |
| 2456388 | NEW | CVE-2026-34781 magicmirror: Electron: Denial of Service via malformed clipboard image data [epel-all] |
| 2456412 | NEW | CVE-2026-28390 openssl3: OpenSSL: Denial of Service due to NULL pointer dereference in CMS EnvelopedData processing [epel-all] |
| 2456506 | NEW | Please branch and build remctl in epel10 |
| 2456565 | NEW | CVE-2026-39865 ansible-collection-awx-awx: Axios: Denial of Service via HTTP/2 session cleanup logic state corruption [epel-all] |
| 2456566 | NEW | CVE-2026-39865 cachelib: Axios: Denial of Service via HTTP/2 session cleanup logic state corruption [epel-all] |
| 2456567 | NEW | CVE-2026-39865 fbthrift: Axios: Denial of Service via HTTP/2 session cleanup logic state corruption [epel-all] |
| 2456568 | NEW | CVE-2026-39865 magicmirror: Axios: Denial of Service via HTTP/2 session cleanup logic state corruption [epel-all] |
| 2456855 | NEW | CVE-2026-27140 gcc-epel: Go (golang) and cmd/go: Arbitrary Code Execution via malicious SWIG file names [epel-all] |
| 2456973 | NEW | CVE-2026-39855 osslsigncode: integer underflow in PE page hash calculation can cause out-of-bounds read [epel-all] |
| 2456975 | NEW | CVE-2026-39856 osslsigncode: out-of-bounds read via unvalidated section bounds in PE page hash calculation [epel-all] |
| 2457334 | NEW | CVE-2026-35536 python-tornado: Tornado: Cookie attribute injection due to improper handling of cookie arguments [epel-all] |
| 2457466 | ON_QA | Please build xarchiver in epel10 |
| 2457492 | NEW | CVE-2025-62718 ansible-collection-awx-awx: Axios: Server-Side Request Forgery and proxy bypass due to improper hostname normalization [epel-all] |
| 2457493 | NEW | CVE-2025-62718 cachelib: Axios: Server-Side Request Forgery and proxy bypass due to improper hostname normalization [epel-all] |
| 2457494 | NEW | CVE-2025-62718 fbthrift: Axios: Server-Side Request Forgery and proxy bypass due to improper hostname normalization [epel-all] |
| 2457495 | NEW | CVE-2025-62718 magicmirror: Axios: Server-Side Request Forgery and proxy bypass due to improper hostname normalization [epel-all] |
| 2457564 | NEW | Please branch and build perl-RPM2 in epel10 |
| 2457673 | NEW | Please branch and build alien in epel10 and epel10.1 |
| 2457865 | NEW | CVE-2026-40175 ansible-collection-awx-awx: Axios: Remote Code Execution via Prototype Pollution escalation [epel-all] |
| 2457866 | NEW | CVE-2026-40175 cachelib: Axios: Remote Code Execution via Prototype Pollution escalation [epel-all] |
| 2457867 | NEW | CVE-2026-40175 fbthrift: Axios: Remote Code Execution via Prototype Pollution escalation [epel-all] |
| 2457868 | NEW | CVE-2026-40175 magicmirror: Axios: Remote Code Execution via Prototype Pollution escalation [epel-all] |
| 2457916 | NEW | CVE-2026-40021 log4net: Apache Log4net: Denial of Service for logging via unsanitized XML characters [epel-all] |
| 2457966 | NEW | CVE-2026-30998 qt5-qtwebengine: FFmpeg: Denial of Service vulnerability in zmqsend.c via crafted input [epel-all] |
| 2457967 | NEW | CVE-2026-30999 qt5-qtwebengine: FFmpeg: Denial of Service via heap buffer overflow in av_bprint_finalize() [epel-all] |
| 2457984 | NEW | CVE-2026-30997 qt5-qtwebengine: FFmpeg: Denial of Service via out-of-bounds read [epel-all] |
| 2458138 | MODIFIED | Please branch and build rmlint in epel10.1 |