Fedora 42 Update: openqa-5^20250711git28a0214-4.fc42
Fedora 42 Update: phpunit12-12.5.8-1.fc42
Fedora 42 Update: pgadmin4-9.11-3.fc42
Fedora 42 Update: yarnpkg-1.22.22-16.fc42
Fedora 42 Update: phpunit11-11.5.50-1.fc42
Fedora 42 Update: phpunit10-10.5.63-1.fc42
Fedora 42 Update: phpunit8-8.5.52-1.fc42
Fedora 42 Update: phpunit9-9.6.34-1.fc42
[SECURITY] Fedora 42 Update: openqa-5^20250711git28a0214-4.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-84de1534b1
2026-02-06 01:09:06.041469+00:00
--------------------------------------------------------------------------------
Name : openqa
Product : Fedora 42
Version : 5^20250711git28a0214
Release : 4.fc42
URL : http://os-autoinst.github.io/openQA/
Summary : OS-level automated testing framework
Description :
openQA is a testing framework that allows you to test GUI applications on one
hand and bootloader and kernel on the other. In both cases, it is difficult to
script tests and verify the output. Output can be a popup window or it can be
an error in early boot even before init is executed.
openQA is an automated test tool that makes it possible to test the whole
installation process of an operating system. It uses virtual machines to
reproduce the process, check the output (both serial console and screen) in
every step and send the necessary keystrokes and commands to proceed to the
next. openQA can check whether the system can be installed, whether it works
properly in 'live' mode, whether applications work or whether the system
responds as expected to different installation options and commands.
Even more importantly, openQA can run several combinations of tests for every
revision of the operating system, reporting the errors detected for each
combination of hardware configuration, installation options and variant of the
operating system.
--------------------------------------------------------------------------------
Update Information:
This update bumps the bundled lodash to 4.17.23 to ensure openQA is protected
against CVE-2025-13465. It likely was not vulnerable in any case, though, as I
don't believe the vulnerable codepaths were exposed by openQA's use of lodash.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Jan 26 2026 Adam Williamson [awilliam@redhat.com] - 5^20250711git28a0214-4
- Backport PR #6920 to fix RHBZ #2432984 (CVE-2025-13465)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2432984 - CVE-2025-13465 openqa: prototype pollution in _.unset and _.omit functions [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2432984
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-84de1534b1' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 42 Update: phpunit12-12.5.8-1.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-8c25940d05
2026-02-06 01:09:06.041429+00:00
--------------------------------------------------------------------------------
Name : phpunit12
Product : Fedora 42
Version : 12.5.8
Release : 1.fc42
URL : https://github.com/sebastianbergmann/phpunit
Summary : The PHP Unit Testing framework version 12
Description :
PHPUnit is a programmer-oriented testing framework for PHP.
It is an instance of the xUnit architecture for unit testing frameworks.
This package provides the version 12 of PHPUnit,
available using the phpunit12 command.
Documentation: https://phpunit.de/documentation.html
--------------------------------------------------------------------------------
Update Information:
Version 12.5.8 - 2026-01-27
Changed
To prevent Poisoned Pipeline Execution (PPE) attacks using prepared .coverage
files in pull requests, a PHPT test will no longer be run if the temporary file
for writing code coverage information already exists before the test runs
Version 12.5.7 - 2026-01-24
Fixed
#6362: Manually instantiated test doubles are broken since PHPUnit 11.2
#6470: Infinite recursion in Count::getCountOf() for unusal implementations of
Iterator or IteratorAggregate
Version 12.5.6 - 2026-01-16
Changed
Reverted a change that caused a build failure for the PHP project's nightly
community job
Version 12.5.5 - 2026-01-15
Deprecated
#6461: any() matcher (soft deprecation)
Fixed
#6470: Mocking a class with a property hook setter accepting more types than the
property results in a fatal error
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jan 27 2026 Remi Collet [remi@remirepo.net] - 12.5.8-1
- update to 12.5.8
* Mon Jan 26 2026 Remi Collet [remi@remirepo.net] - 12.5.7-1
- update to 12.5.7
- raise dependency on sebastian/comparator 7.1.4
* Sat Jan 17 2026 Remi Collet [remi@remirepo.net] - 12.5.6-1
- update to 12.5.6
* Thu Jan 15 2026 Remi Collet [remi@remirepo.net] - 12.5.5-1
- update to 12.5.5
- raise dependency on phpunit/php-code-coverage 12.5.2
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2433676 - CVE-2026-24765 phpunit12: PHPUnit: Arbitrary code execution via unsafe deserialization of code coverage files [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2433676
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-8c25940d05' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 42 Update: pgadmin4-9.11-3.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-3062e10d87
2026-02-06 01:09:06.041438+00:00
--------------------------------------------------------------------------------
Name : pgadmin4
Product : Fedora 42
Version : 9.11
Release : 3.fc42
URL : https://www.pgadmin.org/
Summary : Administration tool for PostgreSQL
Description :
pgAdmin is the most popular and feature rich Open Source administration and development
platform for PostgreSQL, the most advanced Open Source database in the world.
--------------------------------------------------------------------------------
Update Information:
Regenerate vendor tarball. Fixes CVE-2025-13465.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jan 27 2026 Sandro Mani [manisandro@gmail.com] - 9.11-3
- Refresh bundle, fixes CVE-2025-13465
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2432986 - CVE-2025-13465 pgadmin4: prototype pollution in _.unset and _.omit functions [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2432986
[ 2 ] Bug #2433036 - CVE-2025-13465 pgadmin4: prototype pollution in _.unset and _.omit functions [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2433036
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-3062e10d87' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 42 Update: yarnpkg-1.22.22-16.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-2809f801f3
2026-02-06 01:09:06.041440+00:00
--------------------------------------------------------------------------------
Name : yarnpkg
Product : Fedora 42
Version : 1.22.22
Release : 16.fc42
URL : https://github.com/yarnpkg/yarn
Summary : Fast, reliable, and secure dependency management.
Description :
Fast, reliable, and secure dependency management.
--------------------------------------------------------------------------------
Update Information:
Regenerate vendor tarball. Fixes CVE-2025-13465.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jan 27 2026 Sandro Mani [manisandro@gmail.com] - 1.22.22-16
- Refresh bundle, fixes CVE-2025-13465
* Sat Jan 17 2026 Fedora Release Engineering [releng@fedoraproject.org] - 1.22.22-15
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2432997 - CVE-2025-13465 yarnpkg: prototype pollution in _.unset and _.omit functions [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2432997
[ 2 ] Bug #2433048 - CVE-2025-13465 yarnpkg: prototype pollution in _.unset and _.omit functions [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2433048
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-2809f801f3' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 42 Update: phpunit11-11.5.50-1.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-c3b42a28dd
2026-02-06 01:09:06.041426+00:00
--------------------------------------------------------------------------------
Name : phpunit11
Product : Fedora 42
Version : 11.5.50
Release : 1.fc42
URL : https://github.com/sebastianbergmann/phpunit
Summary : The PHP Unit Testing framework version 11
Description :
PHPUnit is a programmer-oriented testing framework for PHP.
It is an instance of the xUnit architecture for unit testing frameworks.
This package provides the version 11 of PHPUnit,
available using the phpunit11 command.
Documentation: https://phpunit.de/documentation.html
--------------------------------------------------------------------------------
Update Information:
Version 11.5.50 - 2026-01-27
Changed
To prevent Poisoned Pipeline Execution (PPE) attacks using prepared .coverage
files in pull requests, a PHPT test will no longer be run if the temporary file
for writing code coverage information already exists before the test runs
Version 11.5.49 - 2026-01-24
Fixed
#6362: Manually instantiated test doubles are broken since PHPUnit 11.2
#6470: Infinite recursion in Count::getCountOf() for unusal implementations of
Iterator or IteratorAggregate
Version 11.5.48 - 2026-01-16
Changed
Reverted a change that caused a build failure for the PHP project's nightly
community job
Version 11.5.47 - 2026-01-15
Fixed
#6470: Mocking a class with a property hook setter accepting more types than the
property results in a fatal error
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jan 27 2026 Remi Collet [remi@remirepo.net] - 11.5.50-1
- update to 11.5.50
* Mon Jan 26 2026 Remi Collet [remi@remirepo.net] - 11.5.49-1
- update to 11.5.49
- raise dependency on sebastian/comparator 6.3.3
* Sat Jan 17 2026 Remi Collet [remi@remirepo.net] - 11.5.48-1
- update to 11.5.48
* Thu Jan 15 2026 Remi Collet [remi@remirepo.net] - 11.5.47-1
- update to 11.5.47
- raise dependency on phpunit/php-code-coverage 11.0.12
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2433680 - CVE-2026-24765 phpunit11: PHPUnit: Arbitrary code execution via unsafe deserialization of code coverage files [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2433680
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-c3b42a28dd' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 42 Update: phpunit10-10.5.63-1.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-1d1c8f5df2
2026-02-06 01:09:06.041424+00:00
--------------------------------------------------------------------------------
Name : phpunit10
Product : Fedora 42
Version : 10.5.63
Release : 1.fc42
URL : https://github.com/sebastianbergmann/phpunit
Summary : The PHP Unit Testing framework version 10
Description :
PHPUnit is a programmer-oriented testing framework for PHP.
It is an instance of the xUnit architecture for unit testing frameworks.
This package provides the version 10 of PHPUnit,
available using the phpunit10 command.
Documentation: https://phpunit.de/documentation.html
--------------------------------------------------------------------------------
Update Information:
Version 10.5.63 - 2026-01-27
Fixed
Regression introduced in PHPUnit 9.6.33
Version 10.5.62 - 2026-01-27
Changed
To prevent Poisoned Pipeline Execution (PPE) attacks using prepared .coverage
files in pull requests, a PHPT test will no longer be run if the temporary file
for writing code coverage information already exists before the test runs
Version 10.5.61 - 2026-01-24
Changed
PHPUnit\Framework\MockObject exceptions are now subtypes of PHPUnit\Exception
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jan 27 2026 Remi Collet [remi@remirepo.net] - 10.5.63-1
- update to 10.5.63
* Mon Jan 26 2026 Remi Collet [remi@remirepo.net] - 10.5.61-1
- update to 10.5.61
- raise dependency on sebastian/comparator 5.0.5
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2433679 - CVE-2026-24765 phpunit10: PHPUnit: Arbitrary code execution via unsafe deserialization of code coverage files [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2433679
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-1d1c8f5df2' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 42 Update: phpunit8-8.5.52-1.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-8a7678fa99
2026-02-06 01:09:06.041418+00:00
--------------------------------------------------------------------------------
Name : phpunit8
Product : Fedora 42
Version : 8.5.52
Release : 1.fc42
URL : https://github.com/sebastianbergmann/phpunit
Summary : The PHP Unit Testing framework version 8
Description :
PHPUnit is a programmer-oriented testing framework for PHP.
It is an instance of the xUnit architecture for unit testing frameworks.
This package provides the version 8 of PHPUnit,
available using the phpunit8 command.
Documentation: https://phpunit.de/documentation.html
--------------------------------------------------------------------------------
Update Information:
Version 8.5.52 - 2026-01-27
Changed
To prevent Poisoned Pipeline Execution (PPE) attacks using prepared .coverage
files in pull requests, a PHPT test will no longer be run if the temporary file
for writing code coverage information already exists before the test runs
Version 8.5.51 - 2026-01-24
Changed
PHPUnit\Framework\MockObject exceptions subtypes of PHPUnit\Exception
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jan 27 2026 Remi Collet [remi@remirepo.net] - 8.5.52-1
- update to 8.5.52
* Mon Jan 26 2026 Remi Collet [remi@remirepo.net] - 8.5.51-1
- update to 8.5.51
- raise dependency on sebastian/comparator 3.0.7
- phpspec/prophecy is optional
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2433681 - CVE-2026-24765 phpunit8: PHPUnit: Arbitrary code execution via unsafe deserialization of code coverage files [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2433681
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-8a7678fa99' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 42 Update: phpunit9-9.6.34-1.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-a1cb6b0f95
2026-02-06 01:09:06.041421+00:00
--------------------------------------------------------------------------------
Name : phpunit9
Product : Fedora 42
Version : 9.6.34
Release : 1.fc42
URL : https://github.com/sebastianbergmann/phpunit
Summary : The PHP Unit Testing framework version 9
Description :
PHPUnit is a programmer-oriented testing framework for PHP.
It is an instance of the xUnit architecture for unit testing frameworks.
This package provides the version 9 of PHPUnit,
available using the phpunit9 command.
Documentation: https://phpunit.de/documentation.html
--------------------------------------------------------------------------------
Update Information:
Version 9.6.34 - 2026-01-27
Fixed
Regression introduced in PHPUnit 9.6.33
Version 9.6.33 - 2026-01-27
Changed
To prevent Poisoned Pipeline Execution (PPE) attacks using prepared .coverage
files in pull requests, a PHPT test will no longer be run if the temporary file
for writing code coverage information already exists before the test runs
Version 9.6.32 - 2026-01-24
Changed
PHPUnit\Framework\MockObject exceptions are now subtypes of PHPUnit\Exception
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jan 27 2026 Remi Collet [remi@remirepo.net] - 9.6.34-1
- update to 9.6.34
* Mon Jan 26 2026 Remi Collet [remi@remirepo.net] - 9.6.32-1
- update to 9.6.32
- raise dependency on sebastian/comparator 4.0.10
- phpspec/prophecy is optional
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2433678 - CVE-2026-24765 phpunit9: PHPUnit: Arbitrary code execution via unsafe deserialization of code coverage files [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2433678
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-a1cb6b0f95' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
