We noticed recently that a few systems running on RHEL 8 / 9 use libjxl on version v0.7.0 but v0.7.2 adresses two CVE's which are rated 6.9 but allow out of bounds read's and write's. Through this bug report i would like to request the versions atleast for EPEL 8 and 9 to be upgraded to v0.7.2 so everyone can safely and easily update this dependency. If possible upgrading the package from v0.10.3 for EPEL 10 to v0.10.4 to address the same vunerability would be great aswell if those running on the newest RHEL 10 OS. Reproducible: Always Steps to Reproduce: 1. Configure local system to use EPEL repositories 2. Install libjxl with dnf 3. Verify the currently installed version with that on the releases page of libjxl: https://github.com/libjxl/libjxl/releases Actual Results: v0.7.0 is installed not v0.7.2 Expected Results: v0.7.2 is installed
FEDORA-EPEL-2025-6117766f4b (jpegxl-0.7.2-1.el8) has been submitted as an update to Fedora EPEL 8. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-6117766f4b
FEDORA-EPEL-2025-f70deeaa88 (jpegxl-0.7.2-2.el9) has been submitted as an update to Fedora EPEL 9. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-f70deeaa88
FEDORA-EPEL-2025-496f3e6aeb (jpegxl-0.10.4-1.el10_0) has been submitted as an update to Fedora EPEL 10.0. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-496f3e6aeb
FEDORA-EPEL-2025-f70deeaa88 has been pushed to the Fedora EPEL 9 testing repository. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-f70deeaa88 See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
FEDORA-EPEL-2025-5304230dce has been pushed to the Fedora EPEL 10.1 testing repository. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-5304230dce See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
FEDORA-EPEL-2025-496f3e6aeb has been pushed to the Fedora EPEL 10.0 testing repository. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-496f3e6aeb See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
FEDORA-EPEL-2025-6117766f4b has been pushed to the Fedora EPEL 8 testing repository. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-6117766f4b See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
FEDORA-EPEL-2025-f70deeaa88 (jpegxl-0.7.2-2.el9) has been pushed to the Fedora EPEL 9 stable repository. If problem still persists, please make note of it in this bug report.
FEDORA-EPEL-2025-5304230dce (jpegxl-0.10.4-1.el10_1) has been pushed to the Fedora EPEL 10.1 stable repository. If problem still persists, please make note of it in this bug report.
FEDORA-EPEL-2025-496f3e6aeb (jpegxl-0.10.4-1.el10_0) has been pushed to the Fedora EPEL 10.0 stable repository. If problem still persists, please make note of it in this bug report.
FEDORA-EPEL-2025-6117766f4b (jpegxl-0.7.2-1.el8) has been pushed to the Fedora EPEL 8 stable repository. If problem still persists, please make note of it in this bug report.