Chromium, .NET, Roundcube, and more updates for Fedora

Fedora Linux 9294 Published 2026-03-28 07:17 by Philipp Esselbach

News

[SECURITY] Fedora 42 Update: chromium-146.0.7680.164-1.fc42

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-cc466cfb57
2026-03-28 01:05:58.419931+00:00
--------------------------------------------------------------------------------

Name : chromium
Product : Fedora 42
Version : 146.0.7680.164
Release : 1.fc42
URL : http://www.chromium.org/Home
Summary : A WebKit (Blink) powered web browser that Google doesn't want you to use
Description :
Chromium is an open-source web browser, powered by WebKit (Blink).

--------------------------------------------------------------------------------
Update Information:

Update to 146.0.7680.164
* High CVE-2026-4673: Heap buffer overflow in WebAudio
* High CVE-2026-4674: Out of bounds read in CSS
* High CVE-2026-4675: Heap buffer overflow in WebGL
* High CVE-2026-4676: Use after free in Dawn
* High CVE-2026-4677: Out of bounds read in WebAudio
* High CVE-2026-4678: Use after free in WebGPU
* High CVE-2026-4679: Integer overflow in Fonts
* High CVE-2026-4680: Use after free in FedCM
Update to 146.0.7680.153
* CVE-2026-4439: Out of bounds memory access in WebGL
* CVE-2026-4440: Out of bounds read and write in WebGL
* CVE-2026-4441: Use after free in Base
* CVE-2026-4442: Heap buffer overflow in CSS
* CVE-2026-4443: Heap buffer overflow in WebAudio
* CVE-2026-4444: Stack buffer overflow in WebRTC
* CVE-2026-4445: Use after free in WebRTC
* CVE-2026-4446: Use after free in WebRTC
* CVE-2026-4447: Inappropriate implementation in V8
* CVE-2026-4448: Heap buffer overflow in ANGLE
* CVE-2026-4449: Use after free in Blink
* CVE-2026-4450: Out of bounds write in V8
* CVE-2026-4451: Insufficient validation of untrusted input in Navigation
* CVE-2026-4452: Integer overflow in ANGLE
* CVE-2026-4453: Integer overflow in Dawn
* CVE-2026-4454: Use after free in Network
* CVE-2026-4455: Heap buffer overflow in PDFium
* CVE-2026-4456: Use after free in Digital Credentials API
* CVE-2026-4457: Type Confusion in V8
* CVE-2026-4458: Use after free in Extensions
* CVE-2026-4459: Out of bounds read and write in WebAudio
* CVE-2026-4460: Out of bounds read in Skia
* CVE-2026-4461: Inappropriate implementation in V8
* CVE-2026-4462: Out of bounds read in Blink
* CVE-2026-4463: Heap buffer overflow in WebRTC
* CVE-2026-4464: Integer overflow in ANGLE
--------------------------------------------------------------------------------
ChangeLog:

* Tue Mar 24 2026 Than Ngo [than@redhat.com] - 146.0.7680.164-1
- Update to 146.0.7680.164
* High CVE-2026-4673: Heap buffer overflow in WebAudio
* High CVE-2026-4674: Out of bounds read in CSS
* High CVE-2026-4675: Heap buffer overflow in WebGL
* High CVE-2026-4676: Use after free in Dawn
* High CVE-2026-4677: Out of bounds read in WebAudio
* High CVE-2026-4678: Use after free in WebGPU
* High CVE-2026-4679: Integer overflow in Fonts
* High CVE-2026-4680: Use after free in FedCM
* Fri Mar 20 2026 Than Ngo [than@redhat.com] - 146.0.7680.153-1
- Update to 146.0.7680.153
* CVE-2026-4439: Out of bounds memory access in WebGL
* CVE-2026-4440: Out of bounds read and write in WebGL
* CVE-2026-4441: Use after free in Base
* CVE-2026-4442: Heap buffer overflow in CSS
* CVE-2026-4443: Heap buffer overflow in WebAudio
* CVE-2026-4444: Stack buffer overflow in WebRTC
* CVE-2026-4445: Use after free in WebRTC
* CVE-2026-4446: Use after free in WebRTC
* CVE-2026-4447: Inappropriate implementation in V8
* CVE-2026-4448: Heap buffer overflow in ANGLE
* CVE-2026-4449: Use after free in Blink
* CVE-2026-4450: Out of bounds write in V8
* CVE-2026-4451: Insufficient validation of untrusted input in Navigation
* CVE-2026-4452: Integer overflow in ANGLE
* CVE-2026-4453: Integer overflow in Dawn
* CVE-2026-4454: Use after free in Network
* CVE-2026-4455: Heap buffer overflow in PDFium
* CVE-2026-4456: Use after free in Digital Credentials API
* CVE-2026-4457: Type Confusion in V8
* CVE-2026-4458: Use after free in Extensions
* CVE-2026-4459: Out of bounds read and write in WebAudio
* CVE-2026-4460: Out of bounds read in Skia
* CVE-2026-4461: Inappropriate implementation in V8
* CVE-2026-4462: Out of bounds read in Blink
* CVE-2026-4463: Heap buffer overflow in WebRTC
* CVE-2026-4464: Integer overflow in ANGLE
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-cc466cfb57' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new

[SECURITY] Fedora 42 Update: php-phpseclib-2.0.52-1.fc42

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-bfeb46516b
2026-03-28 01:05:58.419876+00:00
--------------------------------------------------------------------------------

Name : php-phpseclib
Product : Fedora 42
Version : 2.0.52
Release : 1.fc42
URL : https://github.com/phpseclib/phpseclib
Summary : PHP Secure Communications Library
Description :
MIT-licensed pure-PHP implementations of an arbitrary-precision integer
arithmetic library, fully PKCS#1 (v2.1) compliant RSA, DES, 3DES, RC4,
Rijndael, AES, Blowfish, Twofish, SSH-1, SSH-2, SFTP, and X.509

--------------------------------------------------------------------------------
Update Information:

Update to v2.0.52
--------------------------------------------------------------------------------
ChangeLog:

* Thu Mar 19 2026 Artur Frenszek-Iwicki [fedora@svgames.pl] - 2.0.52-1
- Update to v2.0.52
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2449633 - CVE-2026-32935 php-phpseclib: phpseclib: Information disclosure via padding oracle timing attack when using AES in CBC mode [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2449633
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-bfeb46516b' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new

[SECURITY] Fedora 42 Update: dotnet9.0-9.0.115-1.fc42

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-8ae04c01e3
2026-03-28 01:05:58.419845+00:00
--------------------------------------------------------------------------------

Name : dotnet9.0
Product : Fedora 42
Version : 9.0.115
Release : 1.fc42
URL : https://github.com/dotnet/
Summary : .NET Runtime and SDK
Description :
.NET is a fast, lightweight and modular platform for creating
cross platform applications that work on Linux, macOS and Windows.

It particularly focuses on creating console applications, web
applications and micro-services.

.NET contains a runtime conforming to .NET Standards a set of
framework libraries, an SDK containing compilers and a 'dotnet'
application to drive everything.

--------------------------------------------------------------------------------
Update Information:

This is the March 2026 release of .NET 9.
Release Notes:
SDK: https://github.com/dotnet/core/blob/main/release-
notes/9.0/9.0.14/9.0.115.md
Runtime: https://github.com/dotnet/core/blob/main/release-
notes/9.0/9.0.14/9.0.14.md
--------------------------------------------------------------------------------
ChangeLog:

* Wed Mar 11 2026 Omair Majid [omajid@redhat.com] - 9.0.115-1
- Update to .NET SDK 9.0.115 and Runtime 9.0.14
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2446425 - CVE-2026-26130 dotnet9.0: ASP.NET Core: Denial of Service via uncontrolled resource allocation [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2446425
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-8ae04c01e3' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new

[SECURITY] Fedora 42 Update: samtools-1.23.1-1.fc42

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-1fc0d39acd
2026-03-28 01:05:58.419872+00:00
--------------------------------------------------------------------------------

Name : samtools
Product : Fedora 42
Version : 1.23.1
Release : 1.fc42
URL : http://www.htslib.org/
Summary : Tools for nucleotide sequence alignments in the SAM format
Description :
SAM (Sequence Alignment/Map) is a flexible generic format for storing
nucleotide sequence alignment.
SAM Tools provide various utilities for manipulating alignments in the
SAM format, including sorting, merging, indexing and generating
alignments in a per-position format.

--------------------------------------------------------------------------------
Update Information:

Update to 1.23.1
--------------------------------------------------------------------------------
ChangeLog:

* Thu Mar 19 2026 Rasmus Ory Nielsen [ron@ron.dk] - 1.23.1-1
- Updated to 1.23.1
* Thu Jan 22 2026 Rasmus Ory Nielsen [ron@ron.dk] - 1.23-1
- Updated to 1.23
* Sat Jan 17 2026 Fedora Release Engineering [releng@fedoraproject.org] - 1.15.1-9
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
* Mon Jan 5 2026 Marcin Juszkiewicz [mjuszkiewicz@redhat.com] - 1.15.1-8
- Extend check to handle RISC-V 64-bit architecture port.
* Fri Jul 25 2025 Fedora Release Engineering [releng@fedoraproject.org] - 1.15.1-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2448750 - CVE-2026-31962 htslib: htslib: Heap buffer overflow leading to arbitrary code execution via crafted CRAM file
https://bugzilla.redhat.com/show_bug.cgi?id=2448750
[ 2 ] Bug #2448751 - CVE-2026-31965 htslib: HTSlib: Information disclosure or denial of service via out-of-bounds read in CRAM record processing
https://bugzilla.redhat.com/show_bug.cgi?id=2448751
[ 3 ] Bug #2448755 - CVE-2026-31963 htslib: HTSlib: Arbitrary code execution via crafted CRAM file
https://bugzilla.redhat.com/show_bug.cgi?id=2448755
[ 4 ] Bug #2448756 - CVE-2026-31964 htslib: HTSlib: Denial of Service via NULL pointer dereference in CRAM decoding
https://bugzilla.redhat.com/show_bug.cgi?id=2448756
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-1fc0d39acd' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new

[SECURITY] Fedora 42 Update: htslib-1.23.1-1.fc42

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-1fc0d39acd
2026-03-28 01:05:58.419872+00:00
--------------------------------------------------------------------------------

Name : htslib
Product : Fedora 42
Version : 1.23.1
Release : 1.fc42
URL : http://www.htslib.org
Summary : C library for high-throughput sequencing data formats
Description :
HTSlib is an implementation of a unified C library for accessing common file
formats, such as SAM, CRAM and VCF, used for high-throughput sequencing data,
and is the core library used by samtools and bcftools.

--------------------------------------------------------------------------------
Update Information:

Update to 1.23.1
--------------------------------------------------------------------------------
ChangeLog:

* Thu Mar 19 2026 Rasmus Ory Nielsen [ron@ron.dk] - 1.23.1-1
- Updated to 1.23.1
* Thu Jan 22 2026 Rasmus Ory Nielsen [ron@ron.dk] - 1.23-1
- Updated to 1.23
- Removed outdated patch
* Fri Jan 16 2026 Fedora Release Engineering [releng@fedoraproject.org] - 1.15.1-10
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
* Thu Jul 24 2025 Fedora Release Engineering [releng@fedoraproject.org] - 1.15.1-9
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2448750 - CVE-2026-31962 htslib: htslib: Heap buffer overflow leading to arbitrary code execution via crafted CRAM file
https://bugzilla.redhat.com/show_bug.cgi?id=2448750
[ 2 ] Bug #2448751 - CVE-2026-31965 htslib: HTSlib: Information disclosure or denial of service via out-of-bounds read in CRAM record processing
https://bugzilla.redhat.com/show_bug.cgi?id=2448751
[ 3 ] Bug #2448755 - CVE-2026-31963 htslib: HTSlib: Arbitrary code execution via crafted CRAM file
https://bugzilla.redhat.com/show_bug.cgi?id=2448755
[ 4 ] Bug #2448756 - CVE-2026-31964 htslib: HTSlib: Denial of Service via NULL pointer dereference in CRAM decoding
https://bugzilla.redhat.com/show_bug.cgi?id=2448756
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-1fc0d39acd' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new

[SECURITY] Fedora 42 Update: bcftools-1.23.1-1.fc42

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-1fc0d39acd
2026-03-28 01:05:58.419872+00:00
--------------------------------------------------------------------------------

Name : bcftools
Product : Fedora 42
Version : 1.23.1
Release : 1.fc42
URL : https://www.htslib.org/
Summary : Tools for genomic variant calling and manipulating VCF/BCF files
Description :
BCFtools is a set of utilities that manipulate genomic variant calls in the
Variant Call Format (VCF) and its binary counterpart (BCF). All commands work
transparently with both VCFs and BCFs, both uncompressed and BGZF-compressed.

(This BCFtools includes the polysomy subcommand, which is implemented using
the GNU Scientific Library. Hence this package is licensed according to the
GNU General Public License, rather than the MIT license used when BCFtools
is built without the polysomy subcommand.)

--------------------------------------------------------------------------------
Update Information:

Update to 1.23.1
--------------------------------------------------------------------------------
ChangeLog:

* Thu Mar 19 2026 Rasmus Ory Nielsen [ron@ron.dk] - 1.23.1-1
- Updated to 1.23.1
- Removed patch now that issue 2495 is fixed upstream
* Mon Jan 26 2026 Rasmus Ory Nielsen [ron@ron.dk] - 1.23-1
- Updated to 1.23
- Removed obsolete vcf_plugin_tests patch
- Remove invalid `-errors` from PERL_LIBS to fix linker warnings
* Mon Jan 26 2026 Jun Aruga [jaruga@redhat.com] - 1.15.1-17
- RISC-V has /lib64/lp64d/ symlink which confuses ldd.
* Fri Jan 16 2026 Fedora Release Engineering [releng@fedoraproject.org] - 1.15.1-16
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
* Fri Jan 16 2026 Fedora Release Engineering [releng@fedoraproject.org] - 1.15.1-15
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
* Wed Jul 23 2025 Fedora Release Engineering [releng@fedoraproject.org] - 1.15.1-14
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
* Mon Jul 7 2025 Jitka Plesnikova [jplesnik@redhat.com] - 1.15.1-13
- Perl 5.42 rebuild
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2448750 - CVE-2026-31962 htslib: htslib: Heap buffer overflow leading to arbitrary code execution via crafted CRAM file
https://bugzilla.redhat.com/show_bug.cgi?id=2448750
[ 2 ] Bug #2448751 - CVE-2026-31965 htslib: HTSlib: Information disclosure or denial of service via out-of-bounds read in CRAM record processing
https://bugzilla.redhat.com/show_bug.cgi?id=2448751
[ 3 ] Bug #2448755 - CVE-2026-31963 htslib: HTSlib: Arbitrary code execution via crafted CRAM file
https://bugzilla.redhat.com/show_bug.cgi?id=2448755
[ 4 ] Bug #2448756 - CVE-2026-31964 htslib: HTSlib: Denial of Service via NULL pointer dereference in CRAM decoding
https://bugzilla.redhat.com/show_bug.cgi?id=2448756
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-1fc0d39acd' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new

[SECURITY] Fedora 42 Update: roundcubemail-1.6.14-1.fc42

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-c283cce7fd
2026-03-28 01:05:58.419853+00:00
--------------------------------------------------------------------------------

Name : roundcubemail
Product : Fedora 42
Version : 1.6.14
Release : 1.fc42
URL : http://www.roundcube.net
Summary : Round Cube Webmail is a browser-based multilingual IMAP client
Description :
RoundCube Webmail is a browser-based multilingual IMAP client
with an application-like user interface. It provides full
functionality you expect from an e-mail client, including MIME
support, address book, folder manipulation, message searching
and spell checking. RoundCube Webmail is written in PHP and
requires a database: MySQL, PostgreSQL and SQLite are known to
work. The user interface is fully skinnable using XHTML and
CSS 2.

--------------------------------------------------------------------------------
Update Information:

Version 1.6.14
Fix Postgres connection using IPv6 address (#10104)
Security: Fix pre-auth arbitrary file write via unsafe deserialization in
redis/memcache session handler
Security: Fix bug where a password could get changed without providing the old
password
Security: Fix IMAP Injection + CSRF bypass in mail search
Security: Fix remote image blocking bypass via various SVG animate attributes
Security: Fix remote image blocking bypass via a crafted body background
attribute
Security: Fix fixed position mitigation bypass via use of !important
Security: Fix XSS issue in a HTML attachment preview
Security: Fix SSRF + Information Disclosure via stylesheet links to a local
network hosts
--------------------------------------------------------------------------------
ChangeLog:

* Wed Mar 18 2026 Remi Collet [remi@remirepo.net] - 1.6.14-1
- update to 1.5.14
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-c283cce7fd' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new

[SECURITY] Fedora 42 Update: mongo-c-driver-1.30.7-2.fc42

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-c5273647fa
2026-03-28 01:05:58.419864+00:00
--------------------------------------------------------------------------------

Name : mongo-c-driver
Product : Fedora 42
Version : 1.30.7
Release : 2.fc42
URL : https://github.com/mongodb/mongo-c-driver
Summary : Client library written in C for MongoDB
Description :
mongo-c-driver is a client library written in C for MongoDB.

--------------------------------------------------------------------------------
Update Information:

Fix handling in HTTP response parser CVE-2026-4359
--------------------------------------------------------------------------------
ChangeLog:

* Thu Mar 19 2026 Remi Collet [remi@remirepo.net] - 1.30.7-2
- add upstream fix for CVE-2026-4359
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2448486 - CVE-2026-4359 mongo-c-driver: mongo-c-driver: Denial of Service via malformed HTTP response [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2448486
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-c5273647fa' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new

[SECURITY] Fedora 42 Update: dotnet8.0-8.0.125-1.fc42

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-66c97240f2
2026-03-28 01:05:58.419849+00:00
--------------------------------------------------------------------------------

Name : dotnet8.0
Product : Fedora 42
Version : 8.0.125
Release : 1.fc42
URL : https://github.com/dotnet/
Summary : .NET Runtime and SDK
Description :
.NET is a fast, lightweight and modular platform for creating
cross platform applications that work on Linux, macOS and Windows.

It particularly focuses on creating console applications, web
applications and micro-services.

.NET contains a runtime conforming to .NET Standards a set of
framework libraries, an SDK containing compilers and a 'dotnet'
application to drive everything.

--------------------------------------------------------------------------------
Update Information:

This is the March 2026 release of .NET 8
Release Notes:
SDK: https://github.com/dotnet/core/blob/main/release-
notes/8.0/8.0.25/8.0.125.md
Runtime: https://github.com/dotnet/core/blob/main/release-
notes/8.0/8.0.25/8.0.25.md
--------------------------------------------------------------------------------
ChangeLog:

* Wed Mar 11 2026 Omair Majid [omajid@redhat.com] - 8.0.125-1
- Update to .NET SDK 8.0.125 and Runtime 8.0.25
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2446424 - CVE-2026-26130 dotnet8.0: ASP.NET Core: Denial of Service via uncontrolled resource allocation [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2446424
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-66c97240f2' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new

[SECURITY] Fedora 42 Update: dotnet10.0-10.0.104-1.fc42

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-48e73ed6b8
2026-03-28 01:05:58.419822+00:00
--------------------------------------------------------------------------------

Name : dotnet10.0
Product : Fedora 42
Version : 10.0.104
Release : 1.fc42
URL : https://github.com/dotnet/
Summary : .NET 10.0 Runtime and SDK
Description :
.NET is a fast, lightweight and modular platform for creating
cross platform applications that work on Linux, macOS and Windows.

It particularly focuses on creating console applications, web
applications and micro-services.

.NET contains a runtime conforming to .NET Standards a set of
framework libraries, an SDK containing compilers and a 'dotnet'
application to drive everything.

--------------------------------------------------------------------------------
Update Information:

This is the March 2026 release of .NET 10.
Release Notes:
SDK: https://github.com/dotnet/core/blob/main/release-
notes/10.0/10.0.4/10.0.104.md
Runtime: https://github.com/dotnet/core/blob/main/release-
notes/10.0/10.0.4/10.0.4.md
--------------------------------------------------------------------------------
ChangeLog:

* Wed Mar 11 2026 Omair Majid [omajid@redhat.com] - 10.0.104-1
- Update to .NET SDK 10.0.104 and Runtime 10.0.4
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2446423 - CVE-2026-26130 dotnet10.0: ASP.NET Core: Denial of Service via uncontrolled resource allocation [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2446423
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-48e73ed6b8' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new

[SECURITY] Fedora 43 Update: python3.12-3.12.13-2.fc43

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-304f76c660
2026-03-28 00:45:01.878108+00:00
--------------------------------------------------------------------------------

Name : python3.12
Product : Fedora 43
Version : 3.12.13
Release : 2.fc43
URL : https://www.python.org/
Summary : Version 3.12 of the Python interpreter
Description :
Python 3.12 is an accessible, high-level, dynamically typed, interpreted
programming language, designed with an emphasis on code readability.
It includes an extensive standard library, and has a vast ecosystem of
third-party libraries.

The python3.12 package provides the "python3.12" executable: the reference
interpreter for the Python language, version 3.
The majority of its standard library is provided in the python3.12-libs package,
which should be installed automatically along with python3.12.
The remaining parts of the Python standard library are broken out into the
python3.12-tkinter and python3.12-test packages, which may need to be installed
separately.

Documentation for Python is provided in the python3.12-docs package.

Packages containing additional libraries for Python are generally named with
the "python3.12-" prefix.

--------------------------------------------------------------------------------
Update Information:

Security fix for CVE-2026-4519.
--------------------------------------------------------------------------------
ChangeLog:

* Thu Mar 26 2026 Lum??r Balhar [lbalhar@redhat.com] - 3.12.13-2
- Security fix for CVE-2026-4519 (rhbz#2449728)
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2449728 - CVE-2026-4519 python3.12: Python: Command-line option injection in webbrowser.open() via crafted URLs [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2449728
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-304f76c660' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

[SECURITY] Fedora 43 Update: perl-XML-Parser-2.51-1.fc43

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-b7182d65b7
2026-03-28 00:45:01.878099+00:00
--------------------------------------------------------------------------------

Name : perl-XML-Parser
Product : Fedora 43
Version : 2.51
Release : 1.fc43
URL : https://metacpan.org/release/XML-Parser
Summary : Perl module for parsing XML documents
Description :
This module provides ways to parse XML documents. It is built on top
of XML::Parser::Expat, which is a lower level interface to James
Clark's expat library. Each call to one of the parsing methods creates
a new instance of XML::Parser::Expat which is then used to parse the
document. Expat options may be provided when the XML::Parser object is
created. These options are then passed on to the Expat object on each
parse call. They can also be given as extra arguments to the parse
methods, in which case they override options given at XML::Parser
creation time.

--------------------------------------------------------------------------------
Update Information:

2.51 bump - Fix CVE-2006-10002, CVE-2006-10003
--------------------------------------------------------------------------------
ChangeLog:

* Mon Mar 23 2026 Jitka Plesnikova [jplesnik@redhat.com] - 2.51-1
- 2.51 bump (rhbz#2448965)
- Fix CVE-2006-10002 (rhbz#2449269), CVE-2006-10003 (rhbz#2449278)
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2448965 - perl-XML-Parser-2.51 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2448965
[ 2 ] Bug #2449269 - CVE-2006-10002 perl-XML-Parser: XML::Parser for Perl: Heap corruption and denial of service from crafted XML input [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2449269
[ 3 ] Bug #2449278 - CVE-2006-10003 perl-XML-Parser: XML::Parser: Memory corruption via deeply nested XML files [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2449278
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-b7182d65b7' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new

[SECURITY] Fedora 43 Update: samtools-1.23.1-1.fc43

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-3b06345bf2
2026-03-28 00:45:01.878029+00:00
--------------------------------------------------------------------------------

Name : samtools
Product : Fedora 43
Version : 1.23.1
Release : 1.fc43
URL : http://www.htslib.org/
Summary : Tools for nucleotide sequence alignments in the SAM format
Description :
SAM (Sequence Alignment/Map) is a flexible generic format for storing
nucleotide sequence alignment.
SAM Tools provide various utilities for manipulating alignments in the
SAM format, including sorting, merging, indexing and generating
alignments in a per-position format.

--------------------------------------------------------------------------------
Update Information:

Update to 1.23.1
--------------------------------------------------------------------------------
ChangeLog:

* Thu Mar 19 2026 Rasmus Ory Nielsen [ron@ron.dk] - 1.23.1-1
- Updated to 1.23.1
* Thu Jan 22 2026 Rasmus Ory Nielsen [ron@ron.dk] - 1.23-1
- Updated to 1.23
* Sat Jan 17 2026 Fedora Release Engineering [releng@fedoraproject.org] - 1.15.1-9
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2448750 - CVE-2026-31962 htslib: htslib: Heap buffer overflow leading to arbitrary code execution via crafted CRAM file
https://bugzilla.redhat.com/show_bug.cgi?id=2448750
[ 2 ] Bug #2448751 - CVE-2026-31965 htslib: HTSlib: Information disclosure or denial of service via out-of-bounds read in CRAM record processing
https://bugzilla.redhat.com/show_bug.cgi?id=2448751
[ 3 ] Bug #2448755 - CVE-2026-31963 htslib: HTSlib: Arbitrary code execution via crafted CRAM file
https://bugzilla.redhat.com/show_bug.cgi?id=2448755
[ 4 ] Bug #2448756 - CVE-2026-31964 htslib: HTSlib: Denial of Service via NULL pointer dereference in CRAM decoding
https://bugzilla.redhat.com/show_bug.cgi?id=2448756
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-3b06345bf2' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new

[SECURITY] Fedora 43 Update: htslib-1.23.1-1.fc43

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-3b06345bf2
2026-03-28 00:45:01.878029+00:00
--------------------------------------------------------------------------------

Name : htslib
Product : Fedora 43
Version : 1.23.1
Release : 1.fc43
URL : http://www.htslib.org
Summary : C library for high-throughput sequencing data formats
Description :
HTSlib is an implementation of a unified C library for accessing common file
formats, such as SAM, CRAM and VCF, used for high-throughput sequencing data,
and is the core library used by samtools and bcftools.

--------------------------------------------------------------------------------
Update Information:

Update to 1.23.1
--------------------------------------------------------------------------------
ChangeLog:

* Thu Mar 19 2026 Rasmus Ory Nielsen [ron@ron.dk] - 1.23.1-1
- Updated to 1.23.1
* Thu Jan 22 2026 Rasmus Ory Nielsen [ron@ron.dk] - 1.23-1
- Updated to 1.23
- Removed outdated patch
* Fri Jan 16 2026 Fedora Release Engineering [releng@fedoraproject.org] - 1.15.1-10
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2448750 - CVE-2026-31962 htslib: htslib: Heap buffer overflow leading to arbitrary code execution via crafted CRAM file
https://bugzilla.redhat.com/show_bug.cgi?id=2448750
[ 2 ] Bug #2448751 - CVE-2026-31965 htslib: HTSlib: Information disclosure or denial of service via out-of-bounds read in CRAM record processing
https://bugzilla.redhat.com/show_bug.cgi?id=2448751
[ 3 ] Bug #2448755 - CVE-2026-31963 htslib: HTSlib: Arbitrary code execution via crafted CRAM file
https://bugzilla.redhat.com/show_bug.cgi?id=2448755
[ 4 ] Bug #2448756 - CVE-2026-31964 htslib: HTSlib: Denial of Service via NULL pointer dereference in CRAM decoding
https://bugzilla.redhat.com/show_bug.cgi?id=2448756
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-3b06345bf2' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new

[SECURITY] Fedora 43 Update: bcftools-1.23.1-1.fc43

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-3b06345bf2
2026-03-28 00:45:01.878029+00:00
--------------------------------------------------------------------------------

Name : bcftools
Product : Fedora 43
Version : 1.23.1
Release : 1.fc43
URL : https://www.htslib.org/
Summary : Tools for genomic variant calling and manipulating VCF/BCF files
Description :
BCFtools is a set of utilities that manipulate genomic variant calls in the
Variant Call Format (VCF) and its binary counterpart (BCF). All commands work
transparently with both VCFs and BCFs, both uncompressed and BGZF-compressed.

(This BCFtools includes the polysomy subcommand, which is implemented using
the GNU Scientific Library. Hence this package is licensed according to the
GNU General Public License, rather than the MIT license used when BCFtools
is built without the polysomy subcommand.)

--------------------------------------------------------------------------------
Update Information:

Update to 1.23.1
--------------------------------------------------------------------------------
ChangeLog:

* Thu Mar 19 2026 Rasmus Ory Nielsen [ron@ron.dk] - 1.23.1-1
- Updated to 1.23.1
- Removed patch now that issue 2495 is fixed upstream
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2448750 - CVE-2026-31962 htslib: htslib: Heap buffer overflow leading to arbitrary code execution via crafted CRAM file
https://bugzilla.redhat.com/show_bug.cgi?id=2448750
[ 2 ] Bug #2448751 - CVE-2026-31965 htslib: HTSlib: Information disclosure or denial of service via out-of-bounds read in CRAM record processing
https://bugzilla.redhat.com/show_bug.cgi?id=2448751
[ 3 ] Bug #2448755 - CVE-2026-31963 htslib: HTSlib: Arbitrary code execution via crafted CRAM file
https://bugzilla.redhat.com/show_bug.cgi?id=2448755
[ 4 ] Bug #2448756 - CVE-2026-31964 htslib: HTSlib: Denial of Service via NULL pointer dereference in CRAM decoding
https://bugzilla.redhat.com/show_bug.cgi?id=2448756
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-3b06345bf2' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new

[SECURITY] Fedora 43 Update: mongo-c-driver-1.30.7-2.fc43

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-cc129df978
2026-03-28 00:45:01.878017+00:00
--------------------------------------------------------------------------------

Name : mongo-c-driver
Product : Fedora 43
Version : 1.30.7
Release : 2.fc43
URL : https://github.com/mongodb/mongo-c-driver
Summary : Client library written in C for MongoDB
Description :
mongo-c-driver is a client library written in C for MongoDB.

--------------------------------------------------------------------------------
Update Information:

Fix handling in HTTP response parser CVE-2026-4359
--------------------------------------------------------------------------------
ChangeLog:

* Thu Mar 19 2026 Remi Collet [remi@remirepo.net] - 1.30.7-2
- add upstream fix for CVE-2026-4359
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2448487 - CVE-2026-4359 mongo-c-driver: mongo-c-driver: Denial of Service via malformed HTTP response [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2448487
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-cc129df978' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new

[SECURITY] Fedora 43 Update: php-phpseclib-2.0.52-1.fc43

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-d1feefa819
2026-03-28 00:45:01.878008+00:00
--------------------------------------------------------------------------------

Name : php-phpseclib
Product : Fedora 43
Version : 2.0.52
Release : 1.fc43
URL : https://github.com/phpseclib/phpseclib
Summary : PHP Secure Communications Library
Description :
MIT-licensed pure-PHP implementations of an arbitrary-precision integer
arithmetic library, fully PKCS#1 (v2.1) compliant RSA, DES, 3DES, RC4,
Rijndael, AES, Blowfish, Twofish, SSH-1, SSH-2, SFTP, and X.509

--------------------------------------------------------------------------------
Update Information:

Update to v2.0.52
--------------------------------------------------------------------------------
ChangeLog:

* Thu Mar 19 2026 Artur Frenszek-Iwicki [fedora@svgames.pl] - 2.0.52-1
- Update to v2.0.52
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2449636 - CVE-2026-32935 php-phpseclib: phpseclib: Information disclosure via padding oracle timing attack when using AES in CBC mode [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2449636
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-d1feefa819' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new

[SECURITY] Fedora 43 Update: python-uv-build-0.10.12-1.fc43

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-d18cf572b8
2026-03-28 00:45:01.877972+00:00
--------------------------------------------------------------------------------

Name : python-uv-build
Product : Fedora 43
Version : 0.10.12
Release : 1.fc43
URL : https://pypi.org/project/uv-build
Summary : The uv build backend
Description :

This package is a slimmed down version of uv containing only the build
backend.

--------------------------------------------------------------------------------
Update Information:

Update rust-astral-tokio-tar to 0.6.0, fixing CVE-2026-32766. Update rust-tar to
0.4.45, fixing CVE-2026-33056. Update rust-nix to 0.31.2. Update uv and python-
uv-build to 0.10.2, rebuilding them with the latest rust-astral-tokio-tar and
rust-tar. Update python-fastar to 0.9.0, rebuilding it with the lastest rust-
tar. Rebuild maturin with the latest rust-tar.
Update to 0.9.0
--------------------------------------------------------------------------------
ChangeLog:

* Fri Mar 20 2026 Benjamin A. Beasley [code@musicinmybrain.net] - 0.10.12-1
- Update to 0.10.12 (close RHBZ#2449338)
* Tue Mar 17 2026 Benjamin A. Beasley [code@musicinmybrain.net] - 0.10.11-1
- Update to 0.10.11 (close RHBZ#2448298)
* Sun Mar 15 2026 Benjamin A. Beasley [code@musicinmybrain.net] - 0.10.10-1
- Update to 0.10.10 (close RHBZ#2447539)
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2448054 - rust-astral-tokio-tar-0.6.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2448054
[ 2 ] Bug #2449243 - uv-0.10.12 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2449243
[ 3 ] Bug #2449274 - rust-tar-0.4.45 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2449274
[ 4 ] Bug #2449338 - python-uv-build-0.10.12 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2449338
[ 5 ] Bug #2449551 - CVE-2026-32766 python-uv-build: astral-tokio-tar: Potential archive misinterpretation via malformed PAX extensions [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2449551
[ 6 ] Bug #2449553 - CVE-2026-32766 uv: astral-tokio-tar: Potential archive misinterpretation via malformed PAX extensions [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2449553
[ 7 ] Bug #2449645 - python-fastar-0.9.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2449645
[ 8 ] Bug #2449681 - CVE-2026-33056 maturin: tar-rs: Arbitrary directory permission modification via crafted tar archive [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2449681
[ 9 ] Bug #2449683 - CVE-2026-33056 python-fastar: tar-rs: Arbitrary directory permission modification via crafted tar archive [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2449683
[ 10 ] Bug #2449684 - CVE-2026-33056 python-uv-build: tar-rs: Arbitrary directory permission modification via crafted tar archive [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2449684
[ 11 ] Bug #2449694 - CVE-2026-33056 uv: tar-rs: Arbitrary directory permission modification via crafted tar archive [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2449694
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-d18cf572b8' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new

[SECURITY] Fedora 43 Update: roundcubemail-1.6.14-1.fc43

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-2decd38070
2026-03-28 00:45:01.878001+00:00
--------------------------------------------------------------------------------

Name : roundcubemail
Product : Fedora 43
Version : 1.6.14
Release : 1.fc43
URL : http://www.roundcube.net
Summary : Round Cube Webmail is a browser-based multilingual IMAP client
Description :
RoundCube Webmail is a browser-based multilingual IMAP client
with an application-like user interface. It provides full
functionality you expect from an e-mail client, including MIME
support, address book, folder manipulation, message searching
and spell checking. RoundCube Webmail is written in PHP and
requires a database: MySQL, PostgreSQL and SQLite are known to
work. The user interface is fully skinnable using XHTML and
CSS 2.

--------------------------------------------------------------------------------
Update Information:

Version 1.6.14
Fix Postgres connection using IPv6 address (#10104)
Security: Fix pre-auth arbitrary file write via unsafe deserialization in
redis/memcache session handler
Security: Fix bug where a password could get changed without providing the old
password
Security: Fix IMAP Injection + CSRF bypass in mail search
Security: Fix remote image blocking bypass via various SVG animate attributes
Security: Fix remote image blocking bypass via a crafted body background
attribute
Security: Fix fixed position mitigation bypass via use of !important
Security: Fix XSS issue in a HTML attachment preview
Security: Fix SSRF + Information Disclosure via stylesheet links to a local
network hosts
--------------------------------------------------------------------------------
ChangeLog:

* Wed Mar 18 2026 Remi Collet [remi@remirepo.net] - 1.6.14-1
- update to 1.5.14
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-2decd38070' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new

[SECURITY] Fedora 43 Update: rust-tar-0.4.45-1.fc43

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-d18cf572b8
2026-03-28 00:45:01.877972+00:00
--------------------------------------------------------------------------------

Name : rust-tar
Product : Fedora 43
Version : 0.4.45
Release : 1.fc43
URL : https://crates.io/crates/tar
Summary : Rust implementation of a TAR file reader and writer
Description :
A Rust implementation of a TAR file reader and writer. This library does
not currently handle compression, but it is abstract over all I/O
readers and writers. Additionally, great lengths are taken to ensure
that the entire contents are never required to be entirely resident in
memory all at once.

--------------------------------------------------------------------------------
Update Information:

Update rust-astral-tokio-tar to 0.6.0, fixing CVE-2026-32766. Update rust-tar to
0.4.45, fixing CVE-2026-33056. Update rust-nix to 0.31.2. Update uv and python-
uv-build to 0.10.2, rebuilding them with the latest rust-astral-tokio-tar and
rust-tar. Update python-fastar to 0.9.0, rebuilding it with the lastest rust-
tar. Rebuild maturin with the latest rust-tar.
Update to 0.9.0
--------------------------------------------------------------------------------
ChangeLog:

* Fri Mar 20 2026 Benjamin A. Beasley [code@musicinmybrain.net] - 0.4.45-1
- Update to version 0.4.45; Fixes RHBZ#2449274
* Sat Jan 17 2026 Fedora Release Engineering [releng@fedoraproject.org] - 0.4.44-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2448054 - rust-astral-tokio-tar-0.6.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2448054
[ 2 ] Bug #2449243 - uv-0.10.12 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2449243
[ 3 ] Bug #2449274 - rust-tar-0.4.45 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2449274
[ 4 ] Bug #2449338 - python-uv-build-0.10.12 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2449338
[ 5 ] Bug #2449551 - CVE-2026-32766 python-uv-build: astral-tokio-tar: Potential archive misinterpretation via malformed PAX extensions [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2449551
[ 6 ] Bug #2449553 - CVE-2026-32766 uv: astral-tokio-tar: Potential archive misinterpretation via malformed PAX extensions [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2449553
[ 7 ] Bug #2449645 - python-fastar-0.9.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2449645
[ 8 ] Bug #2449681 - CVE-2026-33056 maturin: tar-rs: Arbitrary directory permission modification via crafted tar archive [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2449681
[ 9 ] Bug #2449683 - CVE-2026-33056 python-fastar: tar-rs: Arbitrary directory permission modification via crafted tar archive [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2449683
[ 10 ] Bug #2449684 - CVE-2026-33056 python-uv-build: tar-rs: Arbitrary directory permission modification via crafted tar archive [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2449684
[ 11 ] Bug #2449694 - CVE-2026-33056 uv: tar-rs: Arbitrary directory permission modification via crafted tar archive [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2449694
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-d18cf572b8' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new

[SECURITY] Fedora 43 Update: rust-astral-tokio-tar-0.6.0-1.fc43

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-d18cf572b8
2026-03-28 00:45:01.877972+00:00
--------------------------------------------------------------------------------

Name : rust-astral-tokio-tar
Product : Fedora 43
Version : 0.6.0
Release : 1.fc43
URL : https://crates.io/crates/astral-tokio-tar
Summary : Rust implementation of an async TAR file reader and writer
Description :
A Rust implementation of an async TAR file reader and writer. This
library does not currently handle compression, but it is abstract over
all I/O readers and writers. Additionally, great lengths are taken to
ensure that the entire contents are never required to be entirely
resident in memory all at once.

--------------------------------------------------------------------------------
Update Information:

Update rust-astral-tokio-tar to 0.6.0, fixing CVE-2026-32766. Update rust-tar to
0.4.45, fixing CVE-2026-33056. Update rust-nix to 0.31.2. Update uv and python-
uv-build to 0.10.2, rebuilding them with the latest rust-astral-tokio-tar and
rust-tar. Update python-fastar to 0.9.0, rebuilding it with the lastest rust-
tar. Rebuild maturin with the latest rust-tar.
Update to 0.9.0
--------------------------------------------------------------------------------
ChangeLog:

* Mon Mar 16 2026 Benjamin A. Beasley [code@musicinmybrain.net] - 0.6.0-1
- Update to version 0.6.0; Fixes RHBZ#2448054
* Sat Jan 17 2026 Fedora Release Engineering [releng@fedoraproject.org] - 0.5.6-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2448054 - rust-astral-tokio-tar-0.6.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2448054
[ 2 ] Bug #2449243 - uv-0.10.12 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2449243
[ 3 ] Bug #2449274 - rust-tar-0.4.45 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2449274
[ 4 ] Bug #2449338 - python-uv-build-0.10.12 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2449338
[ 5 ] Bug #2449551 - CVE-2026-32766 python-uv-build: astral-tokio-tar: Potential archive misinterpretation via malformed PAX extensions [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2449551
[ 6 ] Bug #2449553 - CVE-2026-32766 uv: astral-tokio-tar: Potential archive misinterpretation via malformed PAX extensions [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2449553
[ 7 ] Bug #2449645 - python-fastar-0.9.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2449645
[ 8 ] Bug #2449681 - CVE-2026-33056 maturin: tar-rs: Arbitrary directory permission modification via crafted tar archive [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2449681
[ 9 ] Bug #2449683 - CVE-2026-33056 python-fastar: tar-rs: Arbitrary directory permission modification via crafted tar archive [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2449683
[ 10 ] Bug #2449684 - CVE-2026-33056 python-uv-build: tar-rs: Arbitrary directory permission modification via crafted tar archive [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2449684
[ 11 ] Bug #2449694 - CVE-2026-33056 uv: tar-rs: Arbitrary directory permission modification via crafted tar archive [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2449694
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-d18cf572b8' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new

[SECURITY] Fedora 43 Update: suricata-7.0.15-1.fc43

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-03583f302f
2026-03-28 00:45:01.877997+00:00
--------------------------------------------------------------------------------

Name : suricata
Product : Fedora 43
Version : 7.0.15
Release : 1.fc43
URL : https://suricata.io/
Summary : Intrusion Detection System
Description :
The Suricata Engine is an Open Source Next Generation Intrusion
Detection and Prevention Engine. This engine is not intended to
just replace or emulate the existing tools in the industry, but
will bring new ideas and technologies to the field. This new Engine
supports Multi-threading, Automatic Protocol Detection (IP, TCP,
UDP, ICMP, HTTP, TLS, FTP and SMB! ), Gzip Decompression, Fast IP
Matching, and GeoIP identification.

--------------------------------------------------------------------------------
Update Information:

Upstream security/bugfix release
--------------------------------------------------------------------------------
ChangeLog:

* Wed Mar 18 2026 Jason Taylor [jtfas90@proton.me] 7.0.15-1
- Upstream bugfix/security release
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-03583f302f' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new

[SECURITY] Fedora 43 Update: python-fastar-0.9.0-2.fc43

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-d18cf572b8
2026-03-28 00:45:01.877972+00:00
--------------------------------------------------------------------------------

Name : python-fastar
Product : Fedora 43
Version : 0.9.0
Release : 2.fc43
URL : https://github.com/DoctorJohn/fastar
Summary : High-level bindings for the Rust tar crate
Description :
The fastar library wraps the Rust tar, flate2, and zstd crates, providing a
high-performance way to work with compressed and uncompressed tar archives in
Python.

--------------------------------------------------------------------------------
Update Information:

Update rust-astral-tokio-tar to 0.6.0, fixing CVE-2026-32766. Update rust-tar to
0.4.45, fixing CVE-2026-33056. Update rust-nix to 0.31.2. Update uv and python-
uv-build to 0.10.2, rebuilding them with the latest rust-astral-tokio-tar and
rust-tar. Update python-fastar to 0.9.0, rebuilding it with the lastest rust-
tar. Rebuild maturin with the latest rust-tar.
Update to 0.9.0
--------------------------------------------------------------------------------
ChangeLog:

* Sat Mar 21 2026 Benjamin A. Beasley [code@musicinmybrain.net] - 0.9.0-2
- Rebuilt with rust-tar 0.4.45 for CVE-2026-33056
* Fri Mar 20 2026 Benjamin A. Beasley [code@musicinmybrain.net] - 0.9.0-1
- Update to 0.9.0 (close RHBZ#2449645)
* Fri Mar 20 2026 Benjamin A. Beasley [code@musicinmybrain.net] - 0.8.0-3
- Allow PyO3 0.28
* Sat Jan 17 2026 Fedora Release Engineering [releng@fedoraproject.org] - 0.8.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2448054 - rust-astral-tokio-tar-0.6.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2448054
[ 2 ] Bug #2449243 - uv-0.10.12 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2449243
[ 3 ] Bug #2449274 - rust-tar-0.4.45 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2449274
[ 4 ] Bug #2449338 - python-uv-build-0.10.12 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2449338
[ 5 ] Bug #2449551 - CVE-2026-32766 python-uv-build: astral-tokio-tar: Potential archive misinterpretation via malformed PAX extensions [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2449551
[ 6 ] Bug #2449553 - CVE-2026-32766 uv: astral-tokio-tar: Potential archive misinterpretation via malformed PAX extensions [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2449553
[ 7 ] Bug #2449645 - python-fastar-0.9.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2449645
[ 8 ] Bug #2449681 - CVE-2026-33056 maturin: tar-rs: Arbitrary directory permission modification via crafted tar archive [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2449681
[ 9 ] Bug #2449683 - CVE-2026-33056 python-fastar: tar-rs: Arbitrary directory permission modification via crafted tar archive [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2449683
[ 10 ] Bug #2449684 - CVE-2026-33056 python-uv-build: tar-rs: Arbitrary directory permission modification via crafted tar archive [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2449684
[ 11 ] Bug #2449694 - CVE-2026-33056 uv: tar-rs: Arbitrary directory permission modification via crafted tar archive [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2449694
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-d18cf572b8' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new

[SECURITY] Fedora 43 Update: uv-0.10.12-1.fc43

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-d18cf572b8
2026-03-28 00:45:01.877972+00:00
--------------------------------------------------------------------------------

Name : uv
Product : Fedora 43
Version : 0.10.12
Release : 1.fc43
URL : https://github.com/astral-sh/uv
Summary : An extremely fast Python package installer and resolver, written in Rust
Description :
An extremely fast Python package and project manager, written in Rust.

Highlights:

??? A single tool to replace pip, pip-tools, pipx, poetry, pyenv, twine,
virtualenv, and more.
??? 10-100x faster than pip.
??? Provides comprehensive project management, with a universal lockfile.
??? Runs scripts, with support for inline dependency metadata.
??? Installs and manages Python versions.
??? Runs and installs tools published as Python packages.
??? Includes a pip-compatible interface for a performance boost with a familiar
CLI.
??? Supports Cargo-style workspaces for scalable projects.
??? Disk-space efficient, with a global cache for dependency deduplication.

--------------------------------------------------------------------------------
Update Information:

Update rust-astral-tokio-tar to 0.6.0, fixing CVE-2026-32766. Update rust-tar to
0.4.45, fixing CVE-2026-33056. Update rust-nix to 0.31.2. Update uv and python-
uv-build to 0.10.2, rebuilding them with the latest rust-astral-tokio-tar and
rust-tar. Update python-fastar to 0.9.0, rebuilding it with the lastest rust-
tar. Rebuild maturin with the latest rust-tar.
Update to 0.9.0
--------------------------------------------------------------------------------
ChangeLog:

* Fri Mar 20 2026 Benjamin A. Beasley [code@musicinmybrain.net] - 0.10.12-1
- Update to 0.10.12 (close RHBZ#2449243)
* Tue Mar 17 2026 Benjamin A. Beasley [code@musicinmybrain.net] - 0.10.11-1
- Update to 0.10.11 (close RHBZ#2448300)
* Sun Mar 15 2026 Benjamin A. Beasley [code@musicinmybrain.net] - 0.10.10-1
- Update to 0.10.10 (close RHBZ#2447540)
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2448054 - rust-astral-tokio-tar-0.6.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2448054
[ 2 ] Bug #2449243 - uv-0.10.12 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2449243
[ 3 ] Bug #2449274 - rust-tar-0.4.45 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2449274
[ 4 ] Bug #2449338 - python-uv-build-0.10.12 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2449338
[ 5 ] Bug #2449551 - CVE-2026-32766 python-uv-build: astral-tokio-tar: Potential archive misinterpretation via malformed PAX extensions [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2449551
[ 6 ] Bug #2449553 - CVE-2026-32766 uv: astral-tokio-tar: Potential archive misinterpretation via malformed PAX extensions [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2449553
[ 7 ] Bug #2449645 - python-fastar-0.9.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2449645
[ 8 ] Bug #2449681 - CVE-2026-33056 maturin: tar-rs: Arbitrary directory permission modification via crafted tar archive [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2449681
[ 9 ] Bug #2449683 - CVE-2026-33056 python-fastar: tar-rs: Arbitrary directory permission modification via crafted tar archive [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2449683
[ 10 ] Bug #2449684 - CVE-2026-33056 python-uv-build: tar-rs: Arbitrary directory permission modification via crafted tar archive [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2449684
[ 11 ] Bug #2449694 - CVE-2026-33056 uv: tar-rs: Arbitrary directory permission modification via crafted tar archive [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2449694
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-d18cf572b8' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

[SECURITY] Fedora 43 Update: rust-nix-0.31.2-1.fc43

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-d18cf572b8
2026-03-28 00:45:01.877972+00:00
--------------------------------------------------------------------------------

Name : rust-nix
Product : Fedora 43
Version : 0.31.2
Release : 1.fc43
URL : https://crates.io/crates/nix
Summary : Rust friendly bindings to *nix APIs
Description :
Rust friendly bindings to *nix APIs.

--------------------------------------------------------------------------------
Update Information:

Update rust-astral-tokio-tar to 0.6.0, fixing CVE-2026-32766. Update rust-tar to
0.4.45, fixing CVE-2026-33056. Update rust-nix to 0.31.2. Update uv and python-
uv-build to 0.10.2, rebuilding them with the latest rust-astral-tokio-tar and
rust-tar. Update python-fastar to 0.9.0, rebuilding it with the lastest rust-
tar. Rebuild maturin with the latest rust-tar.
Update to 0.9.0
--------------------------------------------------------------------------------
ChangeLog:

* Tue Mar 17 2026 Benjamin A. Beasley [code@musicinmybrain.net] - 0.31.2-1
- Update to verison 0.31.2; Fixes RHBZ#2443509
* Thu Feb 12 2026 Fabio Valentini [decathorpe@gmail.com] - 0.31.1-2
- Skip one additional test that fails on RHEL 9
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2448054 - rust-astral-tokio-tar-0.6.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2448054
[ 2 ] Bug #2449243 - uv-0.10.12 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2449243
[ 3 ] Bug #2449274 - rust-tar-0.4.45 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2449274
[ 4 ] Bug #2449338 - python-uv-build-0.10.12 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2449338
[ 5 ] Bug #2449551 - CVE-2026-32766 python-uv-build: astral-tokio-tar: Potential archive misinterpretation via malformed PAX extensions [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2449551
[ 6 ] Bug #2449553 - CVE-2026-32766 uv: astral-tokio-tar: Potential archive misinterpretation via malformed PAX extensions [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2449553
[ 7 ] Bug #2449645 - python-fastar-0.9.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2449645
[ 8 ] Bug #2449681 - CVE-2026-33056 maturin: tar-rs: Arbitrary directory permission modification via crafted tar archive [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2449681
[ 9 ] Bug #2449683 - CVE-2026-33056 python-fastar: tar-rs: Arbitrary directory permission modification via crafted tar archive [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2449683
[ 10 ] Bug #2449684 - CVE-2026-33056 python-uv-build: tar-rs: Arbitrary directory permission modification via crafted tar archive [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2449684
[ 11 ] Bug #2449694 - CVE-2026-33056 uv: tar-rs: Arbitrary directory permission modification via crafted tar archive [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2449694
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-d18cf572b8' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new

[SECURITY] Fedora 43 Update: maturin-1.9.6-5.fc43

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-d18cf572b8
2026-03-28 00:45:01.877972+00:00
--------------------------------------------------------------------------------

Name : maturin
Product : Fedora 43
Version : 1.9.6
Release : 5.fc43
URL : https://github.com/PyO3/maturin
Summary : Build and publish Rust crates as Python packages
Description :
Build and publish crates with pyo3, rust-cpython and cffi bindings as
well as rust binaries as python packages.

--------------------------------------------------------------------------------
Update Information:

Update rust-astral-tokio-tar to 0.6.0, fixing CVE-2026-32766. Update rust-tar to
0.4.45, fixing CVE-2026-33056. Update rust-nix to 0.31.2. Update uv and python-
uv-build to 0.10.2, rebuilding them with the latest rust-astral-tokio-tar and
rust-tar. Update python-fastar to 0.9.0, rebuilding it with the lastest rust-
tar. Rebuild maturin with the latest rust-tar.
Update to 0.9.0
--------------------------------------------------------------------------------
ChangeLog:

* Sat Mar 21 2026 Benjamin A. Beasley [code@musicinmybrain.net] - 1.9.6-5
- Rebuilt with rust-tar 0.4.45 for CVE-2026-33056
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2448054 - rust-astral-tokio-tar-0.6.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2448054
[ 2 ] Bug #2449243 - uv-0.10.12 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2449243
[ 3 ] Bug #2449274 - rust-tar-0.4.45 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2449274
[ 4 ] Bug #2449338 - python-uv-build-0.10.12 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2449338
[ 5 ] Bug #2449551 - CVE-2026-32766 python-uv-build: astral-tokio-tar: Potential archive misinterpretation via malformed PAX extensions [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2449551
[ 6 ] Bug #2449553 - CVE-2026-32766 uv: astral-tokio-tar: Potential archive misinterpretation via malformed PAX extensions [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2449553
[ 7 ] Bug #2449645 - python-fastar-0.9.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2449645
[ 8 ] Bug #2449681 - CVE-2026-33056 maturin: tar-rs: Arbitrary directory permission modification via crafted tar archive [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2449681
[ 9 ] Bug #2449683 - CVE-2026-33056 python-fastar: tar-rs: Arbitrary directory permission modification via crafted tar archive [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2449683
[ 10 ] Bug #2449684 - CVE-2026-33056 python-uv-build: tar-rs: Arbitrary directory permission modification via crafted tar archive [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2449684
[ 11 ] Bug #2449694 - CVE-2026-33056 uv: tar-rs: Arbitrary directory permission modification via crafted tar archive [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2449694
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-d18cf572b8' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new

[SECURITY] Fedora 44 Update: uv-0.11.2-1.fc44

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-b8b59dcf44
2026-03-28 00:15:26.019955+00:00
--------------------------------------------------------------------------------

Name : uv
Product : Fedora 44
Version : 0.11.2
Release : 1.fc44
URL : https://github.com/astral-sh/uv
Summary : An extremely fast Python package installer and resolver, written in Rust
Description :
An extremely fast Python package and project manager, written in Rust.

Highlights:

??? A single tool to replace pip, pip-tools, pipx, poetry, pyenv, twine,
virtualenv, and more.
??? 10-100x faster than pip.
??? Provides comprehensive project management, with a universal lockfile.
??? Runs scripts, with support for inline dependency metadata.
??? Installs and manages Python versions.
??? Runs and installs tools published as Python packages.
??? Includes a pip-compatible interface for a performance boost with a familiar
CLI.
??? Supports Cargo-style workspaces for scalable projects.
??? Disk-space efficient, with a global cache for dependency deduplication.

--------------------------------------------------------------------------------
Update Information:

Update uv and python-uv-build to 0.11.2. Version 0.11 includes changes to the
networking stack used by uv. While its developers think that breakage will be
rare, it is possible that these changes will result in the rejection of
certificates previously trusted by uv so, they have marked the change as
breaking out of an abundance of caution. The changes are largely driven by the
upgrade of reqwest, which powers uv's HTTP clients, to v0.13, which included
some breaking changes to TLS certificate verification. This update also includes
updates for several of uv???s Rust library dependencies.
Update rust-openssl-probe to 0.2.1, including breaking changes introduced in
0.2.0, and introduce a new rust-openssl-probe0.1 compat package.
Update rust-rustls-native-certs to 0.8.3, now using openssl-probe 0.2.
Update rust-native-tls to 0.2.18. Version 0.2.16 added TLS 1.3 as an option,
added stack_from_pem, and upgraded openssl-probe to 0.2. Version 0.2.17 added
support for ALPN on the server side. Version 0.2.18 fixed min/max protocol
selection fallback for very old OpenSSL versions.
Add an initial package for rust-webpki-root-certs.
--------------------------------------------------------------------------------
ChangeLog:

* Fri Mar 27 2026 Benjamin A. Beasley [code@musicinmybrain.net] - 0.11.2-1
- Update to 0.11.2 (close RHBZ#2450582)
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2425802 - rust-openssl-probe-0.2.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2425802
[ 2 ] Bug #2425819 - rust-rustls-native-certs-0.8.3 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2425819
[ 3 ] Bug #2432768 - rust-reqsign-aliyun-oss-3.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2432768
[ 4 ] Bug #2432769 - rust-reqsign-core-3.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2432769
[ 5 ] Bug #2432770 - rust-reqsign-0.20.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2432770
[ 6 ] Bug #2432771 - rust-reqsign-azure-storage-3.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2432771
[ 7 ] Bug #2432772 - rust-reqsign-http-send-reqwest-4.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2432772
[ 8 ] Bug #2432773 - rust-reqsign-google-3.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2432773
[ 9 ] Bug #2432774 - rust-reqsign-file-read-tokio-3.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2432774
[ 10 ] Bug #2432775 - rust-reqsign-command-execute-tokio-3.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2432775
[ 11 ] Bug #2432776 - rust-reqsign-aws-v4-3.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2432776
[ 12 ] Bug #2432777 - rust-reqsign-huaweicloud-obs-3.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2432777
[ 13 ] Bug #2432779 - rust-reqsign-tencent-cos-3.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2432779
[ 14 ] Bug #2436289 - rust-ambient-id-0.0.11 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2436289
[ 15 ] Bug #2437941 - rust-astral-reqwest-middleware-0.5.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2437941
[ 16 ] Bug #2437942 - rust-astral-reqwest-retry-0.9.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2437942
[ 17 ] Bug #2437976 - rust-astral_async_http_range_reader-0.10.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2437976
[ 18 ] Bug #2439752 - rust-native-tls-0.2.18 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2439752
[ 19 ] Bug #2450541 - python-uv-build-0.11.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2450541
[ 20 ] Bug #2450582 - uv-0.11.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2450582
[ 21 ] Bug #2451103 - Review Request: rust-webpki-root-certs - Mozilla trusted certificate authorities in self-signed X.509 format
https://bugzilla.redhat.com/show_bug.cgi?id=2451103
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-b8b59dcf44' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

[SECURITY] Fedora 44 Update: rust-reqsign-tencent-cos-3.0.0-1.fc44

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-b8b59dcf44
2026-03-28 00:15:26.019955+00:00
--------------------------------------------------------------------------------

Name : rust-reqsign-tencent-cos
Product : Fedora 44
Version : 3.0.0
Release : 1.fc44
URL : https://crates.io/crates/reqsign-tencent-cos
Summary : Tencent Cloud COS signing implementation for reqsign
Description :
Tencent Cloud COS signing implementation for reqsign.

--------------------------------------------------------------------------------
Update Information:

Update uv and python-uv-build to 0.11.2. Version 0.11 includes changes to the
networking stack used by uv. While its developers think that breakage will be
rare, it is possible that these changes will result in the rejection of
certificates previously trusted by uv so, they have marked the change as
breaking out of an abundance of caution. The changes are largely driven by the
upgrade of reqwest, which powers uv's HTTP clients, to v0.13, which included
some breaking changes to TLS certificate verification. This update also includes
updates for several of uv???s Rust library dependencies.
Update rust-openssl-probe to 0.2.1, including breaking changes introduced in
0.2.0, and introduce a new rust-openssl-probe0.1 compat package.
Update rust-rustls-native-certs to 0.8.3, now using openssl-probe 0.2.
Update rust-native-tls to 0.2.18. Version 0.2.16 added TLS 1.3 as an option,
added stack_from_pem, and upgraded openssl-probe to 0.2. Version 0.2.17 added
support for ALPN on the server side. Version 0.2.18 fixed min/max protocol
selection fallback for very old OpenSSL versions.
Add an initial package for rust-webpki-root-certs.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Mar 24 2026 Benjamin A. Beasley [code@musicinmybrain.net] - 3.0.0-1
- Update to version 3.0.0; Fixes RHBZ#2432779
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2425802 - rust-openssl-probe-0.2.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2425802
[ 2 ] Bug #2425819 - rust-rustls-native-certs-0.8.3 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2425819
[ 3 ] Bug #2432768 - rust-reqsign-aliyun-oss-3.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2432768
[ 4 ] Bug #2432769 - rust-reqsign-core-3.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2432769
[ 5 ] Bug #2432770 - rust-reqsign-0.20.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2432770
[ 6 ] Bug #2432771 - rust-reqsign-azure-storage-3.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2432771
[ 7 ] Bug #2432772 - rust-reqsign-http-send-reqwest-4.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2432772
[ 8 ] Bug #2432773 - rust-reqsign-google-3.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2432773
[ 9 ] Bug #2432774 - rust-reqsign-file-read-tokio-3.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2432774
[ 10 ] Bug #2432775 - rust-reqsign-command-execute-tokio-3.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2432775
[ 11 ] Bug #2432776 - rust-reqsign-aws-v4-3.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2432776
[ 12 ] Bug #2432777 - rust-reqsign-huaweicloud-obs-3.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2432777
[ 13 ] Bug #2432779 - rust-reqsign-tencent-cos-3.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2432779
[ 14 ] Bug #2436289 - rust-ambient-id-0.0.11 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2436289
[ 15 ] Bug #2437941 - rust-astral-reqwest-middleware-0.5.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2437941
[ 16 ] Bug #2437942 - rust-astral-reqwest-retry-0.9.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2437942
[ 17 ] Bug #2437976 - rust-astral_async_http_range_reader-0.10.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2437976
[ 18 ] Bug #2439752 - rust-native-tls-0.2.18 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2439752
[ 19 ] Bug #2450541 - python-uv-build-0.11.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2450541
[ 20 ] Bug #2450582 - uv-0.11.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2450582
[ 21 ] Bug #2451103 - Review Request: rust-webpki-root-certs - Mozilla trusted certificate authorities in self-signed X.509 format
https://bugzilla.redhat.com/show_bug.cgi?id=2451103
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-b8b59dcf44' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

[SECURITY] Fedora 44 Update: rust-reqsign-huaweicloud-obs-3.0.0-1.fc44

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-b8b59dcf44
2026-03-28 00:15:26.019955+00:00
--------------------------------------------------------------------------------

Name : rust-reqsign-huaweicloud-obs
Product : Fedora 44
Version : 3.0.0
Release : 1.fc44
URL : https://crates.io/crates/reqsign-huaweicloud-obs
Summary : Huawei Cloud OBS signing implementation for reqsign
Description :
Huawei Cloud OBS signing implementation for reqsign.

--------------------------------------------------------------------------------
Update Information:

Update uv and python-uv-build to 0.11.2. Version 0.11 includes changes to the
networking stack used by uv. While its developers think that breakage will be
rare, it is possible that these changes will result in the rejection of
certificates previously trusted by uv so, they have marked the change as
breaking out of an abundance of caution. The changes are largely driven by the
upgrade of reqwest, which powers uv's HTTP clients, to v0.13, which included
some breaking changes to TLS certificate verification. This update also includes
updates for several of uv???s Rust library dependencies.
Update rust-openssl-probe to 0.2.1, including breaking changes introduced in
0.2.0, and introduce a new rust-openssl-probe0.1 compat package.
Update rust-rustls-native-certs to 0.8.3, now using openssl-probe 0.2.
Update rust-native-tls to 0.2.18. Version 0.2.16 added TLS 1.3 as an option,
added stack_from_pem, and upgraded openssl-probe to 0.2. Version 0.2.17 added
support for ALPN on the server side. Version 0.2.18 fixed min/max protocol
selection fallback for very old OpenSSL versions.
Add an initial package for rust-webpki-root-certs.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Mar 24 2026 Benjamin A. Beasley [code@musicinmybrain.net] - 3.0.0-1
- Update to version 3.0.0; Fixes RHBZ#2432777
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2425802 - rust-openssl-probe-0.2.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2425802
[ 2 ] Bug #2425819 - rust-rustls-native-certs-0.8.3 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2425819
[ 3 ] Bug #2432768 - rust-reqsign-aliyun-oss-3.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2432768
[ 4 ] Bug #2432769 - rust-reqsign-core-3.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2432769
[ 5 ] Bug #2432770 - rust-reqsign-0.20.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2432770
[ 6 ] Bug #2432771 - rust-reqsign-azure-storage-3.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2432771
[ 7 ] Bug #2432772 - rust-reqsign-http-send-reqwest-4.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2432772
[ 8 ] Bug #2432773 - rust-reqsign-google-3.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2432773
[ 9 ] Bug #2432774 - rust-reqsign-file-read-tokio-3.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2432774
[ 10 ] Bug #2432775 - rust-reqsign-command-execute-tokio-3.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2432775
[ 11 ] Bug #2432776 - rust-reqsign-aws-v4-3.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2432776
[ 12 ] Bug #2432777 - rust-reqsign-huaweicloud-obs-3.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2432777
[ 13 ] Bug #2432779 - rust-reqsign-tencent-cos-3.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2432779
[ 14 ] Bug #2436289 - rust-ambient-id-0.0.11 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2436289
[ 15 ] Bug #2437941 - rust-astral-reqwest-middleware-0.5.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2437941
[ 16 ] Bug #2437942 - rust-astral-reqwest-retry-0.9.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2437942
[ 17 ] Bug #2437976 - rust-astral_async_http_range_reader-0.10.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2437976
[ 18 ] Bug #2439752 - rust-native-tls-0.2.18 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2439752
[ 19 ] Bug #2450541 - python-uv-build-0.11.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2450541
[ 20 ] Bug #2450582 - uv-0.11.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2450582
[ 21 ] Bug #2451103 - Review Request: rust-webpki-root-certs - Mozilla trusted certificate authorities in self-signed X.509 format
https://bugzilla.redhat.com/show_bug.cgi?id=2451103
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-b8b59dcf44' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

[SECURITY] Fedora 44 Update: rust-reqsign-file-read-tokio-3.0.0-1.fc44

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-b8b59dcf44
2026-03-28 00:15:26.019955+00:00
--------------------------------------------------------------------------------

Name : rust-reqsign-file-read-tokio
Product : Fedora 44
Version : 3.0.0
Release : 1.fc44
URL : https://crates.io/crates/reqsign-file-read-tokio
Summary : Tokio-based file reader implementation for reqsign
Description :
Tokio-based file reader implementation for reqsign.

--------------------------------------------------------------------------------
Update Information:

Update uv and python-uv-build to 0.11.2. Version 0.11 includes changes to the
networking stack used by uv. While its developers think that breakage will be
rare, it is possible that these changes will result in the rejection of
certificates previously trusted by uv so, they have marked the change as
breaking out of an abundance of caution. The changes are largely driven by the
upgrade of reqwest, which powers uv's HTTP clients, to v0.13, which included
some breaking changes to TLS certificate verification. This update also includes
updates for several of uv???s Rust library dependencies.
Update rust-openssl-probe to 0.2.1, including breaking changes introduced in
0.2.0, and introduce a new rust-openssl-probe0.1 compat package.
Update rust-rustls-native-certs to 0.8.3, now using openssl-probe 0.2.
Update rust-native-tls to 0.2.18. Version 0.2.16 added TLS 1.3 as an option,
added stack_from_pem, and upgraded openssl-probe to 0.2. Version 0.2.17 added
support for ALPN on the server side. Version 0.2.18 fixed min/max protocol
selection fallback for very old OpenSSL versions.
Add an initial package for rust-webpki-root-certs.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Mar 24 2026 Benjamin A. Beasley [code@musicinmybrain.net] - 3.0.0-1
- Update to version 3.0.0; Fixes RHBZ#2432774
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2425802 - rust-openssl-probe-0.2.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2425802
[ 2 ] Bug #2425819 - rust-rustls-native-certs-0.8.3 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2425819
[ 3 ] Bug #2432768 - rust-reqsign-aliyun-oss-3.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2432768
[ 4 ] Bug #2432769 - rust-reqsign-core-3.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2432769
[ 5 ] Bug #2432770 - rust-reqsign-0.20.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2432770
[ 6 ] Bug #2432771 - rust-reqsign-azure-storage-3.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2432771
[ 7 ] Bug #2432772 - rust-reqsign-http-send-reqwest-4.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2432772
[ 8 ] Bug #2432773 - rust-reqsign-google-3.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2432773
[ 9 ] Bug #2432774 - rust-reqsign-file-read-tokio-3.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2432774
[ 10 ] Bug #2432775 - rust-reqsign-command-execute-tokio-3.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2432775
[ 11 ] Bug #2432776 - rust-reqsign-aws-v4-3.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2432776
[ 12 ] Bug #2432777 - rust-reqsign-huaweicloud-obs-3.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2432777
[ 13 ] Bug #2432779 - rust-reqsign-tencent-cos-3.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2432779
[ 14 ] Bug #2436289 - rust-ambient-id-0.0.11 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2436289
[ 15 ] Bug #2437941 - rust-astral-reqwest-middleware-0.5.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2437941
[ 16 ] Bug #2437942 - rust-astral-reqwest-retry-0.9.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2437942
[ 17 ] Bug #2437976 - rust-astral_async_http_range_reader-0.10.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2437976
[ 18 ] Bug #2439752 - rust-native-tls-0.2.18 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2439752
[ 19 ] Bug #2450541 - python-uv-build-0.11.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2450541
[ 20 ] Bug #2450582 - uv-0.11.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2450582
[ 21 ] Bug #2451103 - Review Request: rust-webpki-root-certs - Mozilla trusted certificate authorities in self-signed X.509 format
https://bugzilla.redhat.com/show_bug.cgi?id=2451103
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-b8b59dcf44' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

[SECURITY] Fedora 44 Update: rust-reqsign-aliyun-oss-3.0.0-1.fc44

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-b8b59dcf44
2026-03-28 00:15:26.019955+00:00
--------------------------------------------------------------------------------

Name : rust-reqsign-aliyun-oss
Product : Fedora 44
Version : 3.0.0
Release : 1.fc44
URL : https://crates.io/crates/reqsign-aliyun-oss
Summary : Aliyun OSS signing implementation for reqsign
Description :
Aliyun OSS signing implementation for reqsign.

--------------------------------------------------------------------------------
Update Information:

Update uv and python-uv-build to 0.11.2. Version 0.11 includes changes to the
networking stack used by uv. While its developers think that breakage will be
rare, it is possible that these changes will result in the rejection of
certificates previously trusted by uv so, they have marked the change as
breaking out of an abundance of caution. The changes are largely driven by the
upgrade of reqwest, which powers uv's HTTP clients, to v0.13, which included
some breaking changes to TLS certificate verification. This update also includes
updates for several of uv???s Rust library dependencies.
Update rust-openssl-probe to 0.2.1, including breaking changes introduced in
0.2.0, and introduce a new rust-openssl-probe0.1 compat package.
Update rust-rustls-native-certs to 0.8.3, now using openssl-probe 0.2.
Update rust-native-tls to 0.2.18. Version 0.2.16 added TLS 1.3 as an option,
added stack_from_pem, and upgraded openssl-probe to 0.2. Version 0.2.17 added
support for ALPN on the server side. Version 0.2.18 fixed min/max protocol
selection fallback for very old OpenSSL versions.
Add an initial package for rust-webpki-root-certs.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Mar 24 2026 Benjamin A. Beasley [code@musicinmybrain.net] - 3.0.0-1
- Update to version 3.0.0; Fixes RHBZ#2432768
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2425802 - rust-openssl-probe-0.2.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2425802
[ 2 ] Bug #2425819 - rust-rustls-native-certs-0.8.3 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2425819
[ 3 ] Bug #2432768 - rust-reqsign-aliyun-oss-3.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2432768
[ 4 ] Bug #2432769 - rust-reqsign-core-3.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2432769
[ 5 ] Bug #2432770 - rust-reqsign-0.20.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2432770
[ 6 ] Bug #2432771 - rust-reqsign-azure-storage-3.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2432771
[ 7 ] Bug #2432772 - rust-reqsign-http-send-reqwest-4.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2432772
[ 8 ] Bug #2432773 - rust-reqsign-google-3.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2432773
[ 9 ] Bug #2432774 - rust-reqsign-file-read-tokio-3.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2432774
[ 10 ] Bug #2432775 - rust-reqsign-command-execute-tokio-3.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2432775
[ 11 ] Bug #2432776 - rust-reqsign-aws-v4-3.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2432776
[ 12 ] Bug #2432777 - rust-reqsign-huaweicloud-obs-3.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2432777
[ 13 ] Bug #2432779 - rust-reqsign-tencent-cos-3.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2432779
[ 14 ] Bug #2436289 - rust-ambient-id-0.0.11 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2436289
[ 15 ] Bug #2437941 - rust-astral-reqwest-middleware-0.5.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2437941
[ 16 ] Bug #2437942 - rust-astral-reqwest-retry-0.9.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2437942
[ 17 ] Bug #2437976 - rust-astral_async_http_range_reader-0.10.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2437976
[ 18 ] Bug #2439752 - rust-native-tls-0.2.18 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2439752
[ 19 ] Bug #2450541 - python-uv-build-0.11.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2450541
[ 20 ] Bug #2450582 - uv-0.11.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2450582
[ 21 ] Bug #2451103 - Review Request: rust-webpki-root-certs - Mozilla trusted certificate authorities in self-signed X.509 format
https://bugzilla.redhat.com/show_bug.cgi?id=2451103
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-b8b59dcf44' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

[SECURITY] Fedora 44 Update: rust-reqsign-command-execute-tokio-3.0.0-1.fc44

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-b8b59dcf44
2026-03-28 00:15:26.019955+00:00
--------------------------------------------------------------------------------

Name : rust-reqsign-command-execute-tokio
Product : Fedora 44
Version : 3.0.0
Release : 1.fc44
URL : https://crates.io/crates/reqsign-command-execute-tokio
Summary : Tokio-based command execution implementation for reqsign
Description :
Tokio-based command execution implementation for reqsign.

--------------------------------------------------------------------------------
Update Information:

Update uv and python-uv-build to 0.11.2. Version 0.11 includes changes to the
networking stack used by uv. While its developers think that breakage will be
rare, it is possible that these changes will result in the rejection of
certificates previously trusted by uv so, they have marked the change as
breaking out of an abundance of caution. The changes are largely driven by the
upgrade of reqwest, which powers uv's HTTP clients, to v0.13, which included
some breaking changes to TLS certificate verification. This update also includes
updates for several of uv???s Rust library dependencies.
Update rust-openssl-probe to 0.2.1, including breaking changes introduced in
0.2.0, and introduce a new rust-openssl-probe0.1 compat package.
Update rust-rustls-native-certs to 0.8.3, now using openssl-probe 0.2.
Update rust-native-tls to 0.2.18. Version 0.2.16 added TLS 1.3 as an option,
added stack_from_pem, and upgraded openssl-probe to 0.2. Version 0.2.17 added
support for ALPN on the server side. Version 0.2.18 fixed min/max protocol
selection fallback for very old OpenSSL versions.
Add an initial package for rust-webpki-root-certs.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Mar 24 2026 Benjamin A. Beasley [code@musicinmybrain.net] - 3.0.0-1
- Update to version 3.0.0; Fixes RHBZ#2432775
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2425802 - rust-openssl-probe-0.2.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2425802
[ 2 ] Bug #2425819 - rust-rustls-native-certs-0.8.3 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2425819
[ 3 ] Bug #2432768 - rust-reqsign-aliyun-oss-3.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2432768
[ 4 ] Bug #2432769 - rust-reqsign-core-3.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2432769
[ 5 ] Bug #2432770 - rust-reqsign-0.20.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2432770
[ 6 ] Bug #2432771 - rust-reqsign-azure-storage-3.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2432771
[ 7 ] Bug #2432772 - rust-reqsign-http-send-reqwest-4.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2432772
[ 8 ] Bug #2432773 - rust-reqsign-google-3.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2432773
[ 9 ] Bug #2432774 - rust-reqsign-file-read-tokio-3.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2432774
[ 10 ] Bug #2432775 - rust-reqsign-command-execute-tokio-3.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2432775
[ 11 ] Bug #2432776 - rust-reqsign-aws-v4-3.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2432776
[ 12 ] Bug #2432777 - rust-reqsign-huaweicloud-obs-3.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2432777
[ 13 ] Bug #2432779 - rust-reqsign-tencent-cos-3.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2432779
[ 14 ] Bug #2436289 - rust-ambient-id-0.0.11 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2436289
[ 15 ] Bug #2437941 - rust-astral-reqwest-middleware-0.5.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2437941
[ 16 ] Bug #2437942 - rust-astral-reqwest-retry-0.9.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2437942
[ 17 ] Bug #2437976 - rust-astral_async_http_range_reader-0.10.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2437976
[ 18 ] Bug #2439752 - rust-native-tls-0.2.18 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2439752
[ 19 ] Bug #2450541 - python-uv-build-0.11.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2450541
[ 20 ] Bug #2450582 - uv-0.11.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2450582
[ 21 ] Bug #2451103 - Review Request: rust-webpki-root-certs - Mozilla trusted certificate authorities in self-signed X.509 format
https://bugzilla.redhat.com/show_bug.cgi?id=2451103
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-b8b59dcf44' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

[SECURITY] Fedora 44 Update: rust-reqsign-azure-storage-3.0.0-1.fc44

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-b8b59dcf44
2026-03-28 00:15:26.019955+00:00
--------------------------------------------------------------------------------

Name : rust-reqsign-azure-storage
Product : Fedora 44
Version : 3.0.0
Release : 1.fc44
URL : https://crates.io/crates/reqsign-azure-storage
Summary : Azure Storage signing implementation for reqsign
Description :
Azure Storage signing implementation for reqsign.

--------------------------------------------------------------------------------
Update Information:

Update uv and python-uv-build to 0.11.2. Version 0.11 includes changes to the
networking stack used by uv. While its developers think that breakage will be
rare, it is possible that these changes will result in the rejection of
certificates previously trusted by uv so, they have marked the change as
breaking out of an abundance of caution. The changes are largely driven by the
upgrade of reqwest, which powers uv's HTTP clients, to v0.13, which included
some breaking changes to TLS certificate verification. This update also includes
updates for several of uv???s Rust library dependencies.
Update rust-openssl-probe to 0.2.1, including breaking changes introduced in
0.2.0, and introduce a new rust-openssl-probe0.1 compat package.
Update rust-rustls-native-certs to 0.8.3, now using openssl-probe 0.2.
Update rust-native-tls to 0.2.18. Version 0.2.16 added TLS 1.3 as an option,
added stack_from_pem, and upgraded openssl-probe to 0.2. Version 0.2.17 added
support for ALPN on the server side. Version 0.2.18 fixed min/max protocol
selection fallback for very old OpenSSL versions.
Add an initial package for rust-webpki-root-certs.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Mar 24 2026 Benjamin A. Beasley [code@musicinmybrain.net] - 3.0.0-1
- Update to version 3.0.0; Fixes RHBZ#2432771
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2425802 - rust-openssl-probe-0.2.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2425802
[ 2 ] Bug #2425819 - rust-rustls-native-certs-0.8.3 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2425819
[ 3 ] Bug #2432768 - rust-reqsign-aliyun-oss-3.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2432768
[ 4 ] Bug #2432769 - rust-reqsign-core-3.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2432769
[ 5 ] Bug #2432770 - rust-reqsign-0.20.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2432770
[ 6 ] Bug #2432771 - rust-reqsign-azure-storage-3.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2432771
[ 7 ] Bug #2432772 - rust-reqsign-http-send-reqwest-4.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2432772
[ 8 ] Bug #2432773 - rust-reqsign-google-3.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2432773
[ 9 ] Bug #2432774 - rust-reqsign-file-read-tokio-3.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2432774
[ 10 ] Bug #2432775 - rust-reqsign-command-execute-tokio-3.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2432775
[ 11 ] Bug #2432776 - rust-reqsign-aws-v4-3.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2432776
[ 12 ] Bug #2432777 - rust-reqsign-huaweicloud-obs-3.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2432777
[ 13 ] Bug #2432779 - rust-reqsign-tencent-cos-3.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2432779
[ 14 ] Bug #2436289 - rust-ambient-id-0.0.11 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2436289
[ 15 ] Bug #2437941 - rust-astral-reqwest-middleware-0.5.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2437941
[ 16 ] Bug #2437942 - rust-astral-reqwest-retry-0.9.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2437942
[ 17 ] Bug #2437976 - rust-astral_async_http_range_reader-0.10.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2437976
[ 18 ] Bug #2439752 - rust-native-tls-0.2.18 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2439752
[ 19 ] Bug #2450541 - python-uv-build-0.11.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2450541
[ 20 ] Bug #2450582 - uv-0.11.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2450582
[ 21 ] Bug #2451103 - Review Request: rust-webpki-root-certs - Mozilla trusted certificate authorities in self-signed X.509 format
https://bugzilla.redhat.com/show_bug.cgi?id=2451103
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-b8b59dcf44' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

[SECURITY] Fedora 44 Update: rust-reqsign-0.20.0-1.fc44

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-b8b59dcf44
2026-03-28 00:15:26.019955+00:00
--------------------------------------------------------------------------------

Name : rust-reqsign
Product : Fedora 44
Version : 0.20.0
Release : 1.fc44
URL : https://crates.io/crates/reqsign
Summary : Signing HTTP requests for popular cloud services
Description :
Signing HTTP requests for AWS, Azure, Google, Huawei, Aliyun, Tencent
and Oracle services.

--------------------------------------------------------------------------------
Update Information:

Update uv and python-uv-build to 0.11.2. Version 0.11 includes changes to the
networking stack used by uv. While its developers think that breakage will be
rare, it is possible that these changes will result in the rejection of
certificates previously trusted by uv so, they have marked the change as
breaking out of an abundance of caution. The changes are largely driven by the
upgrade of reqwest, which powers uv's HTTP clients, to v0.13, which included
some breaking changes to TLS certificate verification. This update also includes
updates for several of uv???s Rust library dependencies.
Update rust-openssl-probe to 0.2.1, including breaking changes introduced in
0.2.0, and introduce a new rust-openssl-probe0.1 compat package.
Update rust-rustls-native-certs to 0.8.3, now using openssl-probe 0.2.
Update rust-native-tls to 0.2.18. Version 0.2.16 added TLS 1.3 as an option,
added stack_from_pem, and upgraded openssl-probe to 0.2. Version 0.2.17 added
support for ALPN on the server side. Version 0.2.18 fixed min/max protocol
selection fallback for very old OpenSSL versions.
Add an initial package for rust-webpki-root-certs.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Mar 24 2026 Benjamin A. Beasley [code@musicinmybrain.net] - 0.20.0-1
- Update to version 0.20.0; Fixes RHBZ#2432770
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2425802 - rust-openssl-probe-0.2.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2425802
[ 2 ] Bug #2425819 - rust-rustls-native-certs-0.8.3 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2425819
[ 3 ] Bug #2432768 - rust-reqsign-aliyun-oss-3.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2432768
[ 4 ] Bug #2432769 - rust-reqsign-core-3.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2432769
[ 5 ] Bug #2432770 - rust-reqsign-0.20.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2432770
[ 6 ] Bug #2432771 - rust-reqsign-azure-storage-3.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2432771
[ 7 ] Bug #2432772 - rust-reqsign-http-send-reqwest-4.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2432772
[ 8 ] Bug #2432773 - rust-reqsign-google-3.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2432773
[ 9 ] Bug #2432774 - rust-reqsign-file-read-tokio-3.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2432774
[ 10 ] Bug #2432775 - rust-reqsign-command-execute-tokio-3.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2432775
[ 11 ] Bug #2432776 - rust-reqsign-aws-v4-3.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2432776
[ 12 ] Bug #2432777 - rust-reqsign-huaweicloud-obs-3.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2432777
[ 13 ] Bug #2432779 - rust-reqsign-tencent-cos-3.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2432779
[ 14 ] Bug #2436289 - rust-ambient-id-0.0.11 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2436289
[ 15 ] Bug #2437941 - rust-astral-reqwest-middleware-0.5.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2437941
[ 16 ] Bug #2437942 - rust-astral-reqwest-retry-0.9.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2437942
[ 17 ] Bug #2437976 - rust-astral_async_http_range_reader-0.10.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2437976
[ 18 ] Bug #2439752 - rust-native-tls-0.2.18 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2439752
[ 19 ] Bug #2450541 - python-uv-build-0.11.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2450541
[ 20 ] Bug #2450582 - uv-0.11.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2450582
[ 21 ] Bug #2451103 - Review Request: rust-webpki-root-certs - Mozilla trusted certificate authorities in self-signed X.509 format
https://bugzilla.redhat.com/show_bug.cgi?id=2451103
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-b8b59dcf44' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

[SECURITY] Fedora 44 Update: rust-rustls-native-certs-0.8.3-1.fc44

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-b8b59dcf44
2026-03-28 00:15:26.019955+00:00
--------------------------------------------------------------------------------

Name : rust-rustls-native-certs
Product : Fedora 44
Version : 0.8.3
Release : 1.fc44
URL : https://crates.io/crates/rustls-native-certs
Summary : Allows rustls to use the platform native certificate store
Description :
Rustls-native-certs allows rustls to use the platform native certificate
store.

--------------------------------------------------------------------------------
Update Information:

Update uv and python-uv-build to 0.11.2. Version 0.11 includes changes to the
networking stack used by uv. While its developers think that breakage will be
rare, it is possible that these changes will result in the rejection of
certificates previously trusted by uv so, they have marked the change as
breaking out of an abundance of caution. The changes are largely driven by the
upgrade of reqwest, which powers uv's HTTP clients, to v0.13, which included
some breaking changes to TLS certificate verification. This update also includes
updates for several of uv???s Rust library dependencies.
Update rust-openssl-probe to 0.2.1, including breaking changes introduced in
0.2.0, and introduce a new rust-openssl-probe0.1 compat package.
Update rust-rustls-native-certs to 0.8.3, now using openssl-probe 0.2.
Update rust-native-tls to 0.2.18. Version 0.2.16 added TLS 1.3 as an option,
added stack_from_pem, and upgraded openssl-probe to 0.2. Version 0.2.17 added
support for ALPN on the server side. Version 0.2.18 fixed min/max protocol
selection fallback for very old OpenSSL versions.
Add an initial package for rust-webpki-root-certs.
--------------------------------------------------------------------------------
ChangeLog:

* Wed Mar 25 2026 Benjamin A. Beasley [code@musicinmybrain.net] - 0.8.3-1
- Update to version 0.8.3; Fixes RHBZ#2425819
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2425802 - rust-openssl-probe-0.2.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2425802
[ 2 ] Bug #2425819 - rust-rustls-native-certs-0.8.3 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2425819
[ 3 ] Bug #2432768 - rust-reqsign-aliyun-oss-3.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2432768
[ 4 ] Bug #2432769 - rust-reqsign-core-3.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2432769
[ 5 ] Bug #2432770 - rust-reqsign-0.20.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2432770
[ 6 ] Bug #2432771 - rust-reqsign-azure-storage-3.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2432771
[ 7 ] Bug #2432772 - rust-reqsign-http-send-reqwest-4.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2432772
[ 8 ] Bug #2432773 - rust-reqsign-google-3.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2432773
[ 9 ] Bug #2432774 - rust-reqsign-file-read-tokio-3.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2432774
[ 10 ] Bug #2432775 - rust-reqsign-command-execute-tokio-3.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2432775
[ 11 ] Bug #2432776 - rust-reqsign-aws-v4-3.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2432776
[ 12 ] Bug #2432777 - rust-reqsign-huaweicloud-obs-3.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2432777
[ 13 ] Bug #2432779 - rust-reqsign-tencent-cos-3.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2432779
[ 14 ] Bug #2436289 - rust-ambient-id-0.0.11 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2436289
[ 15 ] Bug #2437941 - rust-astral-reqwest-middleware-0.5.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2437941
[ 16 ] Bug #2437942 - rust-astral-reqwest-retry-0.9.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2437942
[ 17 ] Bug #2437976 - rust-astral_async_http_range_reader-0.10.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2437976
[ 18 ] Bug #2439752 - rust-native-tls-0.2.18 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2439752
[ 19 ] Bug #2450541 - python-uv-build-0.11.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2450541
[ 20 ] Bug #2450582 - uv-0.11.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2450582
[ 21 ] Bug #2451103 - Review Request: rust-webpki-root-certs - Mozilla trusted certificate authorities in self-signed X.509 format
https://bugzilla.redhat.com/show_bug.cgi?id=2451103
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-b8b59dcf44' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

[SECURITY] Fedora 44 Update: rust-webpki-root-certs-1.0.6-1.fc44

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-b8b59dcf44
2026-03-28 00:15:26.019955+00:00
--------------------------------------------------------------------------------

Name : rust-webpki-root-certs
Product : Fedora 44
Version : 1.0.6
Release : 1.fc44
URL : https://crates.io/crates/webpki-root-certs
Summary : Mozilla trusted certificate authorities in self-signed X.509 format
Description :
Mozilla trusted certificate authorities in self-signed X.509 format for
use with crates other than webpki.

--------------------------------------------------------------------------------
Update Information:

Update uv and python-uv-build to 0.11.2. Version 0.11 includes changes to the
networking stack used by uv. While its developers think that breakage will be
rare, it is possible that these changes will result in the rejection of
certificates previously trusted by uv so, they have marked the change as
breaking out of an abundance of caution. The changes are largely driven by the
upgrade of reqwest, which powers uv's HTTP clients, to v0.13, which included
some breaking changes to TLS certificate verification. This update also includes
updates for several of uv???s Rust library dependencies.
Update rust-openssl-probe to 0.2.1, including breaking changes introduced in
0.2.0, and introduce a new rust-openssl-probe0.1 compat package.
Update rust-rustls-native-certs to 0.8.3, now using openssl-probe 0.2.
Update rust-native-tls to 0.2.18. Version 0.2.16 added TLS 1.3 as an option,
added stack_from_pem, and upgraded openssl-probe to 0.2. Version 0.2.17 added
support for ALPN on the server side. Version 0.2.18 fixed min/max protocol
selection fallback for very old OpenSSL versions.
Add an initial package for rust-webpki-root-certs.
--------------------------------------------------------------------------------
ChangeLog:

* Wed Mar 25 2026 Benjamin A. Beasley [code@musicinmybrain.net] - 1.0.6-1
- Initial package (close RHBZ#2451103)
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2425802 - rust-openssl-probe-0.2.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2425802
[ 2 ] Bug #2425819 - rust-rustls-native-certs-0.8.3 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2425819
[ 3 ] Bug #2432768 - rust-reqsign-aliyun-oss-3.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2432768
[ 4 ] Bug #2432769 - rust-reqsign-core-3.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2432769
[ 5 ] Bug #2432770 - rust-reqsign-0.20.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2432770
[ 6 ] Bug #2432771 - rust-reqsign-azure-storage-3.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2432771
[ 7 ] Bug #2432772 - rust-reqsign-http-send-reqwest-4.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2432772
[ 8 ] Bug #2432773 - rust-reqsign-google-3.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2432773
[ 9 ] Bug #2432774 - rust-reqsign-file-read-tokio-3.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2432774
[ 10 ] Bug #2432775 - rust-reqsign-command-execute-tokio-3.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2432775
[ 11 ] Bug #2432776 - rust-reqsign-aws-v4-3.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2432776
[ 12 ] Bug #2432777 - rust-reqsign-huaweicloud-obs-3.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2432777
[ 13 ] Bug #2432779 - rust-reqsign-tencent-cos-3.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2432779
[ 14 ] Bug #2436289 - rust-ambient-id-0.0.11 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2436289
[ 15 ] Bug #2437941 - rust-astral-reqwest-middleware-0.5.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2437941
[ 16 ] Bug #2437942 - rust-astral-reqwest-retry-0.9.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2437942
[ 17 ] Bug #2437976 - rust-astral_async_http_range_reader-0.10.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2437976
[ 18 ] Bug #2439752 - rust-native-tls-0.2.18 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2439752
[ 19 ] Bug #2450541 - python-uv-build-0.11.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2450541
[ 20 ] Bug #2450582 - uv-0.11.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2450582
[ 21 ] Bug #2451103 - Review Request: rust-webpki-root-certs - Mozilla trusted certificate authorities in self-signed X.509 format
https://bugzilla.redhat.com/show_bug.cgi?id=2451103
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-b8b59dcf44' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

[SECURITY] Fedora 44 Update: rust-openssl-probe0.1-0.1.6-1.fc44

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-b8b59dcf44
2026-03-28 00:15:26.019955+00:00
--------------------------------------------------------------------------------

Name : rust-openssl-probe0.1
Product : Fedora 44
Version : 0.1.6
Release : 1.fc44
URL : https://crates.io/crates/openssl-probe
Summary : Tool for helping to find SSL certificate locations on the system for OpenSSL
Description :
Tool for helping to find SSL certificate locations on the system for
OpenSSL.

--------------------------------------------------------------------------------
Update Information:

Update uv and python-uv-build to 0.11.2. Version 0.11 includes changes to the
networking stack used by uv. While its developers think that breakage will be
rare, it is possible that these changes will result in the rejection of
certificates previously trusted by uv so, they have marked the change as
breaking out of an abundance of caution. The changes are largely driven by the
upgrade of reqwest, which powers uv's HTTP clients, to v0.13, which included
some breaking changes to TLS certificate verification. This update also includes
updates for several of uv???s Rust library dependencies.
Update rust-openssl-probe to 0.2.1, including breaking changes introduced in
0.2.0, and introduce a new rust-openssl-probe0.1 compat package.
Update rust-rustls-native-certs to 0.8.3, now using openssl-probe 0.2.
Update rust-native-tls to 0.2.18. Version 0.2.16 added TLS 1.3 as an option,
added stack_from_pem, and upgraded openssl-probe to 0.2. Version 0.2.17 added
support for ALPN on the server side. Version 0.2.18 fixed min/max protocol
selection fallback for very old OpenSSL versions.
Add an initial package for rust-webpki-root-certs.
--------------------------------------------------------------------------------
ChangeLog:

* Thu Mar 26 2026 Benjamin A. Beasley [code@musicinmybrain.net] - 0.1.6-1
- Initial compat package
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2425802 - rust-openssl-probe-0.2.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2425802
[ 2 ] Bug #2425819 - rust-rustls-native-certs-0.8.3 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2425819
[ 3 ] Bug #2432768 - rust-reqsign-aliyun-oss-3.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2432768
[ 4 ] Bug #2432769 - rust-reqsign-core-3.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2432769
[ 5 ] Bug #2432770 - rust-reqsign-0.20.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2432770
[ 6 ] Bug #2432771 - rust-reqsign-azure-storage-3.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2432771
[ 7 ] Bug #2432772 - rust-reqsign-http-send-reqwest-4.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2432772
[ 8 ] Bug #2432773 - rust-reqsign-google-3.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2432773
[ 9 ] Bug #2432774 - rust-reqsign-file-read-tokio-3.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2432774
[ 10 ] Bug #2432775 - rust-reqsign-command-execute-tokio-3.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2432775
[ 11 ] Bug #2432776 - rust-reqsign-aws-v4-3.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2432776
[ 12 ] Bug #2432777 - rust-reqsign-huaweicloud-obs-3.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2432777
[ 13 ] Bug #2432779 - rust-reqsign-tencent-cos-3.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2432779
[ 14 ] Bug #2436289 - rust-ambient-id-0.0.11 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2436289
[ 15 ] Bug #2437941 - rust-astral-reqwest-middleware-0.5.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2437941
[ 16 ] Bug #2437942 - rust-astral-reqwest-retry-0.9.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2437942
[ 17 ] Bug #2437976 - rust-astral_async_http_range_reader-0.10.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2437976
[ 18 ] Bug #2439752 - rust-native-tls-0.2.18 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2439752
[ 19 ] Bug #2450541 - python-uv-build-0.11.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2450541
[ 20 ] Bug #2450582 - uv-0.11.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2450582
[ 21 ] Bug #2451103 - Review Request: rust-webpki-root-certs - Mozilla trusted certificate authorities in self-signed X.509 format
https://bugzilla.redhat.com/show_bug.cgi?id=2451103
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-b8b59dcf44' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

[SECURITY] Fedora 44 Update: rust-reqsign-http-send-reqwest-4.0.0-1.fc44

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-b8b59dcf44
2026-03-28 00:15:26.019955+00:00
--------------------------------------------------------------------------------

Name : rust-reqsign-http-send-reqwest
Product : Fedora 44
Version : 4.0.0
Release : 1.fc44
URL : https://crates.io/crates/reqsign-http-send-reqwest
Summary : Reqwest-based HTTP client implementation for reqsign
Description :
Reqwest-based HTTP client implementation for reqsign.

--------------------------------------------------------------------------------
Update Information:

Update uv and python-uv-build to 0.11.2. Version 0.11 includes changes to the
networking stack used by uv. While its developers think that breakage will be
rare, it is possible that these changes will result in the rejection of
certificates previously trusted by uv so, they have marked the change as
breaking out of an abundance of caution. The changes are largely driven by the
upgrade of reqwest, which powers uv's HTTP clients, to v0.13, which included
some breaking changes to TLS certificate verification. This update also includes
updates for several of uv???s Rust library dependencies.
Update rust-openssl-probe to 0.2.1, including breaking changes introduced in
0.2.0, and introduce a new rust-openssl-probe0.1 compat package.
Update rust-rustls-native-certs to 0.8.3, now using openssl-probe 0.2.
Update rust-native-tls to 0.2.18. Version 0.2.16 added TLS 1.3 as an option,
added stack_from_pem, and upgraded openssl-probe to 0.2. Version 0.2.17 added
support for ALPN on the server side. Version 0.2.18 fixed min/max protocol
selection fallback for very old OpenSSL versions.
Add an initial package for rust-webpki-root-certs.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Mar 24 2026 Benjamin A. Beasley [code@musicinmybrain.net] - 4.0.0-1
- Update to version 4.0.0; Fixes RHBZ#2432772
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2425802 - rust-openssl-probe-0.2.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2425802
[ 2 ] Bug #2425819 - rust-rustls-native-certs-0.8.3 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2425819
[ 3 ] Bug #2432768 - rust-reqsign-aliyun-oss-3.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2432768
[ 4 ] Bug #2432769 - rust-reqsign-core-3.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2432769
[ 5 ] Bug #2432770 - rust-reqsign-0.20.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2432770
[ 6 ] Bug #2432771 - rust-reqsign-azure-storage-3.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2432771
[ 7 ] Bug #2432772 - rust-reqsign-http-send-reqwest-4.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2432772
[ 8 ] Bug #2432773 - rust-reqsign-google-3.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2432773
[ 9 ] Bug #2432774 - rust-reqsign-file-read-tokio-3.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2432774
[ 10 ] Bug #2432775 - rust-reqsign-command-execute-tokio-3.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2432775
[ 11 ] Bug #2432776 - rust-reqsign-aws-v4-3.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2432776
[ 12 ] Bug #2432777 - rust-reqsign-huaweicloud-obs-3.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2432777
[ 13 ] Bug #2432779 - rust-reqsign-tencent-cos-3.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2432779
[ 14 ] Bug #2436289 - rust-ambient-id-0.0.11 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2436289
[ 15 ] Bug #2437941 - rust-astral-reqwest-middleware-0.5.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2437941
[ 16 ] Bug #2437942 - rust-astral-reqwest-retry-0.9.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2437942
[ 17 ] Bug #2437976 - rust-astral_async_http_range_reader-0.10.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2437976
[ 18 ] Bug #2439752 - rust-native-tls-0.2.18 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2439752
[ 19 ] Bug #2450541 - python-uv-build-0.11.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2450541
[ 20 ] Bug #2450582 - uv-0.11.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2450582
[ 21 ] Bug #2451103 - Review Request: rust-webpki-root-certs - Mozilla trusted certificate authorities in self-signed X.509 format
https://bugzilla.redhat.com/show_bug.cgi?id=2451103
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-b8b59dcf44' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

[SECURITY] Fedora 44 Update: rust-reqsign-google-3.0.0-1.fc44

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-b8b59dcf44
2026-03-28 00:15:26.019955+00:00
--------------------------------------------------------------------------------

Name : rust-reqsign-google
Product : Fedora 44
Version : 3.0.0
Release : 1.fc44
URL : https://crates.io/crates/reqsign-google
Summary : Google Cloud Platform signing implementation for reqsign
Description :
Google Cloud Platform signing implementation for reqsign.

--------------------------------------------------------------------------------
Update Information:

Update uv and python-uv-build to 0.11.2. Version 0.11 includes changes to the
networking stack used by uv. While its developers think that breakage will be
rare, it is possible that these changes will result in the rejection of
certificates previously trusted by uv so, they have marked the change as
breaking out of an abundance of caution. The changes are largely driven by the
upgrade of reqwest, which powers uv's HTTP clients, to v0.13, which included
some breaking changes to TLS certificate verification. This update also includes
updates for several of uv???s Rust library dependencies.
Update rust-openssl-probe to 0.2.1, including breaking changes introduced in
0.2.0, and introduce a new rust-openssl-probe0.1 compat package.
Update rust-rustls-native-certs to 0.8.3, now using openssl-probe 0.2.
Update rust-native-tls to 0.2.18. Version 0.2.16 added TLS 1.3 as an option,
added stack_from_pem, and upgraded openssl-probe to 0.2. Version 0.2.17 added
support for ALPN on the server side. Version 0.2.18 fixed min/max protocol
selection fallback for very old OpenSSL versions.
Add an initial package for rust-webpki-root-certs.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Mar 24 2026 Benjamin A. Beasley [code@musicinmybrain.net] - 3.0.0-1
- Update to version 3.0.0; Fixes RHBZ#2432773
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2425802 - rust-openssl-probe-0.2.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2425802
[ 2 ] Bug #2425819 - rust-rustls-native-certs-0.8.3 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2425819
[ 3 ] Bug #2432768 - rust-reqsign-aliyun-oss-3.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2432768
[ 4 ] Bug #2432769 - rust-reqsign-core-3.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2432769
[ 5 ] Bug #2432770 - rust-reqsign-0.20.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2432770
[ 6 ] Bug #2432771 - rust-reqsign-azure-storage-3.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2432771
[ 7 ] Bug #2432772 - rust-reqsign-http-send-reqwest-4.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2432772
[ 8 ] Bug #2432773 - rust-reqsign-google-3.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2432773
[ 9 ] Bug #2432774 - rust-reqsign-file-read-tokio-3.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2432774
[ 10 ] Bug #2432775 - rust-reqsign-command-execute-tokio-3.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2432775
[ 11 ] Bug #2432776 - rust-reqsign-aws-v4-3.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2432776
[ 12 ] Bug #2432777 - rust-reqsign-huaweicloud-obs-3.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2432777
[ 13 ] Bug #2432779 - rust-reqsign-tencent-cos-3.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2432779
[ 14 ] Bug #2436289 - rust-ambient-id-0.0.11 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2436289
[ 15 ] Bug #2437941 - rust-astral-reqwest-middleware-0.5.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2437941
[ 16 ] Bug #2437942 - rust-astral-reqwest-retry-0.9.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2437942
[ 17 ] Bug #2437976 - rust-astral_async_http_range_reader-0.10.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2437976
[ 18 ] Bug #2439752 - rust-native-tls-0.2.18 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2439752
[ 19 ] Bug #2450541 - python-uv-build-0.11.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2450541
[ 20 ] Bug #2450582 - uv-0.11.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2450582
[ 21 ] Bug #2451103 - Review Request: rust-webpki-root-certs - Mozilla trusted certificate authorities in self-signed X.509 format
https://bugzilla.redhat.com/show_bug.cgi?id=2451103
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-b8b59dcf44' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

[SECURITY] Fedora 44 Update: rust-astral-reqwest-retry-0.9.1-1.fc44

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-b8b59dcf44
2026-03-28 00:15:26.019955+00:00
--------------------------------------------------------------------------------

Name : rust-astral-reqwest-retry
Product : Fedora 44
Version : 0.9.1
Release : 1.fc44
URL : https://crates.io/crates/astral-reqwest-retry
Summary : Retry middleware for reqwest
Description :
Retry middleware for reqwest.

--------------------------------------------------------------------------------
Update Information:

Update uv and python-uv-build to 0.11.2. Version 0.11 includes changes to the
networking stack used by uv. While its developers think that breakage will be
rare, it is possible that these changes will result in the rejection of
certificates previously trusted by uv so, they have marked the change as
breaking out of an abundance of caution. The changes are largely driven by the
upgrade of reqwest, which powers uv's HTTP clients, to v0.13, which included
some breaking changes to TLS certificate verification. This update also includes
updates for several of uv???s Rust library dependencies.
Update rust-openssl-probe to 0.2.1, including breaking changes introduced in
0.2.0, and introduce a new rust-openssl-probe0.1 compat package.
Update rust-rustls-native-certs to 0.8.3, now using openssl-probe 0.2.
Update rust-native-tls to 0.2.18. Version 0.2.16 added TLS 1.3 as an option,
added stack_from_pem, and upgraded openssl-probe to 0.2. Version 0.2.17 added
support for ALPN on the server side. Version 0.2.18 fixed min/max protocol
selection fallback for very old OpenSSL versions.
Add an initial package for rust-webpki-root-certs.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Feb 10 2026 Benjamin A. Beasley [code@musicinmybrain.net] - 0.9.1-1
- Update to version 0.9.1; Fixes RHBZ#2437942
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2425802 - rust-openssl-probe-0.2.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2425802
[ 2 ] Bug #2425819 - rust-rustls-native-certs-0.8.3 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2425819
[ 3 ] Bug #2432768 - rust-reqsign-aliyun-oss-3.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2432768
[ 4 ] Bug #2432769 - rust-reqsign-core-3.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2432769
[ 5 ] Bug #2432770 - rust-reqsign-0.20.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2432770
[ 6 ] Bug #2432771 - rust-reqsign-azure-storage-3.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2432771
[ 7 ] Bug #2432772 - rust-reqsign-http-send-reqwest-4.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2432772
[ 8 ] Bug #2432773 - rust-reqsign-google-3.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2432773
[ 9 ] Bug #2432774 - rust-reqsign-file-read-tokio-3.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2432774
[ 10 ] Bug #2432775 - rust-reqsign-command-execute-tokio-3.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2432775
[ 11 ] Bug #2432776 - rust-reqsign-aws-v4-3.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2432776
[ 12 ] Bug #2432777 - rust-reqsign-huaweicloud-obs-3.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2432777
[ 13 ] Bug #2432779 - rust-reqsign-tencent-cos-3.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2432779
[ 14 ] Bug #2436289 - rust-ambient-id-0.0.11 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2436289
[ 15 ] Bug #2437941 - rust-astral-reqwest-middleware-0.5.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2437941
[ 16 ] Bug #2437942 - rust-astral-reqwest-retry-0.9.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2437942
[ 17 ] Bug #2437976 - rust-astral_async_http_range_reader-0.10.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2437976
[ 18 ] Bug #2439752 - rust-native-tls-0.2.18 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2439752
[ 19 ] Bug #2450541 - python-uv-build-0.11.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2450541
[ 20 ] Bug #2450582 - uv-0.11.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2450582
[ 21 ] Bug #2451103 - Review Request: rust-webpki-root-certs - Mozilla trusted certificate authorities in self-signed X.509 format
https://bugzilla.redhat.com/show_bug.cgi?id=2451103
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-b8b59dcf44' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

[SECURITY] Fedora 44 Update: rust-reqsign-core-3.0.0-1.fc44

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-b8b59dcf44
2026-03-28 00:15:26.019955+00:00
--------------------------------------------------------------------------------

Name : rust-reqsign-core
Product : Fedora 44
Version : 3.0.0
Release : 1.fc44
URL : https://crates.io/crates/reqsign-core
Summary : Signing API requests without effort
Description :
Signing API requests without effort.

--------------------------------------------------------------------------------
Update Information:

Update uv and python-uv-build to 0.11.2. Version 0.11 includes changes to the
networking stack used by uv. While its developers think that breakage will be
rare, it is possible that these changes will result in the rejection of
certificates previously trusted by uv so, they have marked the change as
breaking out of an abundance of caution. The changes are largely driven by the
upgrade of reqwest, which powers uv's HTTP clients, to v0.13, which included
some breaking changes to TLS certificate verification. This update also includes
updates for several of uv???s Rust library dependencies.
Update rust-openssl-probe to 0.2.1, including breaking changes introduced in
0.2.0, and introduce a new rust-openssl-probe0.1 compat package.
Update rust-rustls-native-certs to 0.8.3, now using openssl-probe 0.2.
Update rust-native-tls to 0.2.18. Version 0.2.16 added TLS 1.3 as an option,
added stack_from_pem, and upgraded openssl-probe to 0.2. Version 0.2.17 added
support for ALPN on the server side. Version 0.2.18 fixed min/max protocol
selection fallback for very old OpenSSL versions.
Add an initial package for rust-webpki-root-certs.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Mar 24 2026 Benjamin A. Beasley [code@musicinmybrain.net] - 3.0.0-1
- Update to version 3.0.0; Fixes RHBZ#2432769
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2425802 - rust-openssl-probe-0.2.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2425802
[ 2 ] Bug #2425819 - rust-rustls-native-certs-0.8.3 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2425819
[ 3 ] Bug #2432768 - rust-reqsign-aliyun-oss-3.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2432768
[ 4 ] Bug #2432769 - rust-reqsign-core-3.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2432769
[ 5 ] Bug #2432770 - rust-reqsign-0.20.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2432770
[ 6 ] Bug #2432771 - rust-reqsign-azure-storage-3.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2432771
[ 7 ] Bug #2432772 - rust-reqsign-http-send-reqwest-4.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2432772
[ 8 ] Bug #2432773 - rust-reqsign-google-3.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2432773
[ 9 ] Bug #2432774 - rust-reqsign-file-read-tokio-3.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2432774
[ 10 ] Bug #2432775 - rust-reqsign-command-execute-tokio-3.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2432775
[ 11 ] Bug #2432776 - rust-reqsign-aws-v4-3.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2432776
[ 12 ] Bug #2432777 - rust-reqsign-huaweicloud-obs-3.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2432777
[ 13 ] Bug #2432779 - rust-reqsign-tencent-cos-3.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2432779
[ 14 ] Bug #2436289 - rust-ambient-id-0.0.11 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2436289
[ 15 ] Bug #2437941 - rust-astral-reqwest-middleware-0.5.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2437941
[ 16 ] Bug #2437942 - rust-astral-reqwest-retry-0.9.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2437942
[ 17 ] Bug #2437976 - rust-astral_async_http_range_reader-0.10.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2437976
[ 18 ] Bug #2439752 - rust-native-tls-0.2.18 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2439752
[ 19 ] Bug #2450541 - python-uv-build-0.11.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2450541
[ 20 ] Bug #2450582 - uv-0.11.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2450582
[ 21 ] Bug #2451103 - Review Request: rust-webpki-root-certs - Mozilla trusted certificate authorities in self-signed X.509 format
https://bugzilla.redhat.com/show_bug.cgi?id=2451103
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-b8b59dcf44' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

[SECURITY] Fedora 44 Update: rust-astral-reqwest-middleware-0.5.1-1.fc44

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-b8b59dcf44
2026-03-28 00:15:26.019955+00:00
--------------------------------------------------------------------------------

Name : rust-astral-reqwest-middleware
Product : Fedora 44
Version : 0.5.1
Release : 1.fc44
URL : https://crates.io/crates/astral-reqwest-middleware
Summary : Wrapper around reqwest to allow for client middleware chains
Description :
Wrapper around reqwest to allow for client middleware chains.

--------------------------------------------------------------------------------
Update Information:

Update uv and python-uv-build to 0.11.2. Version 0.11 includes changes to the
networking stack used by uv. While its developers think that breakage will be
rare, it is possible that these changes will result in the rejection of
certificates previously trusted by uv so, they have marked the change as
breaking out of an abundance of caution. The changes are largely driven by the
upgrade of reqwest, which powers uv's HTTP clients, to v0.13, which included
some breaking changes to TLS certificate verification. This update also includes
updates for several of uv???s Rust library dependencies.
Update rust-openssl-probe to 0.2.1, including breaking changes introduced in
0.2.0, and introduce a new rust-openssl-probe0.1 compat package.
Update rust-rustls-native-certs to 0.8.3, now using openssl-probe 0.2.
Update rust-native-tls to 0.2.18. Version 0.2.16 added TLS 1.3 as an option,
added stack_from_pem, and upgraded openssl-probe to 0.2. Version 0.2.17 added
support for ALPN on the server side. Version 0.2.18 fixed min/max protocol
selection fallback for very old OpenSSL versions.
Add an initial package for rust-webpki-root-certs.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Feb 10 2026 Benjamin A. Beasley [code@musicinmybrain.net] - 0.5.1-1
- Update to version 0.5.1; Fixes RHBZ#2437941
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2425802 - rust-openssl-probe-0.2.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2425802
[ 2 ] Bug #2425819 - rust-rustls-native-certs-0.8.3 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2425819
[ 3 ] Bug #2432768 - rust-reqsign-aliyun-oss-3.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2432768
[ 4 ] Bug #2432769 - rust-reqsign-core-3.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2432769
[ 5 ] Bug #2432770 - rust-reqsign-0.20.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2432770
[ 6 ] Bug #2432771 - rust-reqsign-azure-storage-3.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2432771
[ 7 ] Bug #2432772 - rust-reqsign-http-send-reqwest-4.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2432772
[ 8 ] Bug #2432773 - rust-reqsign-google-3.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2432773
[ 9 ] Bug #2432774 - rust-reqsign-file-read-tokio-3.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2432774
[ 10 ] Bug #2432775 - rust-reqsign-command-execute-tokio-3.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2432775
[ 11 ] Bug #2432776 - rust-reqsign-aws-v4-3.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2432776
[ 12 ] Bug #2432777 - rust-reqsign-huaweicloud-obs-3.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2432777
[ 13 ] Bug #2432779 - rust-reqsign-tencent-cos-3.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2432779
[ 14 ] Bug #2436289 - rust-ambient-id-0.0.11 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2436289
[ 15 ] Bug #2437941 - rust-astral-reqwest-middleware-0.5.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2437941
[ 16 ] Bug #2437942 - rust-astral-reqwest-retry-0.9.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2437942
[ 17 ] Bug #2437976 - rust-astral_async_http_range_reader-0.10.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2437976
[ 18 ] Bug #2439752 - rust-native-tls-0.2.18 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2439752
[ 19 ] Bug #2450541 - python-uv-build-0.11.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2450541
[ 20 ] Bug #2450582 - uv-0.11.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2450582
[ 21 ] Bug #2451103 - Review Request: rust-webpki-root-certs - Mozilla trusted certificate authorities in self-signed X.509 format
https://bugzilla.redhat.com/show_bug.cgi?id=2451103
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-b8b59dcf44' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

[SECURITY] Fedora 44 Update: rust-astral_async_http_range_reader-0.10.0-1.fc44

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-b8b59dcf44
2026-03-28 00:15:26.019955+00:00
--------------------------------------------------------------------------------

Name : rust-astral_async_http_range_reader
Product : Fedora 44
Version : 0.10.0
Release : 1.fc44
URL : https://crates.io/crates/astral_async_http_range_reader
Summary : Library for streaming reading of files over HTTP using range requests
Description :
A library for streaming reading of files over HTTP using range requests.

--------------------------------------------------------------------------------
Update Information:

Update uv and python-uv-build to 0.11.2. Version 0.11 includes changes to the
networking stack used by uv. While its developers think that breakage will be
rare, it is possible that these changes will result in the rejection of
certificates previously trusted by uv so, they have marked the change as
breaking out of an abundance of caution. The changes are largely driven by the
upgrade of reqwest, which powers uv's HTTP clients, to v0.13, which included
some breaking changes to TLS certificate verification. This update also includes
updates for several of uv???s Rust library dependencies.
Update rust-openssl-probe to 0.2.1, including breaking changes introduced in
0.2.0, and introduce a new rust-openssl-probe0.1 compat package.
Update rust-rustls-native-certs to 0.8.3, now using openssl-probe 0.2.
Update rust-native-tls to 0.2.18. Version 0.2.16 added TLS 1.3 as an option,
added stack_from_pem, and upgraded openssl-probe to 0.2. Version 0.2.17 added
support for ALPN on the server side. Version 0.2.18 fixed min/max protocol
selection fallback for very old OpenSSL versions.
Add an initial package for rust-webpki-root-certs.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Feb 10 2026 Benjamin A. Beasley [code@musicinmybrain.net] - 0.10.0-1
- Update to version 0.10.0; Fixes RHBZ#2437976
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2425802 - rust-openssl-probe-0.2.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2425802
[ 2 ] Bug #2425819 - rust-rustls-native-certs-0.8.3 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2425819
[ 3 ] Bug #2432768 - rust-reqsign-aliyun-oss-3.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2432768
[ 4 ] Bug #2432769 - rust-reqsign-core-3.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2432769
[ 5 ] Bug #2432770 - rust-reqsign-0.20.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2432770
[ 6 ] Bug #2432771 - rust-reqsign-azure-storage-3.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2432771
[ 7 ] Bug #2432772 - rust-reqsign-http-send-reqwest-4.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2432772
[ 8 ] Bug #2432773 - rust-reqsign-google-3.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2432773
[ 9 ] Bug #2432774 - rust-reqsign-file-read-tokio-3.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2432774
[ 10 ] Bug #2432775 - rust-reqsign-command-execute-tokio-3.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2432775
[ 11 ] Bug #2432776 - rust-reqsign-aws-v4-3.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2432776
[ 12 ] Bug #2432777 - rust-reqsign-huaweicloud-obs-3.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2432777
[ 13 ] Bug #2432779 - rust-reqsign-tencent-cos-3.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2432779
[ 14 ] Bug #2436289 - rust-ambient-id-0.0.11 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2436289
[ 15 ] Bug #2437941 - rust-astral-reqwest-middleware-0.5.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2437941
[ 16 ] Bug #2437942 - rust-astral-reqwest-retry-0.9.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2437942
[ 17 ] Bug #2437976 - rust-astral_async_http_range_reader-0.10.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2437976
[ 18 ] Bug #2439752 - rust-native-tls-0.2.18 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2439752
[ 19 ] Bug #2450541 - python-uv-build-0.11.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2450541
[ 20 ] Bug #2450582 - uv-0.11.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2450582
[ 21 ] Bug #2451103 - Review Request: rust-webpki-root-certs - Mozilla trusted certificate authorities in self-signed X.509 format
https://bugzilla.redhat.com/show_bug.cgi?id=2451103
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-b8b59dcf44' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

[SECURITY] Fedora 44 Update: rust-openssl-probe-0.2.1-1.fc44

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-b8b59dcf44
2026-03-28 00:15:26.019955+00:00
--------------------------------------------------------------------------------

Name : rust-openssl-probe
Product : Fedora 44
Version : 0.2.1
Release : 1.fc44
URL : https://crates.io/crates/openssl-probe
Summary : Find system-wide root certificate locations based on typical OpenSSL paths
Description :
A library for helping to find system-wide trust anchor ("root")
certificate locations based on paths typically used by `openssl`.

--------------------------------------------------------------------------------
Update Information:

Update uv and python-uv-build to 0.11.2. Version 0.11 includes changes to the
networking stack used by uv. While its developers think that breakage will be
rare, it is possible that these changes will result in the rejection of
certificates previously trusted by uv so, they have marked the change as
breaking out of an abundance of caution. The changes are largely driven by the
upgrade of reqwest, which powers uv's HTTP clients, to v0.13, which included
some breaking changes to TLS certificate verification. This update also includes
updates for several of uv???s Rust library dependencies.
Update rust-openssl-probe to 0.2.1, including breaking changes introduced in
0.2.0, and introduce a new rust-openssl-probe0.1 compat package.
Update rust-rustls-native-certs to 0.8.3, now using openssl-probe 0.2.
Update rust-native-tls to 0.2.18. Version 0.2.16 added TLS 1.3 as an option,
added stack_from_pem, and upgraded openssl-probe to 0.2. Version 0.2.17 added
support for ALPN on the server side. Version 0.2.18 fixed min/max protocol
selection fallback for very old OpenSSL versions.
Add an initial package for rust-webpki-root-certs.
--------------------------------------------------------------------------------
ChangeLog:

* Wed Mar 25 2026 Benjamin A. Beasley [code@musicinmybrain.net] - 0.2.1-1
- Update to version 0.2.1; Fixes RHBZ#2425802
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2425802 - rust-openssl-probe-0.2.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2425802
[ 2 ] Bug #2425819 - rust-rustls-native-certs-0.8.3 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2425819
[ 3 ] Bug #2432768 - rust-reqsign-aliyun-oss-3.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2432768
[ 4 ] Bug #2432769 - rust-reqsign-core-3.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2432769
[ 5 ] Bug #2432770 - rust-reqsign-0.20.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2432770
[ 6 ] Bug #2432771 - rust-reqsign-azure-storage-3.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2432771
[ 7 ] Bug #2432772 - rust-reqsign-http-send-reqwest-4.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2432772
[ 8 ] Bug #2432773 - rust-reqsign-google-3.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2432773
[ 9 ] Bug #2432774 - rust-reqsign-file-read-tokio-3.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2432774
[ 10 ] Bug #2432775 - rust-reqsign-command-execute-tokio-3.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2432775
[ 11 ] Bug #2432776 - rust-reqsign-aws-v4-3.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2432776
[ 12 ] Bug #2432777 - rust-reqsign-huaweicloud-obs-3.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2432777
[ 13 ] Bug #2432779 - rust-reqsign-tencent-cos-3.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2432779
[ 14 ] Bug #2436289 - rust-ambient-id-0.0.11 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2436289
[ 15 ] Bug #2437941 - rust-astral-reqwest-middleware-0.5.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2437941
[ 16 ] Bug #2437942 - rust-astral-reqwest-retry-0.9.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2437942
[ 17 ] Bug #2437976 - rust-astral_async_http_range_reader-0.10.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2437976
[ 18 ] Bug #2439752 - rust-native-tls-0.2.18 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2439752
[ 19 ] Bug #2450541 - python-uv-build-0.11.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2450541
[ 20 ] Bug #2450582 - uv-0.11.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2450582
[ 21 ] Bug #2451103 - Review Request: rust-webpki-root-certs - Mozilla trusted certificate authorities in self-signed X.509 format
https://bugzilla.redhat.com/show_bug.cgi?id=2451103
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-b8b59dcf44' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

[SECURITY] Fedora 44 Update: rust-reqsign-aws-v4-3.0.0-1.fc44

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-b8b59dcf44
2026-03-28 00:15:26.019955+00:00
--------------------------------------------------------------------------------

Name : rust-reqsign-aws-v4
Product : Fedora 44
Version : 3.0.0
Release : 1.fc44
URL : https://crates.io/crates/reqsign-aws-v4
Summary : AWS SigV4 signing implementation for reqsign
Description :
AWS SigV4 signing implementation for reqsign.

--------------------------------------------------------------------------------
Update Information:

Update uv and python-uv-build to 0.11.2. Version 0.11 includes changes to the
networking stack used by uv. While its developers think that breakage will be
rare, it is possible that these changes will result in the rejection of
certificates previously trusted by uv so, they have marked the change as
breaking out of an abundance of caution. The changes are largely driven by the
upgrade of reqwest, which powers uv's HTTP clients, to v0.13, which included
some breaking changes to TLS certificate verification. This update also includes
updates for several of uv???s Rust library dependencies.
Update rust-openssl-probe to 0.2.1, including breaking changes introduced in
0.2.0, and introduce a new rust-openssl-probe0.1 compat package.
Update rust-rustls-native-certs to 0.8.3, now using openssl-probe 0.2.
Update rust-native-tls to 0.2.18. Version 0.2.16 added TLS 1.3 as an option,
added stack_from_pem, and upgraded openssl-probe to 0.2. Version 0.2.17 added
support for ALPN on the server side. Version 0.2.18 fixed min/max protocol
selection fallback for very old OpenSSL versions.
Add an initial package for rust-webpki-root-certs.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Mar 24 2026 Benjamin A. Beasley [code@musicinmybrain.net] - 3.0.0-1
- Update to version 3.0.0; Fixes RHBZ#2432776
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2425802 - rust-openssl-probe-0.2.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2425802
[ 2 ] Bug #2425819 - rust-rustls-native-certs-0.8.3 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2425819
[ 3 ] Bug #2432768 - rust-reqsign-aliyun-oss-3.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2432768
[ 4 ] Bug #2432769 - rust-reqsign-core-3.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2432769
[ 5 ] Bug #2432770 - rust-reqsign-0.20.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2432770
[ 6 ] Bug #2432771 - rust-reqsign-azure-storage-3.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2432771
[ 7 ] Bug #2432772 - rust-reqsign-http-send-reqwest-4.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2432772
[ 8 ] Bug #2432773 - rust-reqsign-google-3.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2432773
[ 9 ] Bug #2432774 - rust-reqsign-file-read-tokio-3.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2432774
[ 10 ] Bug #2432775 - rust-reqsign-command-execute-tokio-3.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2432775
[ 11 ] Bug #2432776 - rust-reqsign-aws-v4-3.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2432776
[ 12 ] Bug #2432777 - rust-reqsign-huaweicloud-obs-3.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2432777
[ 13 ] Bug #2432779 - rust-reqsign-tencent-cos-3.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2432779
[ 14 ] Bug #2436289 - rust-ambient-id-0.0.11 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2436289
[ 15 ] Bug #2437941 - rust-astral-reqwest-middleware-0.5.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2437941
[ 16 ] Bug #2437942 - rust-astral-reqwest-retry-0.9.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2437942
[ 17 ] Bug #2437976 - rust-astral_async_http_range_reader-0.10.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2437976
[ 18 ] Bug #2439752 - rust-native-tls-0.2.18 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2439752
[ 19 ] Bug #2450541 - python-uv-build-0.11.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2450541
[ 20 ] Bug #2450582 - uv-0.11.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2450582
[ 21 ] Bug #2451103 - Review Request: rust-webpki-root-certs - Mozilla trusted certificate authorities in self-signed X.509 format
https://bugzilla.redhat.com/show_bug.cgi?id=2451103
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-b8b59dcf44' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

[SECURITY] Fedora 44 Update: python-uv-build-0.11.2-1.fc44

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-b8b59dcf44
2026-03-28 00:15:26.019955+00:00
--------------------------------------------------------------------------------

Name : python-uv-build
Product : Fedora 44
Version : 0.11.2
Release : 1.fc44
URL : https://pypi.org/project/uv-build
Summary : The uv build backend
Description :

This package is a slimmed down version of uv containing only the build
backend.

--------------------------------------------------------------------------------
Update Information:

Update uv and python-uv-build to 0.11.2. Version 0.11 includes changes to the
networking stack used by uv. While its developers think that breakage will be
rare, it is possible that these changes will result in the rejection of
certificates previously trusted by uv so, they have marked the change as
breaking out of an abundance of caution. The changes are largely driven by the
upgrade of reqwest, which powers uv's HTTP clients, to v0.13, which included
some breaking changes to TLS certificate verification. This update also includes
updates for several of uv???s Rust library dependencies.
Update rust-openssl-probe to 0.2.1, including breaking changes introduced in
0.2.0, and introduce a new rust-openssl-probe0.1 compat package.
Update rust-rustls-native-certs to 0.8.3, now using openssl-probe 0.2.
Update rust-native-tls to 0.2.18. Version 0.2.16 added TLS 1.3 as an option,
added stack_from_pem, and upgraded openssl-probe to 0.2. Version 0.2.17 added
support for ALPN on the server side. Version 0.2.18 fixed min/max protocol
selection fallback for very old OpenSSL versions.
Add an initial package for rust-webpki-root-certs.
--------------------------------------------------------------------------------
ChangeLog:

* Fri Mar 27 2026 Benjamin A. Beasley [code@musicinmybrain.net] - 0.11.2-1
- Update to 0.11.2 (close RHBZ#2450541)
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2425802 - rust-openssl-probe-0.2.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2425802
[ 2 ] Bug #2425819 - rust-rustls-native-certs-0.8.3 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2425819
[ 3 ] Bug #2432768 - rust-reqsign-aliyun-oss-3.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2432768
[ 4 ] Bug #2432769 - rust-reqsign-core-3.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2432769
[ 5 ] Bug #2432770 - rust-reqsign-0.20.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2432770
[ 6 ] Bug #2432771 - rust-reqsign-azure-storage-3.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2432771
[ 7 ] Bug #2432772 - rust-reqsign-http-send-reqwest-4.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2432772
[ 8 ] Bug #2432773 - rust-reqsign-google-3.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2432773
[ 9 ] Bug #2432774 - rust-reqsign-file-read-tokio-3.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2432774
[ 10 ] Bug #2432775 - rust-reqsign-command-execute-tokio-3.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2432775
[ 11 ] Bug #2432776 - rust-reqsign-aws-v4-3.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2432776
[ 12 ] Bug #2432777 - rust-reqsign-huaweicloud-obs-3.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2432777
[ 13 ] Bug #2432779 - rust-reqsign-tencent-cos-3.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2432779
[ 14 ] Bug #2436289 - rust-ambient-id-0.0.11 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2436289
[ 15 ] Bug #2437941 - rust-astral-reqwest-middleware-0.5.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2437941
[ 16 ] Bug #2437942 - rust-astral-reqwest-retry-0.9.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2437942
[ 17 ] Bug #2437976 - rust-astral_async_http_range_reader-0.10.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2437976
[ 18 ] Bug #2439752 - rust-native-tls-0.2.18 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2439752
[ 19 ] Bug #2450541 - python-uv-build-0.11.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2450541
[ 20 ] Bug #2450582 - uv-0.11.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2450582
[ 21 ] Bug #2451103 - Review Request: rust-webpki-root-certs - Mozilla trusted certificate authorities in self-signed X.509 format
https://bugzilla.redhat.com/show_bug.cgi?id=2451103
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-b8b59dcf44' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

[SECURITY] Fedora 44 Update: rust-native-tls-0.2.18-1.fc44

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-b8b59dcf44
2026-03-28 00:15:26.019955+00:00
--------------------------------------------------------------------------------

Name : rust-native-tls
Product : Fedora 44
Version : 0.2.18
Release : 1.fc44
URL : https://crates.io/crates/native-tls
Summary : Wrapper over a platform's native TLS implementation
Description :
A wrapper over a platform's native TLS implementation.

--------------------------------------------------------------------------------
Update Information:

Update uv and python-uv-build to 0.11.2. Version 0.11 includes changes to the
networking stack used by uv. While its developers think that breakage will be
rare, it is possible that these changes will result in the rejection of
certificates previously trusted by uv so, they have marked the change as
breaking out of an abundance of caution. The changes are largely driven by the
upgrade of reqwest, which powers uv's HTTP clients, to v0.13, which included
some breaking changes to TLS certificate verification. This update also includes
updates for several of uv???s Rust library dependencies.
Update rust-openssl-probe to 0.2.1, including breaking changes introduced in
0.2.0, and introduce a new rust-openssl-probe0.1 compat package.
Update rust-rustls-native-certs to 0.8.3, now using openssl-probe 0.2.
Update rust-native-tls to 0.2.18. Version 0.2.16 added TLS 1.3 as an option,
added stack_from_pem, and upgraded openssl-probe to 0.2. Version 0.2.17 added
support for ALPN on the server side. Version 0.2.18 fixed min/max protocol
selection fallback for very old OpenSSL versions.
Add an initial package for rust-webpki-root-certs.
--------------------------------------------------------------------------------
ChangeLog:

* Wed Mar 25 2026 Benjamin A. Beasley [code@musicinmybrain.net] - 0.2.18-1
- Update to version 0.2.18; Fixes RHBZ#2439752
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2425802 - rust-openssl-probe-0.2.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2425802
[ 2 ] Bug #2425819 - rust-rustls-native-certs-0.8.3 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2425819
[ 3 ] Bug #2432768 - rust-reqsign-aliyun-oss-3.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2432768
[ 4 ] Bug #2432769 - rust-reqsign-core-3.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2432769
[ 5 ] Bug #2432770 - rust-reqsign-0.20.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2432770
[ 6 ] Bug #2432771 - rust-reqsign-azure-storage-3.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2432771
[ 7 ] Bug #2432772 - rust-reqsign-http-send-reqwest-4.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2432772
[ 8 ] Bug #2432773 - rust-reqsign-google-3.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2432773
[ 9 ] Bug #2432774 - rust-reqsign-file-read-tokio-3.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2432774
[ 10 ] Bug #2432775 - rust-reqsign-command-execute-tokio-3.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2432775
[ 11 ] Bug #2432776 - rust-reqsign-aws-v4-3.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2432776
[ 12 ] Bug #2432777 - rust-reqsign-huaweicloud-obs-3.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2432777
[ 13 ] Bug #2432779 - rust-reqsign-tencent-cos-3.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2432779
[ 14 ] Bug #2436289 - rust-ambient-id-0.0.11 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2436289
[ 15 ] Bug #2437941 - rust-astral-reqwest-middleware-0.5.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2437941
[ 16 ] Bug #2437942 - rust-astral-reqwest-retry-0.9.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2437942
[ 17 ] Bug #2437976 - rust-astral_async_http_range_reader-0.10.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2437976
[ 18 ] Bug #2439752 - rust-native-tls-0.2.18 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2439752
[ 19 ] Bug #2450541 - python-uv-build-0.11.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2450541
[ 20 ] Bug #2450582 - uv-0.11.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2450582
[ 21 ] Bug #2451103 - Review Request: rust-webpki-root-certs - Mozilla trusted certificate authorities in self-signed X.509 format
https://bugzilla.redhat.com/show_bug.cgi?id=2451103
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-b8b59dcf44' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

[SECURITY] Fedora 44 Update: rust-ambient-id-0.0.11-1.fc44

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-b8b59dcf44
2026-03-28 00:15:26.019955+00:00
--------------------------------------------------------------------------------

Name : rust-ambient-id
Product : Fedora 44
Version : 0.0.11
Release : 1.fc44
URL : https://crates.io/crates/ambient-id
Summary : Detects ambient OIDC credentials in a variety of environments
Description :
Detects ambient OIDC credentials in a variety of environments.

--------------------------------------------------------------------------------
Update Information:

Update uv and python-uv-build to 0.11.2. Version 0.11 includes changes to the
networking stack used by uv. While its developers think that breakage will be
rare, it is possible that these changes will result in the rejection of
certificates previously trusted by uv so, they have marked the change as
breaking out of an abundance of caution. The changes are largely driven by the
upgrade of reqwest, which powers uv's HTTP clients, to v0.13, which included
some breaking changes to TLS certificate verification. This update also includes
updates for several of uv???s Rust library dependencies.
Update rust-openssl-probe to 0.2.1, including breaking changes introduced in
0.2.0, and introduce a new rust-openssl-probe0.1 compat package.
Update rust-rustls-native-certs to 0.8.3, now using openssl-probe 0.2.
Update rust-native-tls to 0.2.18. Version 0.2.16 added TLS 1.3 as an option,
added stack_from_pem, and upgraded openssl-probe to 0.2. Version 0.2.17 added
support for ALPN on the server side. Version 0.2.18 fixed min/max protocol
selection fallback for very old OpenSSL versions.
Add an initial package for rust-webpki-root-certs.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Mar 24 2026 Benjamin A. Beasley [code@musicinmybrain.net] - 0.0.11-1
- Update to version 0.0.11; Fixes RHBZ#2436289
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2425802 - rust-openssl-probe-0.2.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2425802
[ 2 ] Bug #2425819 - rust-rustls-native-certs-0.8.3 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2425819
[ 3 ] Bug #2432768 - rust-reqsign-aliyun-oss-3.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2432768
[ 4 ] Bug #2432769 - rust-reqsign-core-3.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2432769
[ 5 ] Bug #2432770 - rust-reqsign-0.20.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2432770
[ 6 ] Bug #2432771 - rust-reqsign-azure-storage-3.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2432771
[ 7 ] Bug #2432772 - rust-reqsign-http-send-reqwest-4.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2432772
[ 8 ] Bug #2432773 - rust-reqsign-google-3.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2432773
[ 9 ] Bug #2432774 - rust-reqsign-file-read-tokio-3.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2432774
[ 10 ] Bug #2432775 - rust-reqsign-command-execute-tokio-3.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2432775
[ 11 ] Bug #2432776 - rust-reqsign-aws-v4-3.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2432776
[ 12 ] Bug #2432777 - rust-reqsign-huaweicloud-obs-3.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2432777
[ 13 ] Bug #2432779 - rust-reqsign-tencent-cos-3.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2432779
[ 14 ] Bug #2436289 - rust-ambient-id-0.0.11 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2436289
[ 15 ] Bug #2437941 - rust-astral-reqwest-middleware-0.5.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2437941
[ 16 ] Bug #2437942 - rust-astral-reqwest-retry-0.9.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2437942
[ 17 ] Bug #2437976 - rust-astral_async_http_range_reader-0.10.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2437976
[ 18 ] Bug #2439752 - rust-native-tls-0.2.18 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2439752
[ 19 ] Bug #2450541 - python-uv-build-0.11.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2450541
[ 20 ] Bug #2450582 - uv-0.11.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2450582
[ 21 ] Bug #2451103 - Review Request: rust-webpki-root-certs - Mozilla trusted certificate authorities in self-signed X.509 format
https://bugzilla.redhat.com/show_bug.cgi?id=2451103
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-b8b59dcf44' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

[SECURITY] Fedora 44 Update: perl-XML-Parser-2.51-1.fc44

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-dcb80f8e23
2026-03-28 00:15:26.019937+00:00
--------------------------------------------------------------------------------

Name : perl-XML-Parser
Product : Fedora 44
Version : 2.51
Release : 1.fc44
URL : https://metacpan.org/release/XML-Parser
Summary : Perl module for parsing XML documents
Description :
This module provides ways to parse XML documents. It is built on top
of XML::Parser::Expat, which is a lower level interface to James
Clark's expat library. Each call to one of the parsing methods creates
a new instance of XML::Parser::Expat which is then used to parse the
document. Expat options may be provided when the XML::Parser object is
created. These options are then passed on to the Expat object on each
parse call. They can also be given as extra arguments to the parse
methods, in which case they override options given at XML::Parser
creation time.

--------------------------------------------------------------------------------
Update Information:

2.51 bump - Fix CVE-2006-10002, CVE-2006-10003
--------------------------------------------------------------------------------
ChangeLog:

* Mon Mar 23 2026 Jitka Plesnikova [jplesnik@redhat.com] - 2.51-1
- 2.51 bump (rhbz#2448965)
- Fix CVE-2006-10002 (rhbz#2449269), CVE-2006-10003 (rhbz#2449278)
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2448965 - perl-XML-Parser-2.51 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2448965
[ 2 ] Bug #2449269 - CVE-2006-10002 perl-XML-Parser: XML::Parser for Perl: Heap corruption and denial of service from crafted XML input [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2449269
[ 3 ] Bug #2449278 - CVE-2006-10003 perl-XML-Parser: XML::Parser: Memory corruption via deeply nested XML files [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2449278
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-dcb80f8e23' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new

[SECURITY] Fedora 44 Update: giflib-6.1.2-1.fc44

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-758ce76ef6
2026-03-28 00:15:26.019929+00:00
--------------------------------------------------------------------------------

Name : giflib
Product : Fedora 44
Version : 6.1.2
Release : 1.fc44
URL : http://www.sourceforge.net/projects/giflib/
Summary : A library and utilities for processing GIFs
Description :
giflib is a library for reading and writing gif images.

--------------------------------------------------------------------------------
Update Information:

Fix CVE-2026-23868.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Mar 10 2026 Sandro Mani [manisandro@gmail.com] - 6.1.2-1
- Update to 6.1.2
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2446289 - CVE-2026-23868 giflib: Giflib: Double-free vulnerability leading to memory corruption [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2446289
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-758ce76ef6' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new

[SECURITY] Fedora 44 Update: samtools-1.23.1-1.fc44

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-cb321bebb5
2026-03-28 00:15:26.019832+00:00
--------------------------------------------------------------------------------

Name : samtools
Product : Fedora 44
Version : 1.23.1
Release : 1.fc44
URL : http://www.htslib.org/
Summary : Tools for nucleotide sequence alignments in the SAM format
Description :
SAM (Sequence Alignment/Map) is a flexible generic format for storing
nucleotide sequence alignment.
SAM Tools provide various utilities for manipulating alignments in the
SAM format, including sorting, merging, indexing and generating
alignments in a per-position format.

--------------------------------------------------------------------------------
Update Information:

Update to 1.23.1
--------------------------------------------------------------------------------
ChangeLog:

* Thu Mar 19 2026 Rasmus Ory Nielsen [ron@ron.dk] - 1.23.1-1
- Updated to 1.23.1
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2448857 - CVE-2026-31972 samtools: SAMtools: Information Disclosure and Denial of Service via use-after-free vulnerability in mpileup command
https://bugzilla.redhat.com/show_bug.cgi?id=2448857
[ 2 ] Bug #2448860 - CVE-2026-31973 samtools: SAMtools: Denial of Service due to NULL pointer dereference in cram-size command
https://bugzilla.redhat.com/show_bug.cgi?id=2448860
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-cb321bebb5' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new

[SECURITY] Fedora 44 Update: bcftools-1.23.1-1.fc44

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-cb321bebb5
2026-03-28 00:15:26.019832+00:00
--------------------------------------------------------------------------------

Name : bcftools
Product : Fedora 44
Version : 1.23.1
Release : 1.fc44
URL : https://www.htslib.org/
Summary : Tools for genomic variant calling and manipulating VCF/BCF files
Description :
BCFtools is a set of utilities that manipulate genomic variant calls in the
Variant Call Format (VCF) and its binary counterpart (BCF). All commands work
transparently with both VCFs and BCFs, both uncompressed and BGZF-compressed.

(This BCFtools includes the polysomy subcommand, which is implemented using
the GNU Scientific Library. Hence this package is licensed according to the
GNU General Public License, rather than the MIT license used when BCFtools
is built without the polysomy subcommand.)

--------------------------------------------------------------------------------
Update Information:

Update to 1.23.1
--------------------------------------------------------------------------------
ChangeLog:

* Thu Mar 19 2026 Rasmus Ory Nielsen [ron@ron.dk] - 1.23.1-1
- Updated to 1.23.1
- Removed patch now that issue 2495 is fixed upstream
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2448857 - CVE-2026-31972 samtools: SAMtools: Information Disclosure and Denial of Service via use-after-free vulnerability in mpileup command
https://bugzilla.redhat.com/show_bug.cgi?id=2448857
[ 2 ] Bug #2448860 - CVE-2026-31973 samtools: SAMtools: Denial of Service due to NULL pointer dereference in cram-size command
https://bugzilla.redhat.com/show_bug.cgi?id=2448860
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-cb321bebb5' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new

[SECURITY] Fedora 44 Update: htslib-1.23.1-1.fc44

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-cb321bebb5
2026-03-28 00:15:26.019832+00:00
--------------------------------------------------------------------------------

Name : htslib
Product : Fedora 44
Version : 1.23.1
Release : 1.fc44
URL : http://www.htslib.org
Summary : C library for high-throughput sequencing data formats
Description :
HTSlib is an implementation of a unified C library for accessing common file
formats, such as SAM, CRAM and VCF, used for high-throughput sequencing data,
and is the core library used by samtools and bcftools.

--------------------------------------------------------------------------------
Update Information:

Update to 1.23.1
--------------------------------------------------------------------------------
ChangeLog:

* Thu Mar 19 2026 Rasmus Ory Nielsen [ron@ron.dk] - 1.23.1-1
- Updated to 1.23.1
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2448857 - CVE-2026-31972 samtools: SAMtools: Information Disclosure and Denial of Service via use-after-free vulnerability in mpileup command
https://bugzilla.redhat.com/show_bug.cgi?id=2448857
[ 2 ] Bug #2448860 - CVE-2026-31973 samtools: SAMtools: Denial of Service due to NULL pointer dereference in cram-size command
https://bugzilla.redhat.com/show_bug.cgi?id=2448860
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-cb321bebb5' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new

[SECURITY] Fedora 44 Update: mongo-c-driver-1.30.7-2.fc44

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-508009213f
2026-03-28 00:15:26.019815+00:00
--------------------------------------------------------------------------------

Name : mongo-c-driver
Product : Fedora 44
Version : 1.30.7
Release : 2.fc44
URL : https://github.com/mongodb/mongo-c-driver
Summary : Client library written in C for MongoDB
Description :
mongo-c-driver is a client library written in C for MongoDB.

--------------------------------------------------------------------------------
Update Information:

Fix handling in HTTP response parser CVE-2026-4359
--------------------------------------------------------------------------------
ChangeLog:

* Thu Mar 19 2026 Remi Collet [remi@remirepo.net] - 1.30.7-2
- add upstream fix for CVE-2026-4359
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-508009213f' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new

[SECURITY] Fedora 44 Update: rubygem-json-2.19.2-1.fc44

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-3a7663d43d
2026-03-28 00:15:26.019819+00:00
--------------------------------------------------------------------------------

Name : rubygem-json
Product : Fedora 44
Version : 2.19.2
Release : 1.fc44
URL : https://github.com/flori/json
Summary : A JSON implementation in Ruby
Description :
This is a implementation of the JSON specification according
to RFC 4627 in Ruby.
You can think of it as a low fat alternative to XML,
if you want to store data to disk or transmit it over
a network rather than use a verbose markup language.

--------------------------------------------------------------------------------
Update Information:

New version 2.19.2 is released. This fixes a format string injection
vulnerability in JSON.parse, which is now assigned as CVE-2026-33210
--------------------------------------------------------------------------------
ChangeLog:

* Thu Mar 19 2026 Mamoru TASAKA [mtasaka@fedoraproject.org] - 2.19.2-1
- 2.19.2
- Fixes CVE-2026-33210
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-3a7663d43d' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new

[SECURITY] Fedora 44 Update: roundcubemail-1.7~rc5-1.fc44

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-9b0f520716
2026-03-28 00:15:26.019784+00:00
--------------------------------------------------------------------------------

Name : roundcubemail
Product : Fedora 44
Version : 1.7~rc5
Release : 1.fc44
URL : http://www.roundcube.net
Summary : Round Cube Webmail is a browser-based multilingual IMAP client
Description :
RoundCube Webmail is a browser-based multilingual IMAP client
with an application-like user interface. It provides full
functionality you expect from an e-mail client, including MIME
support, address book, folder manipulation, message searching
and spell checking. RoundCube Webmail is written in PHP and
requires a database: MySQL, PostgreSQL and SQLite are known to
work. The user interface is fully skinnable using XHTML and
CSS 2.

--------------------------------------------------------------------------------
Update Information:

Version 1.7-rc5
Password: Add nt-binary hashing method (#10096)
Fix URL matching for domain names with port numbers (#10105)
Fix PHP fatal error when using IMAP cache (#10102)
Fix Postgres connection using IPv6 address (#10104)
Fix bug where rel=stylesheet part of a could get removed
Security: Fix pre-auth arbitrary file write via unsafe deserialization in
redis/memcache session handler
Security: Fix bug where a password could get changed without providing the old
password
Security: Fix IMAP Injection + CSRF bypass in mail search
Security: Fix remote image blocking bypass via various SVG animate attributes
Security: Fix remote image blocking bypass via a crafted body background
attribute
Security: Fix fixed position mitigation bypass via use of !important
Security: Fix XSS issue in a HTML attachment preview
Security: Fix SSRF + Information Disclosure via stylesheet links to a local
network hosts
--------------------------------------------------------------------------------
ChangeLog:

* Wed Mar 18 2026 Remi Collet [remi@remirepo.net] - 1.7~rc5-1
- update to 1.7-rc5
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-9b0f520716' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new

[SECURITY] Fedora 44 Update: suricata-8.0.4-1.fc44

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-45a7e37b8a
2026-03-28 00:15:26.019776+00:00
--------------------------------------------------------------------------------

Name : suricata
Product : Fedora 44
Version : 8.0.4
Release : 1.fc44
URL : https://suricata.io/
Summary : Intrusion Detection System
Description :
The Suricata Engine is an Open Source Next Generation Intrusion
Detection and Prevention Engine. This engine is not intended to
just replace or emulate the existing tools in the industry, but
will bring new ideas and technologies to the field. This new Engine
supports Multi-threading, Automatic Protocol Detection (IP, TCP,
UDP, ICMP, HTTP, TLS, FTP and SMB! ), Gzip Decompression, Fast IP
Matching, and GeoIP identification.

--------------------------------------------------------------------------------
Update Information:

Upstream security/bugfix release.
--------------------------------------------------------------------------------
ChangeLog:

* Wed Mar 18 2026 Jason Taylor [jtfas90@proton.me] 8.0.4-1
- Upstream security/bugfix release
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-45a7e37b8a' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new

[SECURITY] Fedora 44 Update: uv-0.10.12-1.fc44

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-e22a7dbf2d
2026-03-28 00:15:26.019772+00:00
--------------------------------------------------------------------------------

Name : uv
Product : Fedora 44
Version : 0.10.12
Release : 1.fc44
URL : https://github.com/astral-sh/uv
Summary : An extremely fast Python package installer and resolver, written in Rust
Description :
An extremely fast Python package and project manager, written in Rust.

Highlights:

??? A single tool to replace pip, pip-tools, pipx, poetry, pyenv, twine,
virtualenv, and more.
??? 10-100x faster than pip.
??? Provides comprehensive project management, with a universal lockfile.
??? Runs scripts, with support for inline dependency metadata.
??? Installs and manages Python versions.
??? Runs and installs tools published as Python packages.
??? Includes a pip-compatible interface for a performance boost with a familiar
CLI.
??? Supports Cargo-style workspaces for scalable projects.
??? Disk-space efficient, with a global cache for dependency deduplication.

--------------------------------------------------------------------------------
Update Information:

Update rust-astral-tokio-tar to 0.6.0, fixing CVE-2026-32766. Update rust-tar to
0.4.45, fixing CVE-2026-33056. Update rust-nix to 0.31.2. Update uv and python-
uv-build to 0.10.2, rebuilding them with the latest rust-astral-tokio-tar and
rust-tar. Update python-fastar to 0.9.0, rebuilding it with the lastest rust-
tar. Rebuild maturin with the latest rust-tar.
--------------------------------------------------------------------------------
ChangeLog:

* Fri Mar 20 2026 Benjamin A. Beasley [code@musicinmybrain.net] - 0.10.12-1
- Update to 0.10.12 (close RHBZ#2449243)
* Tue Mar 17 2026 Benjamin A. Beasley [code@musicinmybrain.net] - 0.10.11-1
- Update to 0.10.11 (close RHBZ#2448300)
* Sun Mar 15 2026 Benjamin A. Beasley [code@musicinmybrain.net] - 0.10.10-1
- Update to 0.10.10 (close RHBZ#2447540)
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2448054 - rust-astral-tokio-tar-0.6.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2448054
[ 2 ] Bug #2449243 - uv-0.10.12 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2449243
[ 3 ] Bug #2449274 - rust-tar-0.4.45 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2449274
[ 4 ] Bug #2449338 - python-uv-build-0.10.12 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2449338
[ 5 ] Bug #2449645 - python-fastar-0.9.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2449645
[ 6 ] Bug #2449681 - CVE-2026-33056 maturin: tar-rs: Arbitrary directory permission modification via crafted tar archive [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2449681
[ 7 ] Bug #2449683 - CVE-2026-33056 python-fastar: tar-rs: Arbitrary directory permission modification via crafted tar archive [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2449683
[ 8 ] Bug #2449684 - CVE-2026-33056 python-uv-build: tar-rs: Arbitrary directory permission modification via crafted tar archive [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2449684
[ 9 ] Bug #2449694 - CVE-2026-33056 uv: tar-rs: Arbitrary directory permission modification via crafted tar archive [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2449694
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-e22a7dbf2d' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

[SECURITY] Fedora 44 Update: rust-nix-0.31.2-1.fc44

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-e22a7dbf2d
2026-03-28 00:15:26.019772+00:00
--------------------------------------------------------------------------------

Name : rust-nix
Product : Fedora 44
Version : 0.31.2
Release : 1.fc44
URL : https://crates.io/crates/nix
Summary : Rust friendly bindings to *nix APIs
Description :
Rust friendly bindings to *nix APIs.

--------------------------------------------------------------------------------
Update Information:

Update rust-astral-tokio-tar to 0.6.0, fixing CVE-2026-32766. Update rust-tar to
0.4.45, fixing CVE-2026-33056. Update rust-nix to 0.31.2. Update uv and python-
uv-build to 0.10.2, rebuilding them with the latest rust-astral-tokio-tar and
rust-tar. Update python-fastar to 0.9.0, rebuilding it with the lastest rust-
tar. Rebuild maturin with the latest rust-tar.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Mar 17 2026 Benjamin A. Beasley [code@musicinmybrain.net] - 0.31.2-1
- Update to verison 0.31.2; Fixes RHBZ#2443509
* Thu Feb 12 2026 Fabio Valentini [decathorpe@gmail.com] - 0.31.1-2
- Skip one additional test that fails on RHEL 9
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2448054 - rust-astral-tokio-tar-0.6.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2448054
[ 2 ] Bug #2449243 - uv-0.10.12 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2449243
[ 3 ] Bug #2449274 - rust-tar-0.4.45 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2449274
[ 4 ] Bug #2449338 - python-uv-build-0.10.12 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2449338
[ 5 ] Bug #2449645 - python-fastar-0.9.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2449645
[ 6 ] Bug #2449681 - CVE-2026-33056 maturin: tar-rs: Arbitrary directory permission modification via crafted tar archive [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2449681
[ 7 ] Bug #2449683 - CVE-2026-33056 python-fastar: tar-rs: Arbitrary directory permission modification via crafted tar archive [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2449683
[ 8 ] Bug #2449684 - CVE-2026-33056 python-uv-build: tar-rs: Arbitrary directory permission modification via crafted tar archive [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2449684
[ 9 ] Bug #2449694 - CVE-2026-33056 uv: tar-rs: Arbitrary directory permission modification via crafted tar archive [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2449694
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-e22a7dbf2d' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new

[SECURITY] Fedora 44 Update: rust-astral-tokio-tar-0.6.0-1.fc44

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-e22a7dbf2d
2026-03-28 00:15:26.019772+00:00
--------------------------------------------------------------------------------

Name : rust-astral-tokio-tar
Product : Fedora 44
Version : 0.6.0
Release : 1.fc44
URL : https://crates.io/crates/astral-tokio-tar
Summary : Rust implementation of an async TAR file reader and writer
Description :
A Rust implementation of an async TAR file reader and writer. This
library does not currently handle compression, but it is abstract over
all I/O readers and writers. Additionally, great lengths are taken to
ensure that the entire contents are never required to be entirely
resident in memory all at once.

--------------------------------------------------------------------------------
Update Information:

Update rust-astral-tokio-tar to 0.6.0, fixing CVE-2026-32766. Update rust-tar to
0.4.45, fixing CVE-2026-33056. Update rust-nix to 0.31.2. Update uv and python-
uv-build to 0.10.2, rebuilding them with the latest rust-astral-tokio-tar and
rust-tar. Update python-fastar to 0.9.0, rebuilding it with the lastest rust-
tar. Rebuild maturin with the latest rust-tar.
--------------------------------------------------------------------------------
ChangeLog:

* Mon Mar 16 2026 Benjamin A. Beasley [code@musicinmybrain.net] - 0.6.0-1
- Update to version 0.6.0; Fixes RHBZ#2448054
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2448054 - rust-astral-tokio-tar-0.6.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2448054
[ 2 ] Bug #2449243 - uv-0.10.12 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2449243
[ 3 ] Bug #2449274 - rust-tar-0.4.45 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2449274
[ 4 ] Bug #2449338 - python-uv-build-0.10.12 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2449338
[ 5 ] Bug #2449645 - python-fastar-0.9.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2449645
[ 6 ] Bug #2449681 - CVE-2026-33056 maturin: tar-rs: Arbitrary directory permission modification via crafted tar archive [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2449681
[ 7 ] Bug #2449683 - CVE-2026-33056 python-fastar: tar-rs: Arbitrary directory permission modification via crafted tar archive [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2449683
[ 8 ] Bug #2449684 - CVE-2026-33056 python-uv-build: tar-rs: Arbitrary directory permission modification via crafted tar archive [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2449684
[ 9 ] Bug #2449694 - CVE-2026-33056 uv: tar-rs: Arbitrary directory permission modification via crafted tar archive [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2449694
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-e22a7dbf2d' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new

[SECURITY] Fedora 44 Update: python-fastar-0.9.0-2.fc44

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-e22a7dbf2d
2026-03-28 00:15:26.019772+00:00
--------------------------------------------------------------------------------

Name : python-fastar
Product : Fedora 44
Version : 0.9.0
Release : 2.fc44
URL : https://github.com/DoctorJohn/fastar
Summary : High-level bindings for the Rust tar crate
Description :
The fastar library wraps the Rust tar, flate2, and zstd crates, providing a
high-performance way to work with compressed and uncompressed tar archives in
Python.

--------------------------------------------------------------------------------
Update Information:

Update rust-astral-tokio-tar to 0.6.0, fixing CVE-2026-32766. Update rust-tar to
0.4.45, fixing CVE-2026-33056. Update rust-nix to 0.31.2. Update uv and python-
uv-build to 0.10.2, rebuilding them with the latest rust-astral-tokio-tar and
rust-tar. Update python-fastar to 0.9.0, rebuilding it with the lastest rust-
tar. Rebuild maturin with the latest rust-tar.
--------------------------------------------------------------------------------
ChangeLog:

* Sat Mar 21 2026 Benjamin A. Beasley [code@musicinmybrain.net] - 0.9.0-2
- Rebuilt with rust-tar 0.4.45 for CVE-2026-33056
* Fri Mar 20 2026 Benjamin A. Beasley [code@musicinmybrain.net] - 0.9.0-1
- Update to 0.9.0 (close RHBZ#2449645)
* Fri Mar 20 2026 Benjamin A. Beasley [code@musicinmybrain.net] - 0.8.0-3
- Allow PyO3 0.28
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2448054 - rust-astral-tokio-tar-0.6.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2448054
[ 2 ] Bug #2449243 - uv-0.10.12 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2449243
[ 3 ] Bug #2449274 - rust-tar-0.4.45 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2449274
[ 4 ] Bug #2449338 - python-uv-build-0.10.12 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2449338
[ 5 ] Bug #2449645 - python-fastar-0.9.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2449645
[ 6 ] Bug #2449681 - CVE-2026-33056 maturin: tar-rs: Arbitrary directory permission modification via crafted tar archive [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2449681
[ 7 ] Bug #2449683 - CVE-2026-33056 python-fastar: tar-rs: Arbitrary directory permission modification via crafted tar archive [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2449683
[ 8 ] Bug #2449684 - CVE-2026-33056 python-uv-build: tar-rs: Arbitrary directory permission modification via crafted tar archive [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2449684
[ 9 ] Bug #2449694 - CVE-2026-33056 uv: tar-rs: Arbitrary directory permission modification via crafted tar archive [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2449694
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-e22a7dbf2d' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new

[SECURITY] Fedora 44 Update: rust-tar-0.4.45-1.fc44

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-e22a7dbf2d
2026-03-28 00:15:26.019772+00:00
--------------------------------------------------------------------------------

Name : rust-tar
Product : Fedora 44
Version : 0.4.45
Release : 1.fc44
URL : https://crates.io/crates/tar
Summary : Rust implementation of a TAR file reader and writer
Description :
A Rust implementation of a TAR file reader and writer. This library does
not currently handle compression, but it is abstract over all I/O
readers and writers. Additionally, great lengths are taken to ensure
that the entire contents are never required to be entirely resident in
memory all at once.

--------------------------------------------------------------------------------
Update Information:

Update rust-astral-tokio-tar to 0.6.0, fixing CVE-2026-32766. Update rust-tar to
0.4.45, fixing CVE-2026-33056. Update rust-nix to 0.31.2. Update uv and python-
uv-build to 0.10.2, rebuilding them with the latest rust-astral-tokio-tar and
rust-tar. Update python-fastar to 0.9.0, rebuilding it with the lastest rust-
tar. Rebuild maturin with the latest rust-tar.
--------------------------------------------------------------------------------
ChangeLog:

* Fri Mar 20 2026 Benjamin A. Beasley [code@musicinmybrain.net] - 0.4.45-1
- Update to version 0.4.45; Fixes RHBZ#2449274
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2448054 - rust-astral-tokio-tar-0.6.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2448054
[ 2 ] Bug #2449243 - uv-0.10.12 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2449243
[ 3 ] Bug #2449274 - rust-tar-0.4.45 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2449274
[ 4 ] Bug #2449338 - python-uv-build-0.10.12 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2449338
[ 5 ] Bug #2449645 - python-fastar-0.9.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2449645
[ 6 ] Bug #2449681 - CVE-2026-33056 maturin: tar-rs: Arbitrary directory permission modification via crafted tar archive [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2449681
[ 7 ] Bug #2449683 - CVE-2026-33056 python-fastar: tar-rs: Arbitrary directory permission modification via crafted tar archive [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2449683
[ 8 ] Bug #2449684 - CVE-2026-33056 python-uv-build: tar-rs: Arbitrary directory permission modification via crafted tar archive [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2449684
[ 9 ] Bug #2449694 - CVE-2026-33056 uv: tar-rs: Arbitrary directory permission modification via crafted tar archive [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2449694
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-e22a7dbf2d' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new

[SECURITY] Fedora 44 Update: python-uv-build-0.10.12-1.fc44

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-e22a7dbf2d
2026-03-28 00:15:26.019772+00:00
--------------------------------------------------------------------------------

Name : python-uv-build
Product : Fedora 44
Version : 0.10.12
Release : 1.fc44
URL : https://pypi.org/project/uv-build
Summary : The uv build backend
Description :

This package is a slimmed down version of uv containing only the build
backend.

--------------------------------------------------------------------------------
Update Information:

Update rust-astral-tokio-tar to 0.6.0, fixing CVE-2026-32766. Update rust-tar to
0.4.45, fixing CVE-2026-33056. Update rust-nix to 0.31.2. Update uv and python-
uv-build to 0.10.2, rebuilding them with the latest rust-astral-tokio-tar and
rust-tar. Update python-fastar to 0.9.0, rebuilding it with the lastest rust-
tar. Rebuild maturin with the latest rust-tar.
--------------------------------------------------------------------------------
ChangeLog:

* Fri Mar 20 2026 Benjamin A. Beasley [code@musicinmybrain.net] - 0.10.12-1
- Update to 0.10.12 (close RHBZ#2449338)
* Tue Mar 17 2026 Benjamin A. Beasley [code@musicinmybrain.net] - 0.10.11-1
- Update to 0.10.11 (close RHBZ#2448298)
* Sun Mar 15 2026 Benjamin A. Beasley [code@musicinmybrain.net] - 0.10.10-1
- Update to 0.10.10 (close RHBZ#2447539)
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2448054 - rust-astral-tokio-tar-0.6.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2448054
[ 2 ] Bug #2449243 - uv-0.10.12 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2449243
[ 3 ] Bug #2449274 - rust-tar-0.4.45 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2449274
[ 4 ] Bug #2449338 - python-uv-build-0.10.12 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2449338
[ 5 ] Bug #2449645 - python-fastar-0.9.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2449645
[ 6 ] Bug #2449681 - CVE-2026-33056 maturin: tar-rs: Arbitrary directory permission modification via crafted tar archive [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2449681
[ 7 ] Bug #2449683 - CVE-2026-33056 python-fastar: tar-rs: Arbitrary directory permission modification via crafted tar archive [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2449683
[ 8 ] Bug #2449684 - CVE-2026-33056 python-uv-build: tar-rs: Arbitrary directory permission modification via crafted tar archive [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2449684
[ 9 ] Bug #2449694 - CVE-2026-33056 uv: tar-rs: Arbitrary directory permission modification via crafted tar archive [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2449694
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-e22a7dbf2d' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new

[SECURITY] Fedora 44 Update: maturin-1.9.6-5.fc44

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-e22a7dbf2d
2026-03-28 00:15:26.019772+00:00
--------------------------------------------------------------------------------

Name : maturin
Product : Fedora 44
Version : 1.9.6
Release : 5.fc44
URL : https://github.com/PyO3/maturin
Summary : Build and publish Rust crates as Python packages
Description :
Build and publish crates with pyo3, rust-cpython and cffi bindings as
well as rust binaries as python packages.

--------------------------------------------------------------------------------
Update Information:

Update rust-astral-tokio-tar to 0.6.0, fixing CVE-2026-32766. Update rust-tar to
0.4.45, fixing CVE-2026-33056. Update rust-nix to 0.31.2. Update uv and python-
uv-build to 0.10.2, rebuilding them with the latest rust-astral-tokio-tar and
rust-tar. Update python-fastar to 0.9.0, rebuilding it with the lastest rust-
tar. Rebuild maturin with the latest rust-tar.
--------------------------------------------------------------------------------
ChangeLog:

* Sat Mar 21 2026 Benjamin A. Beasley [code@musicinmybrain.net] - 1.9.6-5
- Rebuilt with rust-tar 0.4.45 for CVE-2026-33056
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2448054 - rust-astral-tokio-tar-0.6.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2448054
[ 2 ] Bug #2449243 - uv-0.10.12 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2449243
[ 3 ] Bug #2449274 - rust-tar-0.4.45 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2449274
[ 4 ] Bug #2449338 - python-uv-build-0.10.12 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2449338
[ 5 ] Bug #2449645 - python-fastar-0.9.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2449645
[ 6 ] Bug #2449681 - CVE-2026-33056 maturin: tar-rs: Arbitrary directory permission modification via crafted tar archive [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2449681
[ 7 ] Bug #2449683 - CVE-2026-33056 python-fastar: tar-rs: Arbitrary directory permission modification via crafted tar archive [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2449683
[ 8 ] Bug #2449684 - CVE-2026-33056 python-uv-build: tar-rs: Arbitrary directory permission modification via crafted tar archive [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2449684
[ 9 ] Bug #2449694 - CVE-2026-33056 uv: tar-rs: Arbitrary directory permission modification via crafted tar archive [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2449694
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-e22a7dbf2d' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new

Libvpx, Strongswan, BIND updates for Debian

Opencryptoki, Nginx, Kernel, and more updates for Rocky Linux

[SECURITY] Fedora 42 Update: chromium-146.0.7680.164-1.fc42

[SECURITY] Fedora 42 Update: php-phpseclib-2.0.52-1.fc42

[SECURITY] Fedora 42 Update: dotnet9.0-9.0.115-1.fc42

[SECURITY] Fedora 42 Update: samtools-1.23.1-1.fc42

[SECURITY] Fedora 42 Update: htslib-1.23.1-1.fc42

[SECURITY] Fedora 42 Update: bcftools-1.23.1-1.fc42

[SECURITY] Fedora 42 Update: roundcubemail-1.6.14-1.fc42

[SECURITY] Fedora 42 Update: mongo-c-driver-1.30.7-2.fc42

[SECURITY] Fedora 42 Update: dotnet8.0-8.0.125-1.fc42

[SECURITY] Fedora 42 Update: dotnet10.0-10.0.104-1.fc42

[SECURITY] Fedora 43 Update: python3.12-3.12.13-2.fc43

[SECURITY] Fedora 43 Update: perl-XML-Parser-2.51-1.fc43

[SECURITY] Fedora 43 Update: samtools-1.23.1-1.fc43

[SECURITY] Fedora 43 Update: htslib-1.23.1-1.fc43

[SECURITY] Fedora 43 Update: bcftools-1.23.1-1.fc43

[SECURITY] Fedora 43 Update: mongo-c-driver-1.30.7-2.fc43

[SECURITY] Fedora 43 Update: php-phpseclib-2.0.52-1.fc43

[SECURITY] Fedora 43 Update: python-uv-build-0.10.12-1.fc43

[SECURITY] Fedora 43 Update: roundcubemail-1.6.14-1.fc43

[SECURITY] Fedora 43 Update: rust-tar-0.4.45-1.fc43

[SECURITY] Fedora 43 Update: rust-astral-tokio-tar-0.6.0-1.fc43

[SECURITY] Fedora 43 Update: suricata-7.0.15-1.fc43

[SECURITY] Fedora 43 Update: python-fastar-0.9.0-2.fc43

[SECURITY] Fedora 43 Update: uv-0.10.12-1.fc43

[SECURITY] Fedora 43 Update: rust-nix-0.31.2-1.fc43

[SECURITY] Fedora 43 Update: maturin-1.9.6-5.fc43

[SECURITY] Fedora 44 Update: uv-0.11.2-1.fc44

[SECURITY] Fedora 44 Update: rust-reqsign-tencent-cos-3.0.0-1.fc44

[SECURITY] Fedora 44 Update: rust-reqsign-huaweicloud-obs-3.0.0-1.fc44

[SECURITY] Fedora 44 Update: rust-reqsign-file-read-tokio-3.0.0-1.fc44

[SECURITY] Fedora 44 Update: rust-reqsign-aliyun-oss-3.0.0-1.fc44

[SECURITY] Fedora 44 Update: rust-reqsign-command-execute-tokio-3.0.0-1.fc44

[SECURITY] Fedora 44 Update: rust-reqsign-azure-storage-3.0.0-1.fc44

[SECURITY] Fedora 44 Update: rust-reqsign-0.20.0-1.fc44

[SECURITY] Fedora 44 Update: rust-rustls-native-certs-0.8.3-1.fc44

[SECURITY] Fedora 44 Update: rust-webpki-root-certs-1.0.6-1.fc44

[SECURITY] Fedora 44 Update: rust-openssl-probe0.1-0.1.6-1.fc44

[SECURITY] Fedora 44 Update: rust-reqsign-http-send-reqwest-4.0.0-1.fc44

[SECURITY] Fedora 44 Update: rust-reqsign-google-3.0.0-1.fc44

[SECURITY] Fedora 44 Update: rust-astral-reqwest-retry-0.9.1-1.fc44

[SECURITY] Fedora 44 Update: rust-reqsign-core-3.0.0-1.fc44

[SECURITY] Fedora 44 Update: rust-astral-reqwest-middleware-0.5.1-1.fc44

[SECURITY] Fedora 44 Update: rust-astral_async_http_range_reader-0.10.0-1.fc44

[SECURITY] Fedora 44 Update: rust-openssl-probe-0.2.1-1.fc44

[SECURITY] Fedora 44 Update: rust-reqsign-aws-v4-3.0.0-1.fc44

[SECURITY] Fedora 44 Update: python-uv-build-0.11.2-1.fc44

[SECURITY] Fedora 44 Update: rust-native-tls-0.2.18-1.fc44

[SECURITY] Fedora 44 Update: rust-ambient-id-0.0.11-1.fc44

[SECURITY] Fedora 44 Update: perl-XML-Parser-2.51-1.fc44

[SECURITY] Fedora 44 Update: giflib-6.1.2-1.fc44

[SECURITY] Fedora 44 Update: samtools-1.23.1-1.fc44

[SECURITY] Fedora 44 Update: bcftools-1.23.1-1.fc44

[SECURITY] Fedora 44 Update: htslib-1.23.1-1.fc44

[SECURITY] Fedora 44 Update: mongo-c-driver-1.30.7-2.fc44

[SECURITY] Fedora 44 Update: rubygem-json-2.19.2-1.fc44

[SECURITY] Fedora 44 Update: roundcubemail-1.7~rc5-1.fc44

[SECURITY] Fedora 44 Update: suricata-8.0.4-1.fc44

[SECURITY] Fedora 44 Update: uv-0.10.12-1.fc44

[SECURITY] Fedora 44 Update: rust-nix-0.31.2-1.fc44

[SECURITY] Fedora 44 Update: rust-astral-tokio-tar-0.6.0-1.fc44

[SECURITY] Fedora 44 Update: python-fastar-0.9.0-2.fc44

[SECURITY] Fedora 44 Update: rust-tar-0.4.45-1.fc44

[SECURITY] Fedora 44 Update: python-uv-build-0.10.12-1.fc44

[SECURITY] Fedora 44 Update: maturin-1.9.6-5.fc44

Windows

Linux

macOS

Community