Fedora 43 Update: python-pillow-jxl-plugin-1.3.7-2.fc43
Fedora 43 Update: betterleaks-1.6.0-1.fc43
Fedora 43 Update: python-cramjam-2.11.0-12.fc43
Fedora 43 Update: python-rignore-0.7.6-7.fc43
Fedora 43 Update: python-fastar-0.11.0-7.fc43
Fedora 43 Update: perl-JavaScript-Minifier-XS-0.16-1.fc43
Fedora 43 Update: tor-0.4.9.11-1.fc43
Fedora 43 Update: perl-IO-Compress-2.221-1.fc43
Fedora 43 Update: perl-Compress-Raw-Bzip2-2.218-1.fc43
Fedora 44 Update: docker-compose-5.3.0-1.fc44
Fedora 44 Update: helm-4.2.2-1.fc44
Fedora 44 Update: betterleaks-1.6.0-1.fc44
Fedora 44 Update: python-pillow-jxl-plugin-1.3.7-2.fc44
Fedora 44 Update: python-cramjam-2.11.0-12.fc44
Fedora 44 Update: python-rignore-0.7.6-7.fc44
Fedora 44 Update: python-fastar-0.11.0-7.fc44
Fedora 44 Update: perl-JavaScript-Minifier-XS-0.16-1.fc44
Fedora 44 Update: tor-0.4.9.11-1.fc44
[SECURITY] Fedora 43 Update: python-pillow-jxl-plugin-1.3.7-2.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-75b3256794
2026-07-08 01:09:58.800732+00:00
--------------------------------------------------------------------------------
Name : python-pillow-jxl-plugin
Product : Fedora 43
Version : 1.3.7
Release : 2.fc43
URL : https://github.com/Isotr0py/pillow-jpegxl-plugin
Summary : Pillow plugin for JPEG-XL
Description :
Pillow plugin for JPEG-XL, using Rust for bindings.
--------------------------------------------------------------------------------
Update Information:
Update to 1.3.7, and update PyO3 to 0.29, with fixes for RUSTSEC-2026-0176 and
RUSTSEC-2026-0177.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Jun 29 2026 Benjamin A. Beasley [code@musicinmybrain.net] - 1.3.7-2
- Update PyO3 to 0.29
* Mon Jun 29 2026 Benjamin A. Beasley [code@musicinmybrain.net] - 1.3.7-1
- Update to version 1.3.7; Fixes RHBZ#2403496
* Mon Jun 29 2026 Benjamin A. Beasley [code@musicinmybrain.net] - 1.3.6-1
- Update to 1.3.6
* Mon Jun 29 2026 Benjamin A. Beasley [code@musicinmybrain.net] - 1.3.5-1
- Update to 1.3.5
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-75b3256794' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 43 Update: betterleaks-1.6.0-1.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-97d351d54e
2026-07-08 01:09:58.800725+00:00
--------------------------------------------------------------------------------
Name : betterleaks
Product : Fedora 43
Version : 1.6.0
Release : 1.fc43
URL : https://github.com/betterleaks/betterleaks
Summary : Secrets scanner built for configurability and speed
Description :
A Better Secrets Scanner built for configurability and speed.
--------------------------------------------------------------------------------
Update Information:
Update to 1.6.0
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jun 26 2026 Packit [hello@packit.dev] - 1.6.0-1
- Update to 1.6.0 upstream release
- Resolves: rhbz#2493577
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2494283 - CVE-2026-27145 betterleaks: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2494283
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-97d351d54e' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 43 Update: python-cramjam-2.11.0-12.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-07ef57edc0
2026-07-08 01:09:58.800719+00:00
--------------------------------------------------------------------------------
Name : python-cramjam
Product : Fedora 43
Version : 2.11.0
Release : 12.fc43
URL : https://github.com/milesgranger/cramjam
Summary : Thin Python bindings to de/compression algorithms in Rust
Description :
Thin Python bindings to de/compression algorithms in Rust.
--------------------------------------------------------------------------------
Update Information:
Update to PyO3 0.29, with fixes for RUSTSEC-2026-0176 and RUSTSEC-2026-0177.
--------------------------------------------------------------------------------
ChangeLog:
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-07ef57edc0' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 43 Update: python-rignore-0.7.6-7.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-8a19b048cc
2026-07-08 01:09:58.800702+00:00
--------------------------------------------------------------------------------
Name : python-rignore
Product : Fedora 43
Version : 0.7.6
Release : 7.fc43
URL : https://github.com/patrick91/rignore
Summary : Python bindings for the ignore crate
Description :
rignore is a Python module that provides a high-performance, Rust-powered file
system traversal functionality. It wraps the Rust ignore crate using PyO3,
offering an efficient way to walk through directories while respecting various
ignore rules.
--------------------------------------------------------------------------------
Update Information:
Update to PyO3 0.29, with fixes for RUSTSEC-2026-0176 and RUSTSEC-2026-0177.
--------------------------------------------------------------------------------
ChangeLog:
* Sat Jun 20 2026 Benjamin A. Beasley [code@musicinmybrain.net] - 0.7.6-7
- Update PyO3 to 0.29
* Thu Jun 4 2026 Python Maint - 0.7.6-6
- Rebuilt for Python 3.15
* Fri May 15 2026 Benjamin A. Beasley [code@musicinmybrain.net] - 0.7.6-5
- Use long pyproject options
* Thu May 7 2026 Benjamin A. Beasley [code@musicinmybrain.net] - 0.7.6-3
- Use %pyproject_patch_dependency in lieu of tomcli
* Sat Jan 17 2026 Fedora Release Engineering [releng@fedoraproject.org] - 0.7.6-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-8a19b048cc' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 43 Update: python-fastar-0.11.0-7.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-0f558e63db
2026-07-08 01:09:58.800699+00:00
--------------------------------------------------------------------------------
Name : python-fastar
Product : Fedora 43
Version : 0.11.0
Release : 7.fc43
URL : https://github.com/DoctorJohn/fastar
Summary : High-level bindings for the Rust tar crate
Description :
The fastar library wraps the Rust tar, flate2, and zstd crates, providing a
high-performance way to work with compressed and uncompressed tar archives in
Python.
--------------------------------------------------------------------------------
Update Information:
Update to PyO3 0.29, with fixes for RUSTSEC-2026-0176 and RUSTSEC-2026-0177.
--------------------------------------------------------------------------------
ChangeLog:
* Sat Jun 20 2026 Benjamin A. Beasley [code@musicinmybrain.net] - 0.11.0-7
- Update to PyO3 0.29
* Wed Jun 3 2026 Python Maint - 0.11.0-6
- Rebuilt for Python 3.15
* Sat May 23 2026 Benjamin A. Beasley [code@musicinmybrain.net] - 0.11.0-5
- Use long pytest options
* Mon May 11 2026 Benjamin A. Beasley [code@musicinmybrain.net] - 0.11.0-4
- Use pyproject long options
* Thu May 7 2026 Benjamin A. Beasley [code@musicinmybrain.net] - 0.11.0-2
- Drop unused tomcli BuildRequires
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-0f558e63db' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 43 Update: perl-JavaScript-Minifier-XS-0.16-1.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-629b796808
2026-07-08 01:09:58.800689+00:00
--------------------------------------------------------------------------------
Name : perl-JavaScript-Minifier-XS
Product : Fedora 43
Version : 0.16
Release : 1.fc43
URL : https://metacpan.org/release/JavaScript-Minifier-XS
Summary : XS based JavaScript minifier
Description :
JavaScript::Minifier::XS is a JavaScript "minifier"; it's designed
to remove unnecessary white space and comments from JavaScript
files without breaking the JavaScript.
--------------------------------------------------------------------------------
Update Information:
0.16 bump - Fix CVE-2026-56017 and CVE-2026-56018
--------------------------------------------------------------------------------
ChangeLog:
* Mon Jun 29 2026 Jitka Plesnikova [jplesnik@redhat.com] - 0.16-1
- 0.16 bump (rhbz#2494051) - Fix CVE-2026-56017 and CVE-2026-56018
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2494051 - perl-JavaScript-Minifier-XS-0.16 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2494051
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-629b796808' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 43 Update: tor-0.4.9.11-1.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-aa3e7e6d5b
2026-07-08 01:09:58.800676+00:00
--------------------------------------------------------------------------------
Name : tor
Product : Fedora 43
Version : 0.4.9.11
Release : 1.fc43
URL : https://www.torproject.org
Summary : Anonymizing overlay network for TCP
Description :
The Tor network is a group of volunteer-operated servers that allows people to
improve their privacy and security on the Internet. Tor's users employ this
network by connecting through a series of virtual tunnels rather than making a
direct connection, thus allowing both organizations and individuals to share
information over public networks without compromising their privacy. Along the
same line, Tor is an effective censorship circumvention tool, allowing its
users to reach otherwise blocked destinations or content. Tor can also be used
as a building block for software developers to create new communication tools
with built-in privacy features.
This package contains the Tor software that can act as either a server on the
Tor network, or as a client to connect to the Tor network.
--------------------------------------------------------------------------------
Update Information:
Update to latest upstream release https://forum.torproject.org/t/security-
release-0-4-9-11/21786 bz#2483769
--------------------------------------------------------------------------------
ChangeLog:
* Sun Jun 28 2026 Marcel H??rry - 0.4.9.11-1
- Update to latest upstream release https://forum.torproject.org/t/security-release-0-4-9-11/21786 bz#2483769
* Fri Jun 12 2026 Yaakov Selkowitz [yselkowi@redhat.com] - 0.4.9.8-2
- Rebuilt for openssl 4.0
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2483769 - tor-0.4.9.11 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2483769
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-aa3e7e6d5b' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
[SECURITY] Fedora 43 Update: perl-IO-Compress-2.221-1.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-fb1f15ce04
2026-07-08 01:09:58.800663+00:00
--------------------------------------------------------------------------------
Name : perl-IO-Compress
Product : Fedora 43
Version : 2.221
Release : 1.fc43
URL : https://metacpan.org/release/IO-Compress
Summary : Read and write compressed data
Description :
This distribution provides a Perl interface to allow reading and writing of
compressed data created with the zlib and bzip2 libraries.
IO-Compress supports reading and writing of bzip2, RFC 1950, RFC 1951,
RFC 1952 (i.e. gzip) and zip files/buffers.
The following modules used to be distributed separately, but are now
included with the IO-Compress distribution:
* Compress-Zlib
* IO-Compress-Zlib
* IO-Compress-Bzip2
* IO-Compress-Base
--------------------------------------------------------------------------------
Update Information:
perl-Compress-Taw-Bzip2 - Updated to 2.218
perl-IO-Compress - Updated to 2.221 - Fix CVE-2025-15649, CVE-2026-48959,
CVE-2026-48961, CVE-2026-48962
--------------------------------------------------------------------------------
ChangeLog:
* Mon Jun 22 2026 Jitka Plesnikova [jplesnik@redhat.com] - 2.221-1
- 2.221 bump (rhbz#2489325)
Fixed CVE-2025-15649, CVE-2026-48961, CVE-2026-48962, CVE-2026-48959
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2445591 - perl-Compress-Raw-Bzip2-2.218 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2445591
[ 2 ] Bug #2483254 - CVE-2026-48962 perl-IO-Compress: perl-IO-Compress: Arbitrary code execution via attacker-controlled output glob [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2483254
[ 3 ] Bug #2489171 - CVE-2025-15649 perl-IO-Compress: perl-IO-Compress: Denial of Service via malformed DOS date in zip header [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2489171
[ 4 ] Bug #2489766 - CVE-2026-48961 perl-IO-Compress: IO::Compress: Denial of Service in zipdetails CLI tool via malformed Info-ZIP Unix Extra Field [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2489766
[ 5 ] Bug #2489781 - CVE-2026-48959 perl-IO-Compress: perl-IO-Compress: CPU exhaustion via per-byte read loop in fastForward [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2489781
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-fb1f15ce04' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 43 Update: perl-Compress-Raw-Bzip2-2.218-1.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-fb1f15ce04
2026-07-08 01:09:58.800663+00:00
--------------------------------------------------------------------------------
Name : perl-Compress-Raw-Bzip2
Product : Fedora 43
Version : 2.218
Release : 1.fc43
URL : https://metacpan.org/release/Compress-Raw-Bzip2
Summary : Low-level interface to bzip2 compression library
Description :
This module provides a Perl interface to the bzip2 compression library.
It is used by IO::Compress::Bzip2.
--------------------------------------------------------------------------------
Update Information:
perl-Compress-Taw-Bzip2 - Updated to 2.218
perl-IO-Compress - Updated to 2.221 - Fix CVE-2025-15649, CVE-2026-48959,
CVE-2026-48961, CVE-2026-48962
--------------------------------------------------------------------------------
ChangeLog:
* Mon Mar 9 2026 Paul Howarth - 2.218-1
- 2.218 bump (rhbz#2445591)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2445591 - perl-Compress-Raw-Bzip2-2.218 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2445591
[ 2 ] Bug #2483254 - CVE-2026-48962 perl-IO-Compress: perl-IO-Compress: Arbitrary code execution via attacker-controlled output glob [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2483254
[ 3 ] Bug #2489171 - CVE-2025-15649 perl-IO-Compress: perl-IO-Compress: Denial of Service via malformed DOS date in zip header [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2489171
[ 4 ] Bug #2489766 - CVE-2026-48961 perl-IO-Compress: IO::Compress: Denial of Service in zipdetails CLI tool via malformed Info-ZIP Unix Extra Field [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2489766
[ 5 ] Bug #2489781 - CVE-2026-48959 perl-IO-Compress: perl-IO-Compress: CPU exhaustion via per-byte read loop in fastForward [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2489781
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-fb1f15ce04' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 44 Update: docker-compose-5.3.0-1.fc44
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-5584d573ed
2026-07-08 00:57:00.088495+00:00
--------------------------------------------------------------------------------
Name : docker-compose
Product : Fedora 44
Version : 5.3.0
Release : 1.fc44
URL : https://github.com/docker/compose
Summary : Define and run multi-container applications with Docker
Description :
Define and run multi-container applications with Docker.
--------------------------------------------------------------------------------
Update Information:
Update to release v5.3.0
--------------------------------------------------------------------------------
ChangeLog:
* Thu Jul 2 2026 Bradley G Smith [bradley.g.smith@gmail.com] - 5.3.0-1
- Update to release v5.3.0
- Resolves: rhbz#2496535
- Resolves CVE-2026-53492: rhbz#2496550
- Resolves CVE-2026-47262: rhbz#2496433
- Upstream note: This release introduces native support for init
containers.
- Additional upstream fixes and new features
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2496535 - docker-compose-5.3.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2496535
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-5584d573ed' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 44 Update: helm-4.2.2-1.fc44
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-5b642da12e
2026-07-08 00:57:00.088478+00:00
--------------------------------------------------------------------------------
Name : helm
Product : Fedora 44
Version : 4.2.2
Release : 1.fc44
URL : https://github.com/helm/helm
Summary : The Kubernetes Package Manager
Description :
Helm is a tool for managing Charts. Charts are packages of pre-configured
Kubernetes resources.
Use Helm to:
- Find and use popular software packaged as Helm Charts to run in Kubernetes
- Share your own applications as Helm Charts
- Create reproducible builds of your Kubernetes applications
- Intelligently manage your Kubernetes manifest files
- Manage releases of Helm packages.
--------------------------------------------------------------------------------
Update Information:
Update to 4.2.2
--------------------------------------------------------------------------------
ChangeLog:
* Mon Jun 29 2026 Mikel Olasagasti Uranga [mikel@olasagasti.info] - 4.2.2-1
- Update to 4.2.2 - Closes rhbz#2488246
* Thu May 14 2026 Mikel Olasagasti Uranga [mikel@olasagasti.info] - 4.2.0-1
- Update to 4.2.0 - Closes rhbz#2446841
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2457445 - CVE-2026-35204 helm: Helm: Arbitrary file write via specially crafted plugin [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2457445
[ 2 ] Bug #2457446 - CVE-2026-35205 helm: Helm: Arbitrary code execution due to insufficient plugin provenance verification [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2457446
[ 3 ] Bug #2486237 - CVE-2026-45287 helm: OpenTelemetry-Go: Denial of Service due to file descriptor leak [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2486237
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-5b642da12e' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 44 Update: betterleaks-1.6.0-1.fc44
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-6f573784e6
2026-07-08 00:57:00.088470+00:00
--------------------------------------------------------------------------------
Name : betterleaks
Product : Fedora 44
Version : 1.6.0
Release : 1.fc44
URL : https://github.com/betterleaks/betterleaks
Summary : Secrets scanner built for configurability and speed
Description :
A Better Secrets Scanner built for configurability and speed.
--------------------------------------------------------------------------------
Update Information:
Update to 1.6.0
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jun 26 2026 Packit [hello@packit.dev] - 1.6.0-1
- Update to 1.6.0 upstream release
- Resolves: rhbz#2493577
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2494283 - CVE-2026-27145 betterleaks: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2494283
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-6f573784e6' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 44 Update: python-pillow-jxl-plugin-1.3.7-2.fc44
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-8c2e409ea5
2026-07-08 00:57:00.088460+00:00
--------------------------------------------------------------------------------
Name : python-pillow-jxl-plugin
Product : Fedora 44
Version : 1.3.7
Release : 2.fc44
URL : https://github.com/Isotr0py/pillow-jpegxl-plugin
Summary : Pillow plugin for JPEG-XL
Description :
Pillow plugin for JPEG-XL, using Rust for bindings.
--------------------------------------------------------------------------------
Update Information:
Update to 1.3.7, and update PyO3 to 0.29, with fixes for RUSTSEC-2026-0176 and
RUSTSEC-2026-0177.
--------------------------------------------------------------------------------
ChangeLog:
* Sat Jun 20 2026 Benjamin A. Beasley [code@musicinmybrain.net] - 1.3.7-2
- Update PyO3 to 0.29
* Sat Jun 20 2026 Benjamin A. Beasley [code@musicinmybrain.net] - 1.3.7-1
- Update to version 1.3.7; Fixes RHBZ#2403496
* Sat Jun 20 2026 Benjamin A. Beasley [code@musicinmybrain.net] - 1.3.6-1
- Update to 1.3.6
* Sat Jun 20 2026 Benjamin A. Beasley [code@musicinmybrain.net] - 1.3.5-1
- Update to 1.3.5
* Wed Jun 3 2026 Python Maint - 1.3.4-6
- Rebuilt for Python 3.15
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-8c2e409ea5' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 44 Update: python-cramjam-2.11.0-12.fc44
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-ed6d2b806a
2026-07-08 00:57:00.088463+00:00
--------------------------------------------------------------------------------
Name : python-cramjam
Product : Fedora 44
Version : 2.11.0
Release : 12.fc44
URL : https://github.com/milesgranger/cramjam
Summary : Thin Python bindings to de/compression algorithms in Rust
Description :
Thin Python bindings to de/compression algorithms in Rust.
--------------------------------------------------------------------------------
Update Information:
Update to PyO3 0.29, with fixes for RUSTSEC-2026-0176 and RUSTSEC-2026-0177.
--------------------------------------------------------------------------------
ChangeLog:
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-ed6d2b806a' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 44 Update: python-rignore-0.7.6-7.fc44
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-b77adbb5ea
2026-07-08 00:57:00.088453+00:00
--------------------------------------------------------------------------------
Name : python-rignore
Product : Fedora 44
Version : 0.7.6
Release : 7.fc44
URL : https://github.com/patrick91/rignore
Summary : Python bindings for the ignore crate
Description :
rignore is a Python module that provides a high-performance, Rust-powered file
system traversal functionality. It wraps the Rust ignore crate using PyO3,
offering an efficient way to walk through directories while respecting various
ignore rules.
--------------------------------------------------------------------------------
Update Information:
Update to PyO3 0.29, with fixes for RUSTSEC-2026-0176 and RUSTSEC-2026-0177.
--------------------------------------------------------------------------------
ChangeLog:
* Sat Jun 20 2026 Benjamin A. Beasley [code@musicinmybrain.net] - 0.7.6-7
- Update PyO3 to 0.29
* Thu Jun 4 2026 Python Maint - 0.7.6-6
- Rebuilt for Python 3.15
* Fri May 15 2026 Benjamin A. Beasley [code@musicinmybrain.net] - 0.7.6-5
- Use long pyproject options
* Thu May 7 2026 Benjamin A. Beasley [code@musicinmybrain.net] - 0.7.6-3
- Use %pyproject_patch_dependency in lieu of tomcli
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-b77adbb5ea' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 44 Update: python-fastar-0.11.0-7.fc44
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-b1bcd1a48c
2026-07-08 00:57:00.088451+00:00
--------------------------------------------------------------------------------
Name : python-fastar
Product : Fedora 44
Version : 0.11.0
Release : 7.fc44
URL : https://github.com/DoctorJohn/fastar
Summary : High-level bindings for the Rust tar crate
Description :
The fastar library wraps the Rust tar, flate2, and zstd crates, providing a
high-performance way to work with compressed and uncompressed tar archives in
Python.
--------------------------------------------------------------------------------
Update Information:
Update to PyO3 0.29, with fixes for RUSTSEC-2026-0176 and RUSTSEC-2026-0177.
--------------------------------------------------------------------------------
ChangeLog:
* Sat Jun 20 2026 Benjamin A. Beasley [code@musicinmybrain.net] - 0.11.0-7
- Update to PyO3 0.29
* Wed Jun 3 2026 Python Maint - 0.11.0-6
- Rebuilt for Python 3.15
* Sat May 23 2026 Benjamin A. Beasley [code@musicinmybrain.net] - 0.11.0-5
- Use long pytest options
* Mon May 11 2026 Benjamin A. Beasley [code@musicinmybrain.net] - 0.11.0-4
- Use pyproject long options
* Thu May 7 2026 Benjamin A. Beasley [code@musicinmybrain.net] - 0.11.0-2
- Drop unused tomcli BuildRequires
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-b1bcd1a48c' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 44 Update: perl-JavaScript-Minifier-XS-0.16-1.fc44
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-634b594205
2026-07-08 00:57:00.088446+00:00
--------------------------------------------------------------------------------
Name : perl-JavaScript-Minifier-XS
Product : Fedora 44
Version : 0.16
Release : 1.fc44
URL : https://metacpan.org/release/JavaScript-Minifier-XS
Summary : XS based JavaScript minifier
Description :
JavaScript::Minifier::XS is a JavaScript "minifier"; it's designed
to remove unnecessary white space and comments from JavaScript
files without breaking the JavaScript.
--------------------------------------------------------------------------------
Update Information:
0.16 bump - Fix CVE-2026-56017 and CVE-2026-56018
--------------------------------------------------------------------------------
ChangeLog:
* Mon Jun 29 2026 Jitka Plesnikova [jplesnik@redhat.com] - 0.16-1
- 0.16 bump (rhbz#2494051) - Fix CVE-2026-56017 and CVE-2026-56018
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2494051 - perl-JavaScript-Minifier-XS-0.16 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2494051
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-634b594205' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 44 Update: tor-0.4.9.11-1.fc44
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-309b0bc463
2026-07-08 00:57:00.088426+00:00
--------------------------------------------------------------------------------
Name : tor
Product : Fedora 44
Version : 0.4.9.11
Release : 1.fc44
URL : https://www.torproject.org
Summary : Anonymizing overlay network for TCP
Description :
The Tor network is a group of volunteer-operated servers that allows people to
improve their privacy and security on the Internet. Tor's users employ this
network by connecting through a series of virtual tunnels rather than making a
direct connection, thus allowing both organizations and individuals to share
information over public networks without compromising their privacy. Along the
same line, Tor is an effective censorship circumvention tool, allowing its
users to reach otherwise blocked destinations or content. Tor can also be used
as a building block for software developers to create new communication tools
with built-in privacy features.
This package contains the Tor software that can act as either a server on the
Tor network, or as a client to connect to the Tor network.
--------------------------------------------------------------------------------
Update Information:
Update to latest upstream release https://forum.torproject.org/t/security-
release-0-4-9-11/21786 bz#2483769
--------------------------------------------------------------------------------
ChangeLog:
* Sun Jun 28 2026 Marcel H??rry - 0.4.9.11-1
- Update to latest upstream release https://forum.torproject.org/t/security-release-0-4-9-11/21786 bz#2483769
* Fri Jun 12 2026 Yaakov Selkowitz [yselkowi@redhat.com] - 0.4.9.8-2
- Rebuilt for openssl 4.0
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2483769 - tor-0.4.9.11 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2483769
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-309b0bc463' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------