Fedora 42 Update: mingw-exiv2-0.28.7-1.fc42
Fedora 42 Update: inih-62-1.fc42
Fedora 42 Update: rust-prometheus_exporter-0.8.5-5.fc42
Fedora 42 Update: rust-maxminddb-0.26.0-1.fc42
Fedora 42 Update: rust-protobuf-parse-3.7.2-1.fc42
Fedora 42 Update: rust-protobuf-support-3.7.2-1.fc42
Fedora 42 Update: rust-prometheus-0.14.0-1.fc42
Fedora 42 Update: rust-protobuf-3.7.2-1.fc42
Fedora 42 Update: rust-protobuf-codegen-3.7.2-1.fc42
Fedora 42 Update: rust-monitord-exporter-0.4.1-6.fc42
Fedora 42 Update: mirrorlist-server-3.0.8-1.fc42
Fedora 43 Update: rust-protobuf-codegen-3.7.2-1.fc43
Fedora 43 Update: rust-protobuf-support-3.7.2-1.fc43
Fedora 43 Update: rust-protobuf-3.7.2-1.fc43
Fedora 43 Update: rust-protobuf-parse-3.7.2-1.fc43
Fedora 43 Update: rust-monitord-exporter-0.4.1-6.fc43
Fedora 43 Update: rust-prometheus_exporter-0.8.5-5.fc43
Fedora 43 Update: rust-prometheus-0.14.0-1.fc43
Fedora 43 Update: rust-maxminddb-0.26.0-1.fc43
Fedora 43 Update: mirrorlist-server-3.0.8-1.fc43
[SECURITY] Fedora 42 Update: mingw-exiv2-0.28.7-1.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-99df814c62
2025-10-15 01:00:23.850379+00:00
--------------------------------------------------------------------------------
Name : mingw-exiv2
Product : Fedora 42
Version : 0.28.7
Release : 1.fc42
URL : http://www.exiv2.org/
Summary : MinGW Windows exiv2 library
Description :
MinGW Windows exiv2 library.
--------------------------------------------------------------------------------
Update Information:
Update to exiv2-0.28.7, fixes CVE-2025-54080 and CVE-2025-55304.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Sep 2 2025 Sandro Mani [manisandro@gmail.com] - 0.28.7-1
- Update to 0.28.7
* Fri Aug 29 2025 Sandro Mani [manisandro@gmail.com] - 0.28.6-1
- Update to 0.28.6
* Thu Jul 24 2025 Fedora Release Engineering [releng@fedoraproject.org] - 0.28.5-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
* Sun Mar 23 2025 Sandro Mani [manisandro@gmail.com] - 0.28.5-1
- Update to 0.28.5
* Sat Mar 22 2025 Sandro Mani [manisandro@gmail.com] - 0.27.7-3
- Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2391818 - CVE-2025-54080 mingw-exiv2: Exiv2 Segmentation Faults [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2391818
[ 2 ] Bug #2391840 - CVE-2025-55304 mingw-exiv2: Exiv2 has quadratic performance in ICC profile parsing in JpegBase::readMetadata [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2391840
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-99df814c62' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 42 Update: inih-62-1.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-99df814c62
2025-10-15 01:00:23.850379+00:00
--------------------------------------------------------------------------------
Name : inih
Product : Fedora 42
Version : 62
Release : 1.fc42
URL : https://github.com/benhoyt/inih
Summary : Simple INI file parser library
Description :
The inih package provides simple INI file parser which is only a couple of
pages of code, and it was designed to be small and simple, so it's good for
embedded systems.
--------------------------------------------------------------------------------
Update Information:
Update to exiv2-0.28.7, fixes CVE-2025-54080 and CVE-2025-55304.
--------------------------------------------------------------------------------
ChangeLog:
* Sun Sep 14 2025 Sandro Mani [manisandro@gmail.com] - 62-1
- Update to 62
* Sun Jul 27 2025 Sandro Mani [manisandro@gmail.com] - 61-1
- Update to 61
* Thu Jul 24 2025 Fedora Release Engineering [releng@fedoraproject.org] - 60-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
* Tue Apr 15 2025 Sandro Mani [manisandro@gmail.com] - 60-1
- Update to 60
* Fri Apr 4 2025 Sandro Mani [manisandro@gmail.com] - 59-1
- Update to 59
* Sat Mar 22 2025 Sandro Mani [manisandro@gmail.com] - 58-4
- Add mingw packages
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2391818 - CVE-2025-54080 mingw-exiv2: Exiv2 Segmentation Faults [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2391818
[ 2 ] Bug #2391840 - CVE-2025-55304 mingw-exiv2: Exiv2 has quadratic performance in ICC profile parsing in JpegBase::readMetadata [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2391840
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-99df814c62' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 42 Update: rust-prometheus_exporter-0.8.5-5.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-1ac08db27d
2025-10-15 01:00:23.850307+00:00
--------------------------------------------------------------------------------
Name : rust-prometheus_exporter
Product : Fedora 42
Version : 0.8.5
Release : 5.fc42
URL : https://crates.io/crates/prometheus_exporter
Summary : Helper libary to export prometheus metrics using tiny-http
Description :
Helper libary to export prometheus metrics using tiny-http.
--------------------------------------------------------------------------------
Update Information:
Update mirrorlist-server to version 3.0.8.
Update the maxminddb crate to version 0.26.0.
Update the prometheus crate to version 0.14.0.
Update the protobuf and protobuf-codegen crates to version 3.7.2.
Initial packaging of the protobuf-parse and protobuf-support crates.
This includes fixes for CVE-2025-53605 (Uncontrolled Recursion Vulnerability in
the protobuf crate).
--------------------------------------------------------------------------------
ChangeLog:
* Tue Sep 30 2025 Fabio Valentini [decathorpe@gmail.com] - 0.8.5-5
- Bump prometheus dependency to 0.14
* Fri Jul 25 2025 Fedora Release Engineering [releng@fedoraproject.org] - 0.8.5-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2376751 - CVE-2025-53605 mirrorlist-server: Protobuf: Uncontrolled Recursion Vulnerability [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2376751
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-1ac08db27d' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 42 Update: rust-maxminddb-0.26.0-1.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-1ac08db27d
2025-10-15 01:00:23.850307+00:00
--------------------------------------------------------------------------------
Name : rust-maxminddb
Product : Fedora 42
Version : 0.26.0
Release : 1.fc42
URL : https://crates.io/crates/maxminddb
Summary : Library for reading MaxMind DB format used by GeoIP2 and GeoLite2
Description :
Library for reading MaxMind DB format used by GeoIP2 and GeoLite2.
--------------------------------------------------------------------------------
Update Information:
Update mirrorlist-server to version 3.0.8.
Update the maxminddb crate to version 0.26.0.
Update the prometheus crate to version 0.14.0.
Update the protobuf and protobuf-codegen crates to version 3.7.2.
Initial packaging of the protobuf-parse and protobuf-support crates.
This includes fixes for CVE-2025-53605 (Uncontrolled Recursion Vulnerability in
the protobuf crate).
--------------------------------------------------------------------------------
ChangeLog:
* Tue Sep 30 2025 Fabio Valentini [decathorpe@gmail.com] - 0.26.0-1
- Update to version 0.26.0; Fixes RHBZ#2257537
* Fri Jul 25 2025 Fedora Release Engineering [releng@fedoraproject.org] - 0.23.0-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2376751 - CVE-2025-53605 mirrorlist-server: Protobuf: Uncontrolled Recursion Vulnerability [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2376751
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-1ac08db27d' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 42 Update: rust-protobuf-parse-3.7.2-1.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-1ac08db27d
2025-10-15 01:00:23.850307+00:00
--------------------------------------------------------------------------------
Name : rust-protobuf-parse
Product : Fedora 42
Version : 3.7.2
Release : 1.fc42
URL : https://crates.io/crates/protobuf-parse
Summary : Parse .proto files
Description :
Parse `.proto` files. Files are parsed into a
`protobuf::descriptor::FileDescriptorSet` object using either: * pure
rust parser (no dependencies) * `protoc` binary (more reliable and
compatible with Google's implementation).
--------------------------------------------------------------------------------
Update Information:
Update mirrorlist-server to version 3.0.8.
Update the maxminddb crate to version 0.26.0.
Update the prometheus crate to version 0.14.0.
Update the protobuf and protobuf-codegen crates to version 3.7.2.
Initial packaging of the protobuf-parse and protobuf-support crates.
This includes fixes for CVE-2025-53605 (Uncontrolled Recursion Vulnerability in
the protobuf crate).
--------------------------------------------------------------------------------
ChangeLog:
* Tue Sep 30 2025 Fabio Valentini [decathorpe@gmail.com] - 3.7.2-1
- Initial import (#2397168)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2376751 - CVE-2025-53605 mirrorlist-server: Protobuf: Uncontrolled Recursion Vulnerability [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2376751
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-1ac08db27d' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 42 Update: rust-protobuf-support-3.7.2-1.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-1ac08db27d
2025-10-15 01:00:23.850307+00:00
--------------------------------------------------------------------------------
Name : rust-protobuf-support
Product : Fedora 42
Version : 3.7.2
Release : 1.fc42
URL : https://crates.io/crates/protobuf-support
Summary : Code supporting protobuf implementation
Description :
Code supporting protobuf implementation. None of code in this crate is
public API.
--------------------------------------------------------------------------------
Update Information:
Update mirrorlist-server to version 3.0.8.
Update the maxminddb crate to version 0.26.0.
Update the prometheus crate to version 0.14.0.
Update the protobuf and protobuf-codegen crates to version 3.7.2.
Initial packaging of the protobuf-parse and protobuf-support crates.
This includes fixes for CVE-2025-53605 (Uncontrolled Recursion Vulnerability in
the protobuf crate).
--------------------------------------------------------------------------------
ChangeLog:
* Tue Sep 30 2025 Fabio Valentini [decathorpe@gmail.com] - 3.7.2-1
- Initial import (#2397167)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2376751 - CVE-2025-53605 mirrorlist-server: Protobuf: Uncontrolled Recursion Vulnerability [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2376751
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-1ac08db27d' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 42 Update: rust-prometheus-0.14.0-1.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-1ac08db27d
2025-10-15 01:00:23.850307+00:00
--------------------------------------------------------------------------------
Name : rust-prometheus
Product : Fedora 42
Version : 0.14.0
Release : 1.fc42
URL : https://crates.io/crates/prometheus
Summary : Instrumentation library for Rust applications
Description :
Prometheus instrumentation library for Rust applications.
--------------------------------------------------------------------------------
Update Information:
Update mirrorlist-server to version 3.0.8.
Update the maxminddb crate to version 0.26.0.
Update the prometheus crate to version 0.14.0.
Update the protobuf and protobuf-codegen crates to version 3.7.2.
Initial packaging of the protobuf-parse and protobuf-support crates.
This includes fixes for CVE-2025-53605 (Uncontrolled Recursion Vulnerability in
the protobuf crate).
--------------------------------------------------------------------------------
ChangeLog:
* Tue Sep 30 2025 Fabio Valentini [decathorpe@gmail.com] - 0.14.0-1
- Update to version 0.14.0; Fixes RHBZ#2279084
* Fri Jul 25 2025 Fedora Release Engineering [releng@fedoraproject.org] - 0.13.3-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2376751 - CVE-2025-53605 mirrorlist-server: Protobuf: Uncontrolled Recursion Vulnerability [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2376751
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-1ac08db27d' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 42 Update: rust-protobuf-3.7.2-1.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-1ac08db27d
2025-10-15 01:00:23.850307+00:00
--------------------------------------------------------------------------------
Name : rust-protobuf
Product : Fedora 42
Version : 3.7.2
Release : 1.fc42
URL : https://crates.io/crates/protobuf
Summary : Rust implementation of Google protocol buffers
Description :
Rust implementation of Google protocol buffers.
--------------------------------------------------------------------------------
Update Information:
Update mirrorlist-server to version 3.0.8.
Update the maxminddb crate to version 0.26.0.
Update the prometheus crate to version 0.14.0.
Update the protobuf and protobuf-codegen crates to version 3.7.2.
Initial packaging of the protobuf-parse and protobuf-support crates.
This includes fixes for CVE-2025-53605 (Uncontrolled Recursion Vulnerability in
the protobuf crate).
--------------------------------------------------------------------------------
ChangeLog:
* Sun Sep 21 2025 Fabio Valentini [decathorpe@gmail.com] - 3.7.2-1
- Update to version 3.7.2; Fixes RHBZ#2080866
* Fri Jul 25 2025 Fedora Release Engineering [releng@fedoraproject.org] - 2.28.0-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2376751 - CVE-2025-53605 mirrorlist-server: Protobuf: Uncontrolled Recursion Vulnerability [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2376751
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-1ac08db27d' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 42 Update: rust-protobuf-codegen-3.7.2-1.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-1ac08db27d
2025-10-15 01:00:23.850307+00:00
--------------------------------------------------------------------------------
Name : rust-protobuf-codegen
Product : Fedora 42
Version : 3.7.2
Release : 1.fc42
URL : https://crates.io/crates/protobuf-codegen
Summary : Code generator for rust-protobuf
Description :
Code generator for rust-protobuf. Includes a library to invoke
programmatically (e. g. from `build.rs`) and `protoc-gen-rs` binary.
--------------------------------------------------------------------------------
Update Information:
Update mirrorlist-server to version 3.0.8.
Update the maxminddb crate to version 0.26.0.
Update the prometheus crate to version 0.14.0.
Update the protobuf and protobuf-codegen crates to version 3.7.2.
Initial packaging of the protobuf-parse and protobuf-support crates.
This includes fixes for CVE-2025-53605 (Uncontrolled Recursion Vulnerability in
the protobuf crate).
--------------------------------------------------------------------------------
ChangeLog:
* Sun Sep 21 2025 Fabio Valentini [decathorpe@gmail.com] - 3.7.2-1
- Update to version 3.7.2; Fixes RHBZ#2080867
* Fri Jul 25 2025 Fedora Release Engineering [releng@fedoraproject.org] - 2.28.0-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2376751 - CVE-2025-53605 mirrorlist-server: Protobuf: Uncontrolled Recursion Vulnerability [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2376751
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-1ac08db27d' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 42 Update: rust-monitord-exporter-0.4.1-6.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-1ac08db27d
2025-10-15 01:00:23.850307+00:00
--------------------------------------------------------------------------------
Name : rust-monitord-exporter
Product : Fedora 42
Version : 0.4.1
Release : 6.fc42
URL : https://crates.io/crates/monitord-exporter
Summary : Let Prometheus know how happy your systemd is
Description :
monitord-exporter is a Prometheus exporter using monitord to export statistic to Prometheus collectors.
--------------------------------------------------------------------------------
Update Information:
Update mirrorlist-server to version 3.0.8.
Update the maxminddb crate to version 0.26.0.
Update the prometheus crate to version 0.14.0.
Update the protobuf and protobuf-codegen crates to version 3.7.2.
Initial packaging of the protobuf-parse and protobuf-support crates.
This includes fixes for CVE-2025-53605 (Uncontrolled Recursion Vulnerability in
the protobuf crate).
--------------------------------------------------------------------------------
ChangeLog:
* Mon Oct 6 2025 Fabio Valentini [decathorpe@gmail.com] - 0.4.1-6
- Add missing type annotation for prometheus 0.14 compatibility
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2376751 - CVE-2025-53605 mirrorlist-server: Protobuf: Uncontrolled Recursion Vulnerability [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2376751
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-1ac08db27d' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 42 Update: mirrorlist-server-3.0.8-1.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-1ac08db27d
2025-10-15 01:00:23.850307+00:00
--------------------------------------------------------------------------------
Name : mirrorlist-server
Product : Fedora 42
Version : 3.0.8
Release : 1.fc42
URL : https://github.com/adrianreber/mirrorlist-server
Summary : Mirrorlist Server
Description :
The mirrorlist-server uses the data created by MirrorManager2
( https://github.com/fedora-infra/mirrormanager2) to answer client request for
the "best" mirror.
This implementation of the mirrorlist-server is written in Rust. The original
version of the mirrorlist-server was part of the MirrorManager2 repository and
it is implemented using Python. While moving from Python2 to Python3 one of
the problems was that the data exchange format (Python Pickle) did not support
running the MirrorManager2 backend with Python2 and the mirrorlist frontend
with Python3. To have a Pickle independent data exchange format protobuf was
introduced. The first try to use protobuf in the python mirrorlist
implementation required a lot more memory than the Pickle based implementation
(3.5GB instead of 1.1GB). That is one of the reasons a new mirrorlist-server
implementation was needed.
Another reason to rewrite the mirrorlist-server is its architecture. The
Python based version requires the Apache HTTP server or something that can
run the included wsgi. The wsgi talks over a socket to the actual
mirrorlist-server. In Fedora's MirrorManager2 instance this runs in a container
which runs behind HAProxy. This implementation in Rust directly uses a HTTP
library to reduce the number of involved components.
In addition to being simpler this implementation also requires less memory
than the Python version.
--------------------------------------------------------------------------------
Update Information:
Update mirrorlist-server to version 3.0.8.
Update the maxminddb crate to version 0.26.0.
Update the prometheus crate to version 0.14.0.
Update the protobuf and protobuf-codegen crates to version 3.7.2.
Initial packaging of the protobuf-parse and protobuf-support crates.
This includes fixes for CVE-2025-53605 (Uncontrolled Recursion Vulnerability in
the protobuf crate).
--------------------------------------------------------------------------------
ChangeLog:
* Tue Sep 30 2025 Fabio Valentini [decathorpe@gmail.com] - 3.0.8-1
- Update to version 3.0.8; Fixes RHBZ#2379121
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2376751 - CVE-2025-53605 mirrorlist-server: Protobuf: Uncontrolled Recursion Vulnerability [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2376751
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-1ac08db27d' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 43 Update: rust-protobuf-codegen-3.7.2-1.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-9e77f6ddcb
2025-10-14 22:21:43.157840+00:00
--------------------------------------------------------------------------------
Name : rust-protobuf-codegen
Product : Fedora 43
Version : 3.7.2
Release : 1.fc43
URL : https://crates.io/crates/protobuf-codegen
Summary : Code generator for rust-protobuf
Description :
Code generator for rust-protobuf. Includes a library to invoke
programmatically (e. g. from `build.rs`) and `protoc-gen-rs` binary.
--------------------------------------------------------------------------------
Update Information:
Update mirrorlist-server to version 3.0.8.
Update the maxminddb crate to version 0.26.0.
Update the prometheus crate to version 0.14.0.
Update the protobuf and protobuf-codegen crates to version 3.7.2.
Initial packaging of the protobuf-parse and protobuf-support crates.
This includes fixes for CVE-2025-53605 (Uncontrolled Recursion Vulnerability in
the protobuf crate).
--------------------------------------------------------------------------------
ChangeLog:
* Sun Sep 21 2025 Fabio Valentini [decathorpe@gmail.com] - 3.7.2-1
- Update to version 3.7.2; Fixes RHBZ#2080867
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2376751 - CVE-2025-53605 mirrorlist-server: Protobuf: Uncontrolled Recursion Vulnerability [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2376751
[ 2 ] Bug #2401160 - F43FailsToInstall: rust-prometheus+protobuf-codegen-pure-devel
https://bugzilla.redhat.com/show_bug.cgi?id=2401160
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-9e77f6ddcb' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 43 Update: rust-protobuf-support-3.7.2-1.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-9e77f6ddcb
2025-10-14 22:21:43.157840+00:00
--------------------------------------------------------------------------------
Name : rust-protobuf-support
Product : Fedora 43
Version : 3.7.2
Release : 1.fc43
URL : https://crates.io/crates/protobuf-support
Summary : Code supporting protobuf implementation
Description :
Code supporting protobuf implementation. None of code in this crate is
public API.
--------------------------------------------------------------------------------
Update Information:
Update mirrorlist-server to version 3.0.8.
Update the maxminddb crate to version 0.26.0.
Update the prometheus crate to version 0.14.0.
Update the protobuf and protobuf-codegen crates to version 3.7.2.
Initial packaging of the protobuf-parse and protobuf-support crates.
This includes fixes for CVE-2025-53605 (Uncontrolled Recursion Vulnerability in
the protobuf crate).
--------------------------------------------------------------------------------
ChangeLog:
* Tue Sep 30 2025 Fabio Valentini [decathorpe@gmail.com] - 3.7.2-1
- Initial import (#2397167)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2376751 - CVE-2025-53605 mirrorlist-server: Protobuf: Uncontrolled Recursion Vulnerability [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2376751
[ 2 ] Bug #2401160 - F43FailsToInstall: rust-prometheus+protobuf-codegen-pure-devel
https://bugzilla.redhat.com/show_bug.cgi?id=2401160
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-9e77f6ddcb' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 43 Update: rust-protobuf-3.7.2-1.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-9e77f6ddcb
2025-10-14 22:21:43.157840+00:00
--------------------------------------------------------------------------------
Name : rust-protobuf
Product : Fedora 43
Version : 3.7.2
Release : 1.fc43
URL : https://crates.io/crates/protobuf
Summary : Rust implementation of Google protocol buffers
Description :
Rust implementation of Google protocol buffers.
--------------------------------------------------------------------------------
Update Information:
Update mirrorlist-server to version 3.0.8.
Update the maxminddb crate to version 0.26.0.
Update the prometheus crate to version 0.14.0.
Update the protobuf and protobuf-codegen crates to version 3.7.2.
Initial packaging of the protobuf-parse and protobuf-support crates.
This includes fixes for CVE-2025-53605 (Uncontrolled Recursion Vulnerability in
the protobuf crate).
--------------------------------------------------------------------------------
ChangeLog:
* Sun Sep 21 2025 Fabio Valentini [decathorpe@gmail.com] - 3.7.2-1
- Update to version 3.7.2; Fixes RHBZ#2080866
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2376751 - CVE-2025-53605 mirrorlist-server: Protobuf: Uncontrolled Recursion Vulnerability [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2376751
[ 2 ] Bug #2401160 - F43FailsToInstall: rust-prometheus+protobuf-codegen-pure-devel
https://bugzilla.redhat.com/show_bug.cgi?id=2401160
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-9e77f6ddcb' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 43 Update: rust-protobuf-parse-3.7.2-1.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-9e77f6ddcb
2025-10-14 22:21:43.157840+00:00
--------------------------------------------------------------------------------
Name : rust-protobuf-parse
Product : Fedora 43
Version : 3.7.2
Release : 1.fc43
URL : https://crates.io/crates/protobuf-parse
Summary : Parse .proto files
Description :
Parse `.proto` files. Files are parsed into a
`protobuf::descriptor::FileDescriptorSet` object using either: * pure
rust parser (no dependencies) * `protoc` binary (more reliable and
compatible with Google's implementation).
--------------------------------------------------------------------------------
Update Information:
Update mirrorlist-server to version 3.0.8.
Update the maxminddb crate to version 0.26.0.
Update the prometheus crate to version 0.14.0.
Update the protobuf and protobuf-codegen crates to version 3.7.2.
Initial packaging of the protobuf-parse and protobuf-support crates.
This includes fixes for CVE-2025-53605 (Uncontrolled Recursion Vulnerability in
the protobuf crate).
--------------------------------------------------------------------------------
ChangeLog:
* Tue Sep 30 2025 Fabio Valentini [decathorpe@gmail.com] - 3.7.2-1
- Initial import (#2397168)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2376751 - CVE-2025-53605 mirrorlist-server: Protobuf: Uncontrolled Recursion Vulnerability [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2376751
[ 2 ] Bug #2401160 - F43FailsToInstall: rust-prometheus+protobuf-codegen-pure-devel
https://bugzilla.redhat.com/show_bug.cgi?id=2401160
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-9e77f6ddcb' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 43 Update: rust-monitord-exporter-0.4.1-6.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-9e77f6ddcb
2025-10-14 22:21:43.157840+00:00
--------------------------------------------------------------------------------
Name : rust-monitord-exporter
Product : Fedora 43
Version : 0.4.1
Release : 6.fc43
URL : https://crates.io/crates/monitord-exporter
Summary : Let Prometheus know how happy your systemd is
Description :
monitord-exporter is a Prometheus exporter using monitord to export statistic to Prometheus collectors.
--------------------------------------------------------------------------------
Update Information:
Update mirrorlist-server to version 3.0.8.
Update the maxminddb crate to version 0.26.0.
Update the prometheus crate to version 0.14.0.
Update the protobuf and protobuf-codegen crates to version 3.7.2.
Initial packaging of the protobuf-parse and protobuf-support crates.
This includes fixes for CVE-2025-53605 (Uncontrolled Recursion Vulnerability in
the protobuf crate).
--------------------------------------------------------------------------------
ChangeLog:
* Mon Oct 6 2025 Fabio Valentini [decathorpe@gmail.com] - 0.4.1-6
- Add missing type annotation for prometheus 0.14 compatibility
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2376751 - CVE-2025-53605 mirrorlist-server: Protobuf: Uncontrolled Recursion Vulnerability [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2376751
[ 2 ] Bug #2401160 - F43FailsToInstall: rust-prometheus+protobuf-codegen-pure-devel
https://bugzilla.redhat.com/show_bug.cgi?id=2401160
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-9e77f6ddcb' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 43 Update: rust-prometheus_exporter-0.8.5-5.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-9e77f6ddcb
2025-10-14 22:21:43.157840+00:00
--------------------------------------------------------------------------------
Name : rust-prometheus_exporter
Product : Fedora 43
Version : 0.8.5
Release : 5.fc43
URL : https://crates.io/crates/prometheus_exporter
Summary : Helper libary to export prometheus metrics using tiny-http
Description :
Helper libary to export prometheus metrics using tiny-http.
--------------------------------------------------------------------------------
Update Information:
Update mirrorlist-server to version 3.0.8.
Update the maxminddb crate to version 0.26.0.
Update the prometheus crate to version 0.14.0.
Update the protobuf and protobuf-codegen crates to version 3.7.2.
Initial packaging of the protobuf-parse and protobuf-support crates.
This includes fixes for CVE-2025-53605 (Uncontrolled Recursion Vulnerability in
the protobuf crate).
--------------------------------------------------------------------------------
ChangeLog:
* Tue Sep 30 2025 Fabio Valentini [decathorpe@gmail.com] - 0.8.5-5
- Bump prometheus dependency to 0.14
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2376751 - CVE-2025-53605 mirrorlist-server: Protobuf: Uncontrolled Recursion Vulnerability [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2376751
[ 2 ] Bug #2401160 - F43FailsToInstall: rust-prometheus+protobuf-codegen-pure-devel
https://bugzilla.redhat.com/show_bug.cgi?id=2401160
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-9e77f6ddcb' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 43 Update: rust-prometheus-0.14.0-1.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-9e77f6ddcb
2025-10-14 22:21:43.157840+00:00
--------------------------------------------------------------------------------
Name : rust-prometheus
Product : Fedora 43
Version : 0.14.0
Release : 1.fc43
URL : https://crates.io/crates/prometheus
Summary : Instrumentation library for Rust applications
Description :
Prometheus instrumentation library for Rust applications.
--------------------------------------------------------------------------------
Update Information:
Update mirrorlist-server to version 3.0.8.
Update the maxminddb crate to version 0.26.0.
Update the prometheus crate to version 0.14.0.
Update the protobuf and protobuf-codegen crates to version 3.7.2.
Initial packaging of the protobuf-parse and protobuf-support crates.
This includes fixes for CVE-2025-53605 (Uncontrolled Recursion Vulnerability in
the protobuf crate).
--------------------------------------------------------------------------------
ChangeLog:
* Tue Sep 30 2025 Fabio Valentini [decathorpe@gmail.com] - 0.14.0-1
- Update to version 0.14.0; Fixes RHBZ#2279084
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2376751 - CVE-2025-53605 mirrorlist-server: Protobuf: Uncontrolled Recursion Vulnerability [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2376751
[ 2 ] Bug #2401160 - F43FailsToInstall: rust-prometheus+protobuf-codegen-pure-devel
https://bugzilla.redhat.com/show_bug.cgi?id=2401160
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-9e77f6ddcb' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 43 Update: rust-maxminddb-0.26.0-1.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-9e77f6ddcb
2025-10-14 22:21:43.157840+00:00
--------------------------------------------------------------------------------
Name : rust-maxminddb
Product : Fedora 43
Version : 0.26.0
Release : 1.fc43
URL : https://crates.io/crates/maxminddb
Summary : Library for reading MaxMind DB format used by GeoIP2 and GeoLite2
Description :
Library for reading MaxMind DB format used by GeoIP2 and GeoLite2.
--------------------------------------------------------------------------------
Update Information:
Update mirrorlist-server to version 3.0.8.
Update the maxminddb crate to version 0.26.0.
Update the prometheus crate to version 0.14.0.
Update the protobuf and protobuf-codegen crates to version 3.7.2.
Initial packaging of the protobuf-parse and protobuf-support crates.
This includes fixes for CVE-2025-53605 (Uncontrolled Recursion Vulnerability in
the protobuf crate).
--------------------------------------------------------------------------------
ChangeLog:
* Tue Sep 30 2025 Fabio Valentini [decathorpe@gmail.com] - 0.26.0-1
- Update to version 0.26.0; Fixes RHBZ#2257537
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2376751 - CVE-2025-53605 mirrorlist-server: Protobuf: Uncontrolled Recursion Vulnerability [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2376751
[ 2 ] Bug #2401160 - F43FailsToInstall: rust-prometheus+protobuf-codegen-pure-devel
https://bugzilla.redhat.com/show_bug.cgi?id=2401160
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-9e77f6ddcb' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 43 Update: mirrorlist-server-3.0.8-1.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-9e77f6ddcb
2025-10-14 22:21:43.157840+00:00
--------------------------------------------------------------------------------
Name : mirrorlist-server
Product : Fedora 43
Version : 3.0.8
Release : 1.fc43
URL : https://github.com/adrianreber/mirrorlist-server
Summary : Mirrorlist Server
Description :
The mirrorlist-server uses the data created by MirrorManager2
( https://github.com/fedora-infra/mirrormanager2) to answer client request for
the "best" mirror.
This implementation of the mirrorlist-server is written in Rust. The original
version of the mirrorlist-server was part of the MirrorManager2 repository and
it is implemented using Python. While moving from Python2 to Python3 one of
the problems was that the data exchange format (Python Pickle) did not support
running the MirrorManager2 backend with Python2 and the mirrorlist frontend
with Python3. To have a Pickle independent data exchange format protobuf was
introduced. The first try to use protobuf in the python mirrorlist
implementation required a lot more memory than the Pickle based implementation
(3.5GB instead of 1.1GB). That is one of the reasons a new mirrorlist-server
implementation was needed.
Another reason to rewrite the mirrorlist-server is its architecture. The
Python based version requires the Apache HTTP server or something that can
run the included wsgi. The wsgi talks over a socket to the actual
mirrorlist-server. In Fedora's MirrorManager2 instance this runs in a container
which runs behind HAProxy. This implementation in Rust directly uses a HTTP
library to reduce the number of involved components.
In addition to being simpler this implementation also requires less memory
than the Python version.
--------------------------------------------------------------------------------
Update Information:
Update mirrorlist-server to version 3.0.8.
Update the maxminddb crate to version 0.26.0.
Update the prometheus crate to version 0.14.0.
Update the protobuf and protobuf-codegen crates to version 3.7.2.
Initial packaging of the protobuf-parse and protobuf-support crates.
This includes fixes for CVE-2025-53605 (Uncontrolled Recursion Vulnerability in
the protobuf crate).
--------------------------------------------------------------------------------
ChangeLog:
* Tue Sep 30 2025 Fabio Valentini [decathorpe@gmail.com] - 3.0.8-1
- Update to version 3.0.8; Fixes RHBZ#2379121
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2376751 - CVE-2025-53605 mirrorlist-server: Protobuf: Uncontrolled Recursion Vulnerability [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2376751
[ 2 ] Bug #2401160 - F43FailsToInstall: rust-prometheus+protobuf-codegen-pure-devel
https://bugzilla.redhat.com/show_bug.cgi?id=2401160
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-9e77f6ddcb' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
