Fedora 42 Update: mingw-expat-2.7.2-1.fc42
Fedora 42 Update: rust-az-tdx-vtpm-0.7.4-1.fc42
Fedora 42 Update: rust-az-cvm-vtpm-0.7.4-3.fc42
Fedora 42 Update: trustee-guest-components-0.13.0-3.fc42
Fedora 42 Update: rust-az-snp-vtpm-0.7.4-1.fc42
Fedora 42 Update: python-orderly-set-5.5.0-2.fc42
Fedora 42 Update: python-deepdiff-8.6.1-1.fc42
Fedora 43 Update: mingw-expat-2.7.2-1.fc43
[SECURITY] Fedora 42 Update: mingw-expat-2.7.2-1.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-31169045f8
2025-09-26 01:08:57.941241+00:00
--------------------------------------------------------------------------------
Name : mingw-expat
Product : Fedora 42
Version : 2.7.2
Release : 1.fc42
URL : http://www.libexpat.org/
Summary : MinGW Windows port of expat XML parser library
Description :
This is expat, the C library for parsing XML, written by James Clark. Expat
is a stream oriented XML parser. This means that you register handlers with
the parser prior to starting the parse. These handlers are called when the
parser discovers the associated structures in the document being parsed. A
start tag is an example of the kind of structures for which you may
register handlers.
--------------------------------------------------------------------------------
Update Information:
Update to expat-2.7.2, fixes CVE-2025-59375.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Sep 17 2025 Sandro Mani [manisandro@gmail.com] - 2.7.2-1
- Update to 2.7.2
* Thu Jul 24 2025 Fedora Release Engineering [releng@fedoraproject.org] - 2.7.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
* Wed Apr 2 2025 Sandro Mani [manisandro@gmail.com] - 2.7.1-1
- Update to 2.7.1
* Sat Mar 15 2025 Sandro Mani [manisandro@gmail.com] - 2.7.0-1
- Update to 2.7.0
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2395120 - CVE-2025-59375 mingw-expat: From CVEorg collector [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2395120
[ 2 ] Bug #2395123 - CVE-2025-59375 mingw-expat: From CVEorg collector [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2395123
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-31169045f8' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 42 Update: rust-az-tdx-vtpm-0.7.4-1.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-2408b72979
2025-09-26 01:08:57.941209+00:00
--------------------------------------------------------------------------------
Name : rust-az-tdx-vtpm
Product : Fedora 42
Version : 0.7.4
Release : 1.fc42
URL : https://crates.io/crates/az-tdx-vtpm
Summary : VTPM based TDX attestation for Azure Confidential VMs
Description :
VTPM based TDX attestation for Azure Confidential VMs.
--------------------------------------------------------------------------------
Update Information:
Rebase trustee-guest-components to v0.13.0
Include rust-az-???-vtpm packages rebase to version 0.7.4
Adjust (patches) to work with 'sev' version 6.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Sep 16 2025 Uri Lublin [uril@redhat.com] - 0.7.4-1
- Rebase to version 0.7.4
* Tue Sep 16 2025 Uri Lublin [uril@redhat.com] - 0.7.3-1
- Rebase to az-tdx-vtpm-0.7.3
* Tue Sep 16 2025 Uri Lublin [uril@redhat.com] - 0.7.1-1
- Initial import (fedora#2327782).
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2366579 - CVE-2025-4574 trustee-guest-components: crossbeam-channel Vulnerable to Double Free on Drop [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2366579
[ 2 ] Bug #2372843 - F42FailsToInstall: rust-az-cvm-vtpm-devel, rust-az-cvm-vtpm+verifier-devel
https://bugzilla.redhat.com/show_bug.cgi?id=2372843
[ 3 ] Bug #2376753 - CVE-2025-53605 trustee-guest-components: Protobuf: Uncontrolled Recursion Vulnerability [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2376753
[ 4 ] Bug #2384045 - CVE-2023-53160 trustee-guest-components: Sequoia OpenPGP Array Access Panic [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2384045
[ 5 ] Bug #2384047 - CVE-2023-53161 trustee-guest-components: Buffered-Reader Out-of-Bounds Access Vulnerability [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2384047
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-2408b72979' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 42 Update: rust-az-cvm-vtpm-0.7.4-3.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-2408b72979
2025-09-26 01:08:57.941209+00:00
--------------------------------------------------------------------------------
Name : rust-az-cvm-vtpm
Product : Fedora 42
Version : 0.7.4
Release : 3.fc42
URL : https://crates.io/crates/az-cvm-vtpm
Summary : Package with shared code for Azure Confidential VMs
Description :
Package with shared code for Azure Confidential VMs.
--------------------------------------------------------------------------------
Update Information:
Rebase trustee-guest-components to v0.13.0
Include rust-az-???-vtpm packages rebase to version 0.7.4
Adjust (patches) to work with 'sev' version 6.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Sep 15 2025 Uri Lublin [uril@redhat.com] - 0.7.4-3
- Rebuilt
* Thu Sep 4 2025 Uri Lublin [uril@redhat.com] - 0.7.4-2
- Rebase to az-cvm-vtpm-0.7.4: add bugs to changelog
* Thu Sep 4 2025 Uri Lublin [uril@redhat.com] - 0.7.4-1
- Rebase to az-cvm-vtpm-0.7.4
* Thu Sep 4 2025 Uri Lublin [uril@redhat.com] - 0.7.3-1
- Rebase to az-cvm-vtpm-0.7.3
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2366579 - CVE-2025-4574 trustee-guest-components: crossbeam-channel Vulnerable to Double Free on Drop [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2366579
[ 2 ] Bug #2372843 - F42FailsToInstall: rust-az-cvm-vtpm-devel, rust-az-cvm-vtpm+verifier-devel
https://bugzilla.redhat.com/show_bug.cgi?id=2372843
[ 3 ] Bug #2376753 - CVE-2025-53605 trustee-guest-components: Protobuf: Uncontrolled Recursion Vulnerability [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2376753
[ 4 ] Bug #2384045 - CVE-2023-53160 trustee-guest-components: Sequoia OpenPGP Array Access Panic [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2384045
[ 5 ] Bug #2384047 - CVE-2023-53161 trustee-guest-components: Buffered-Reader Out-of-Bounds Access Vulnerability [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2384047
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-2408b72979' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 42 Update: trustee-guest-components-0.13.0-3.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-2408b72979
2025-09-26 01:08:57.941209+00:00
--------------------------------------------------------------------------------
Name : trustee-guest-components
Product : Fedora 42
Version : 0.13.0
Release : 3.fc42
URL : https://github.com/confidential-containers/guest-components
Summary : Tools that run in confidential VMs, attest and get secrets from Trustee
Description :
Running in a confidential VM, gather confidential-computing evidence,
send it to Trustee and get secrets.
A part of the confidential-containers project
--------------------------------------------------------------------------------
Update Information:
Rebase trustee-guest-components to v0.13.0
Include rust-az-???-vtpm packages rebase to version 0.7.4
Adjust (patches) to work with 'sev' version 6.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Sep 16 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.13.0-3
- Update rstest to 0.26
* Tue Aug 12 2025 Uri Lublin [uril@redhat.com] - 0.13.0-1
- Rebase to version 0.13.0
Resolves: fedora#2365561
Resolves: fedora#2385705
* Thu Jul 31 2025 Yan Fu [yafu@redhat.com] - 0.12.0-1
- Update trustee-guest-components to version 0.12.0-1
* Mon Mar 3 2025 Uri Lublin [uril@redhat.com] - 0.10.0^124.git0061d03-3
- attester: enable az-snp-vtpm and az-tdx-vtpm attesters
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2366579 - CVE-2025-4574 trustee-guest-components: crossbeam-channel Vulnerable to Double Free on Drop [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2366579
[ 2 ] Bug #2372843 - F42FailsToInstall: rust-az-cvm-vtpm-devel, rust-az-cvm-vtpm+verifier-devel
https://bugzilla.redhat.com/show_bug.cgi?id=2372843
[ 3 ] Bug #2376753 - CVE-2025-53605 trustee-guest-components: Protobuf: Uncontrolled Recursion Vulnerability [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2376753
[ 4 ] Bug #2384045 - CVE-2023-53160 trustee-guest-components: Sequoia OpenPGP Array Access Panic [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2384045
[ 5 ] Bug #2384047 - CVE-2023-53161 trustee-guest-components: Buffered-Reader Out-of-Bounds Access Vulnerability [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2384047
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-2408b72979' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 42 Update: rust-az-snp-vtpm-0.7.4-1.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-2408b72979
2025-09-26 01:08:57.941209+00:00
--------------------------------------------------------------------------------
Name : rust-az-snp-vtpm
Product : Fedora 42
Version : 0.7.4
Release : 1.fc42
URL : https://crates.io/crates/az-snp-vtpm
Summary : VTPM based SEV-SNP attestation for Azure Confidential VMs
Description :
VTPM based SEV-SNP attestation for Azure Confidential VMs.
--------------------------------------------------------------------------------
Update Information:
Rebase trustee-guest-components to v0.13.0
Include rust-az-???-vtpm packages rebase to version 0.7.4
Adjust (patches) to work with 'sev' version 6.
--------------------------------------------------------------------------------
ChangeLog:
* Sun Sep 7 2025 Uri Lublin [uril@redhat.com] - 0.7.4-1
- Rebase to version 0.7.4
* Sun Sep 7 2025 Uri Lublin [uril@redhat.com] - 0.7.3-1
- Rebase to az-snp-vtpm-0.7.3
* Sun Sep 7 2025 Uri Lublin [uril@redhat.com] - 0.7.1-1
- Initial import (fedora#2327780).
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2366579 - CVE-2025-4574 trustee-guest-components: crossbeam-channel Vulnerable to Double Free on Drop [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2366579
[ 2 ] Bug #2372843 - F42FailsToInstall: rust-az-cvm-vtpm-devel, rust-az-cvm-vtpm+verifier-devel
https://bugzilla.redhat.com/show_bug.cgi?id=2372843
[ 3 ] Bug #2376753 - CVE-2025-53605 trustee-guest-components: Protobuf: Uncontrolled Recursion Vulnerability [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2376753
[ 4 ] Bug #2384045 - CVE-2023-53160 trustee-guest-components: Sequoia OpenPGP Array Access Panic [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2384045
[ 5 ] Bug #2384047 - CVE-2023-53161 trustee-guest-components: Buffered-Reader Out-of-Bounds Access Vulnerability [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2384047
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-2408b72979' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 42 Update: python-orderly-set-5.5.0-2.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-6ecd8d4f9b
2025-09-26 01:08:57.941191+00:00
--------------------------------------------------------------------------------
Name : python-orderly-set
Product : Fedora 42
Version : 5.5.0
Release : 2.fc42
URL : https://github.com/seperman/orderly-set
Summary : A package containing multiple implementations of Ordered Set
Description :
Orderly Set is a package containing multiple implementations of
Ordered Set.
--------------------------------------------------------------------------------
Update Information:
Update to 8.6.1
--------------------------------------------------------------------------------
ChangeLog:
* Fri Aug 15 2025 Python Maint - 5.5.0-2
- Rebuilt for Python 3.14.0rc2 bytecode
* Fri Jul 25 2025 Romain Geissler [romain.geissler@amadeus.com] - 5.5.0-1
- Update to upstream version 5.5.0 (rhbz#2377959).
* Fri Jul 25 2025 Fedora Release Engineering [releng@fedoraproject.org] - 5.4.1-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
* Mon Jun 2 2025 Python Maint - 5.4.1-2
- Rebuilt for Python 3.14
* Wed May 7 2025 Romain Geissler [romain.geissler@amadeus.com] - 5.4.1-1
- Update to upstream version 5.4.1.
* Mon Mar 31 2025 Romain Geissler [romain.geissler@amadeus.com] - 5.3.0-1
- Update to upstream version 5.3.0.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2393899 - CVE-2025-58367 python-deepdiff: DeepDiff class pollution [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2393899
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-6ecd8d4f9b' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 42 Update: python-deepdiff-8.6.1-1.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-6ecd8d4f9b
2025-09-26 01:08:57.941191+00:00
--------------------------------------------------------------------------------
Name : python-deepdiff
Product : Fedora 42
Version : 8.6.1
Release : 1.fc42
URL : https://github.com/seperman/deepdiff/
Summary : Deep Difference and search of any Python object/data
Description :
Deep Difference of dictionaries, iterables, strings, and ANY other object.
Includes additional modules with related functionality:
DeepSearch: Search for objects within other objects.
DeepHash: Hash any object based on their content.
Delta: Store the difference of objects and apply them to other objects.
Extract: Extract an item from a nested Python object using its path.
commandline: Use DeepDiff from commandline.
--------------------------------------------------------------------------------
Update Information:
Update to 8.6.1
--------------------------------------------------------------------------------
ChangeLog:
* Sun Sep 14 2025 Romain Geissler [romain.geissler@amadeus.com] - 8.6.1-1
- Update to 8.6.1 (rhbz#2393085).
* Fri Aug 15 2025 Python Maint - 8.5.0-7
- Rebuilt for Python 3.14.0rc2 bytecode
* Fri Jul 25 2025 Fedora Release Engineering [releng@fedoraproject.org] - 8.5.0-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
* Tue Jul 8 2025 Charalampos Stratakis [cstratak@redhat.com] - 8.5.0-5
- Remove click's upper version bound
* Sun Jun 29 2025 Romain Geissler [romain.geissler@amadeus.com] - 8.5.0-4
- Fix tests with python 3.14 (rhbz#2374300).
* Wed Jun 18 2025 Python Maint - 8.5.0-3
- Bootstrap for Python 3.14.0b3 bytecode
* Thu Jun 5 2025 Python Maint - 8.5.0-2
- Bootstrap for Python 3.14
* Sat May 10 2025 Romain Geissler [romain.geissler@amadeus.com] - 8.5.0-1
- Update to 8.5.0 (rhbz#2365409).
* Wed Apr 16 2025 Romain Geissler [romain.geissler@amadeus.com] - 8.4.1-2
- Relax a bit the pyyaml version for EPEL 10
* Mon Mar 31 2025 Romain Geissler [romain.geissler@amadeus.com] - 8.4.1-1
- Update to 8.4.1 (rhbz#2332738).
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2393899 - CVE-2025-58367 python-deepdiff: DeepDiff class pollution [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2393899
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-6ecd8d4f9b' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 43 Update: mingw-expat-2.7.2-1.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-790553f7f2
2025-09-26 00:18:50.353108+00:00
--------------------------------------------------------------------------------
Name : mingw-expat
Product : Fedora 43
Version : 2.7.2
Release : 1.fc43
URL : http://www.libexpat.org/
Summary : MinGW Windows port of expat XML parser library
Description :
This is expat, the C library for parsing XML, written by James Clark. Expat
is a stream oriented XML parser. This means that you register handlers with
the parser prior to starting the parse. These handlers are called when the
parser discovers the associated structures in the document being parsed. A
start tag is an example of the kind of structures for which you may
register handlers.
--------------------------------------------------------------------------------
Update Information:
Update to expat-2.7.2, fixes CVE-2025-59375.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Sep 17 2025 Sandro Mani [manisandro@gmail.com] - 2.7.2-1
- Update to 2.7.2
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2395120 - CVE-2025-59375 mingw-expat: From CVEorg collector [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2395120
[ 2 ] Bug #2395123 - CVE-2025-59375 mingw-expat: From CVEorg collector [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2395123
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-790553f7f2' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
