Fedora 41 Update: opentofu-1.10.7-1.fc41
Fedora 41 Update: containerd-1.7.29-1.fc41
Fedora 41 Update: rust-reqsign-http-send-reqwest-2.0.1-1.fc41
Fedora 41 Update: rust-reqsign-file-read-tokio-2.0.1-1.fc41
Fedora 41 Update: rust-reqsign-0.18.1-1.fc41
Fedora 41 Update: rust-regex-automata-0.4.13-1.fc41
Fedora 41 Update: uv-0.9.7-2.fc41
Fedora 41 Update: rust-get-size-derive2-0.7.1-1.fc41
Fedora 41 Update: rust-get-size2-0.7.1-1.fc41
Fedora 41 Update: rust-reqsign-core-2.0.1-1.fc41
Fedora 41 Update: rust-reqsign-command-execute-tokio-2.0.1-1.fc41
Fedora 41 Update: rust-reqsign-aws-v4-2.0.1-1.fc41
Fedora 41 Update: rust-regex-1.12.2-1.fc41
Fedora 41 Update: ruff-0.14.3-1.fc41
Fedora 41 Update: python-uv-build-0.9.7-2.fc41
Fedora 42 Update: opentofu-1.10.7-1.fc42
Fedora 42 Update: containerd-2.0.7-1.fc42
Fedora 42 Update: rust-reqsign-core-2.0.1-1.fc42
Fedora 42 Update: rust-reqsign-http-send-reqwest-2.0.1-1.fc42
Fedora 42 Update: rust-reqsign-file-read-tokio-2.0.1-1.fc42
Fedora 42 Update: rust-regex-automata-0.4.13-1.fc42
Fedora 42 Update: uv-0.9.7-2.fc42
Fedora 42 Update: rust-reqsign-command-execute-tokio-2.0.1-1.fc42
Fedora 42 Update: rust-reqsign-aws-v4-2.0.1-1.fc42
Fedora 42 Update: rust-reqsign-0.18.1-1.fc42
Fedora 42 Update: rust-regex-1.12.2-1.fc42
Fedora 42 Update: rust-get-size-derive2-0.7.1-1.fc42
Fedora 42 Update: rust-get-size2-0.7.1-1.fc42
Fedora 42 Update: ruff-0.14.3-1.fc42
Fedora 42 Update: python-uv-build-0.9.7-2.fc42
Fedora 43 Update: containerd-2.1.5-1.fc43
Fedora 43 Update: opentofu-1.10.7-1.fc43
[SECURITY] Fedora 41 Update: opentofu-1.10.7-1.fc41
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-c555ce4089
2025-11-15 01:40:44.715722+00:00
--------------------------------------------------------------------------------
Name : opentofu
Product : Fedora 41
Version : 1.10.7
Release : 1.fc41
URL : https://github.com/opentofu/opentofu
Summary : OpenTofu lets you declaratively manage your cloud infrastructure
Description :
OpenTofu lets you declaratively manage your cloud infrastructure.
--------------------------------------------------------------------------------
Update Information:
Update to 1.10.7
--------------------------------------------------------------------------------
ChangeLog:
* Thu Nov 6 2025 Mikel Olasagasti Uranga [mikel@olasagasti.info] - 1.10.7-1
- Update to 1.10.7 - Closes rhbz#2413156
* Fri Oct 10 2025 Alejandro S??ez [asm@redhat.com] - 1.10.6-2
- rebuild
* Thu Sep 4 2025 Mikel Olasagasti Uranga [mikel@olasagasti.info] - 1.10.6-1
- Update to 1.10.6 - Closes rhbz#2385775
* Fri Aug 15 2025 Maxwell G [maxwell@gtmx.me] - 1.10.3-2
- Rebuild for golang-1.25.0
* Sat Jul 26 2025 Mikel Olasagasti Uranga [mikel@olasagasti.info] - 1.10.3-1
- Update to 1.10.3 - Closes rhbz#2380221
* Thu Jul 24 2025 Fedora Release Engineering [releng@fedoraproject.org] - 1.10.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
* Thu Jun 26 2025 Mikel Olasagasti Uranga [mikel@olasagasti.info] - 1.10.1-1
- Update to 1.10.1 - Closes rhbz#2374763
* Tue Jun 24 2025 Mikel Olasagasti Uranga [mikel@olasagasti.info] - 1.10.0-1
- Update to 1.10.0 - Closes rhbz#2374600
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2375615 - opentofu: mapstructure May Leak Sensitive Information [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2375615
[ 2 ] Bug #2384150 - opentofu: go-viper information leak [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2384150
[ 3 ] Bug #2386297 - CVE-2025-8556 opentofu: CIRCL-Fourq: Missing and wrong validation can lead to incorrect results [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2386297
[ 4 ] Bug #2388884 - CVE-2025-8959 opentofu: HashiCorp go-getter Arbitrary File Read [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2388884
[ 5 ] Bug #2390857 - opentofu: go-viper's mapstructure May Leak Sensitive Information in Logs [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2390857
[ 6 ] Bug #2391634 - CVE-2025-58058 opentofu: github.com/ulikunitz/xz leaks memory [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2391634
[ 7 ] Bug #2398604 - CVE-2025-47910 opentofu: CrossOriginProtection bypass in net/http [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2398604
[ 8 ] Bug #2399268 - CVE-2025-47906 opentofu: Unexpected paths returned from LookPath in os/exec [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2399268
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-c555ce4089' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
[SECURITY] Fedora 41 Update: containerd-1.7.29-1.fc41
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-80ed98504b
2025-11-15 01:40:44.715717+00:00
--------------------------------------------------------------------------------
Name : containerd
Product : Fedora 41
Version : 1.7.29
Release : 1.fc41
URL : https://github.com/containerd/containerd
Summary : An open and reliable container runtime
Description :
Containerd is an industry-standard container runtime with an emphasis on
simplicity, robustness and portability. It is available as a daemon for Linux
and Windows, which can manage the complete container lifecycle of its host
system: image transfer and storage, container execution and supervision,
low-level storage and network attachments, etc.
--------------------------------------------------------------------------------
Update Information:
Update to v1.7.29
--------------------------------------------------------------------------------
ChangeLog:
* Thu Nov 6 2025 Bradley G Smith [bradley.g.smith@gmail.com] - 1.7.29-1
- Update to v1.7.29
- Resolves: GHSA-pwhc-rpq9-4c8w (CVE-2024-25621)
- Resolves: GHSA-m6hq-p25p-ffr2
- Resolves: rhbz#2352144, rhbz#2398401, rhbz#2407587, rhbz#2408565
- Resolves: rhbz#2409042, rhbz#2409990, rhbz#2410922, rhbz#2412519
- Upstream fixes
* Sat Jul 26 2025 Bradley G Smith [bradley.g.smith@gmail.com] - 1.7.28-1
- Update to release v1.7.28
- Resolves: rhbz#2352144
- Upstream fixes
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2352144 - CVE-2025-22870 containerd: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2352144
[ 2 ] Bug #2398401 - CVE-2025-47910 containerd: CrossOriginProtection bypass in net/http [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2398401
[ 3 ] Bug #2407587 - CVE-2025-58189 containerd: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2407587
[ 4 ] Bug #2408565 - CVE-2025-61725 containerd: Excessive CPU consumption in ParseAddress in net/mail [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2408565
[ 5 ] Bug #2409042 - CVE-2025-61723 containerd: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2409042
[ 6 ] Bug #2409990 - CVE-2025-58185 containerd: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2409990
[ 7 ] Bug #2410922 - CVE-2025-58188 containerd: Panic when validating certificates with DSA public keys in crypto/x509 [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2410922
[ 8 ] Bug #2412519 - CVE-2025-58183 containerd: Unbounded allocation when parsing GNU sparse map [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2412519
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-80ed98504b' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 41 Update: rust-reqsign-http-send-reqwest-2.0.1-1.fc41
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-00e5b3d89c
2025-11-15 01:40:44.715697+00:00
--------------------------------------------------------------------------------
Name : rust-reqsign-http-send-reqwest
Product : Fedora 41
Version : 2.0.1
Release : 1.fc41
URL : https://crates.io/crates/reqsign-http-send-reqwest
Summary : Reqwest-based HTTP client implementation for reqsign
Description :
Reqwest-based HTTP client implementation for reqsign.
--------------------------------------------------------------------------------
Update Information:
uv / python-uv-build
0.9.7
https://github.com/astral-sh/uv/releases/tag/0.9.7
0.9.6
This release contains an upgrade to Astral's fork of async_zip, which addresses
potential sources of ZIP parsing differentials between uv and other Python
packaging tooling. See GHSA-pqhf-p39g-3x64 for additional details.
https://github.com/astral-sh/uv/releases/tag/0.9.6
ruff
0.14.3
https://github.com/astral-sh/ruff/releases/tag/0.14.3
Update rust-get-size2/rust-get-size-derive2 to 0.7.1 (implement GetSize for
RefCell).
Update rust-reqsign to 0.18.1 and rust-reqsign-* to 2.0.1.
Update rust-regex to 1.12.2 and rust-regex-automata to 0.4.13.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Nov 5 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 2.0.1-1
- Update to version 2.0.1; Fixes RHBZ#2411982
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2403244 - rust-regex-1.12.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2403244
[ 2 ] Bug #2403245 - rust-regex-automata-0.4.13 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2403245
[ 3 ] Bug #2406419 - rust-get-size2-0.7.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2406419
[ 4 ] Bug #2406420 - rust-get-size-derive2-0.7.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2406420
[ 5 ] Bug #2411978 - rust-reqsign-core-2.0.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2411978
[ 6 ] Bug #2411979 - rust-reqsign-command-execute-tokio-2.0.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2411979
[ 7 ] Bug #2411980 - rust-reqsign-aws-v4-2.0.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2411980
[ 8 ] Bug #2411981 - rust-reqsign-0.18.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2411981
[ 9 ] Bug #2411982 - rust-reqsign-http-send-reqwest-2.0.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2411982
[ 10 ] Bug #2411983 - rust-reqsign-file-read-tokio-2.0.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2411983
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-00e5b3d89c' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 41 Update: rust-reqsign-file-read-tokio-2.0.1-1.fc41
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-00e5b3d89c
2025-11-15 01:40:44.715697+00:00
--------------------------------------------------------------------------------
Name : rust-reqsign-file-read-tokio
Product : Fedora 41
Version : 2.0.1
Release : 1.fc41
URL : https://crates.io/crates/reqsign-file-read-tokio
Summary : Tokio-based file reader implementation for reqsign
Description :
Tokio-based file reader implementation for reqsign.
--------------------------------------------------------------------------------
Update Information:
uv / python-uv-build
0.9.7
https://github.com/astral-sh/uv/releases/tag/0.9.7
0.9.6
This release contains an upgrade to Astral's fork of async_zip, which addresses
potential sources of ZIP parsing differentials between uv and other Python
packaging tooling. See GHSA-pqhf-p39g-3x64 for additional details.
https://github.com/astral-sh/uv/releases/tag/0.9.6
ruff
0.14.3
https://github.com/astral-sh/ruff/releases/tag/0.14.3
Update rust-get-size2/rust-get-size-derive2 to 0.7.1 (implement GetSize for
RefCell).
Update rust-reqsign to 0.18.1 and rust-reqsign-* to 2.0.1.
Update rust-regex to 1.12.2 and rust-regex-automata to 0.4.13.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Nov 5 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 2.0.1-1
- Update to version 2.0.1; Fixes RHBZ#2411983
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2403244 - rust-regex-1.12.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2403244
[ 2 ] Bug #2403245 - rust-regex-automata-0.4.13 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2403245
[ 3 ] Bug #2406419 - rust-get-size2-0.7.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2406419
[ 4 ] Bug #2406420 - rust-get-size-derive2-0.7.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2406420
[ 5 ] Bug #2411978 - rust-reqsign-core-2.0.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2411978
[ 6 ] Bug #2411979 - rust-reqsign-command-execute-tokio-2.0.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2411979
[ 7 ] Bug #2411980 - rust-reqsign-aws-v4-2.0.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2411980
[ 8 ] Bug #2411981 - rust-reqsign-0.18.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2411981
[ 9 ] Bug #2411982 - rust-reqsign-http-send-reqwest-2.0.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2411982
[ 10 ] Bug #2411983 - rust-reqsign-file-read-tokio-2.0.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2411983
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-00e5b3d89c' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 41 Update: rust-reqsign-0.18.1-1.fc41
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-00e5b3d89c
2025-11-15 01:40:44.715697+00:00
--------------------------------------------------------------------------------
Name : rust-reqsign
Product : Fedora 41
Version : 0.18.1
Release : 1.fc41
URL : https://crates.io/crates/reqsign
Summary : Signing HTTP requests for popular cloud services
Description :
Signing HTTP requests for AWS, Azure, Google, Huawei, Aliyun, Tencent
and Oracle services.
--------------------------------------------------------------------------------
Update Information:
uv / python-uv-build
0.9.7
https://github.com/astral-sh/uv/releases/tag/0.9.7
0.9.6
This release contains an upgrade to Astral's fork of async_zip, which addresses
potential sources of ZIP parsing differentials between uv and other Python
packaging tooling. See GHSA-pqhf-p39g-3x64 for additional details.
https://github.com/astral-sh/uv/releases/tag/0.9.6
ruff
0.14.3
https://github.com/astral-sh/ruff/releases/tag/0.14.3
Update rust-get-size2/rust-get-size-derive2 to 0.7.1 (implement GetSize for
RefCell).
Update rust-reqsign to 0.18.1 and rust-reqsign-* to 2.0.1.
Update rust-regex to 1.12.2 and rust-regex-automata to 0.4.13.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Nov 5 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.18.1-1
- Update to version 0.18.1; Fixes RHBZ#2411981
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2403244 - rust-regex-1.12.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2403244
[ 2 ] Bug #2403245 - rust-regex-automata-0.4.13 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2403245
[ 3 ] Bug #2406419 - rust-get-size2-0.7.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2406419
[ 4 ] Bug #2406420 - rust-get-size-derive2-0.7.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2406420
[ 5 ] Bug #2411978 - rust-reqsign-core-2.0.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2411978
[ 6 ] Bug #2411979 - rust-reqsign-command-execute-tokio-2.0.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2411979
[ 7 ] Bug #2411980 - rust-reqsign-aws-v4-2.0.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2411980
[ 8 ] Bug #2411981 - rust-reqsign-0.18.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2411981
[ 9 ] Bug #2411982 - rust-reqsign-http-send-reqwest-2.0.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2411982
[ 10 ] Bug #2411983 - rust-reqsign-file-read-tokio-2.0.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2411983
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-00e5b3d89c' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 41 Update: rust-regex-automata-0.4.13-1.fc41
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-00e5b3d89c
2025-11-15 01:40:44.715697+00:00
--------------------------------------------------------------------------------
Name : rust-regex-automata
Product : Fedora 41
Version : 0.4.13
Release : 1.fc41
URL : https://crates.io/crates/regex-automata
Summary : Automata construction and matching using regular expressions
Description :
Automata construction and matching using regular expressions.
--------------------------------------------------------------------------------
Update Information:
uv / python-uv-build
0.9.7
https://github.com/astral-sh/uv/releases/tag/0.9.7
0.9.6
This release contains an upgrade to Astral's fork of async_zip, which addresses
potential sources of ZIP parsing differentials between uv and other Python
packaging tooling. See GHSA-pqhf-p39g-3x64 for additional details.
https://github.com/astral-sh/uv/releases/tag/0.9.6
ruff
0.14.3
https://github.com/astral-sh/ruff/releases/tag/0.14.3
Update rust-get-size2/rust-get-size-derive2 to 0.7.1 (implement GetSize for
RefCell).
Update rust-reqsign to 0.18.1 and rust-reqsign-* to 2.0.1.
Update rust-regex to 1.12.2 and rust-regex-automata to 0.4.13.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Nov 6 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.4.13-1
- Update to version 0.4.13; Fixes RHBZ#2403245
* Thu Oct 9 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.4.11-2
- Don???t pass doc test skips when running lib tests
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2403244 - rust-regex-1.12.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2403244
[ 2 ] Bug #2403245 - rust-regex-automata-0.4.13 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2403245
[ 3 ] Bug #2406419 - rust-get-size2-0.7.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2406419
[ 4 ] Bug #2406420 - rust-get-size-derive2-0.7.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2406420
[ 5 ] Bug #2411978 - rust-reqsign-core-2.0.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2411978
[ 6 ] Bug #2411979 - rust-reqsign-command-execute-tokio-2.0.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2411979
[ 7 ] Bug #2411980 - rust-reqsign-aws-v4-2.0.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2411980
[ 8 ] Bug #2411981 - rust-reqsign-0.18.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2411981
[ 9 ] Bug #2411982 - rust-reqsign-http-send-reqwest-2.0.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2411982
[ 10 ] Bug #2411983 - rust-reqsign-file-read-tokio-2.0.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2411983
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-00e5b3d89c' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
[SECURITY] Fedora 41 Update: uv-0.9.7-2.fc41
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-00e5b3d89c
2025-11-15 01:40:44.715697+00:00
--------------------------------------------------------------------------------
Name : uv
Product : Fedora 41
Version : 0.9.7
Release : 2.fc41
URL : https://github.com/astral-sh/uv
Summary : An extremely fast Python package installer and resolver, written in Rust
Description :
An extremely fast Python package installer and resolver, written in Rust.
Designed as a drop-in replacement for common pip and pip-tools workflows.
Highlights:
??? ?????? Drop-in replacement for common pip, pip-tools, and virtualenv commands.
??? ?????? 10-100x faster than pip and pip-tools (pip-compile and pip-sync).
??? ???? Disk-space efficient, with a global cache for dependency deduplication.
??? ???? Installable via curl, pip, pipx, etc. uv is a static binary that can be
installed without Rust or Python.
??? ???? Tested at-scale against the top 10,000 PyPI packages.
??? ??????? Support for macOS, Linux, and Windows.
??? ???? Advanced features such as dependency version overrides and alternative
resolution strategies.
??? ?????? Best-in-class error messages with a conflict-tracking resolver.
??? ???? Support for a wide range of advanced pip features, including editable
installs, Git dependencies, direct URL dependencies, local dependencies,
constraints, source distributions, HTML and JSON indexes, and more.
--------------------------------------------------------------------------------
Update Information:
uv / python-uv-build
0.9.7
https://github.com/astral-sh/uv/releases/tag/0.9.7
0.9.6
This release contains an upgrade to Astral's fork of async_zip, which addresses
potential sources of ZIP parsing differentials between uv and other Python
packaging tooling. See GHSA-pqhf-p39g-3x64 for additional details.
https://github.com/astral-sh/uv/releases/tag/0.9.6
ruff
0.14.3
https://github.com/astral-sh/ruff/releases/tag/0.14.3
Update rust-get-size2/rust-get-size-derive2 to 0.7.1 (implement GetSize for
RefCell).
Update rust-reqsign to 0.18.1 and rust-reqsign-* to 2.0.1.
Update rust-regex to 1.12.2 and rust-regex-automata to 0.4.13.
--------------------------------------------------------------------------------
ChangeLog:
* Sun Nov 2 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.9.7-2
- Allow spdx 0.12
* Fri Oct 31 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.9.7-1
- Update to 0.9.7 (close RHBZ#2408776)
* Thu Oct 30 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.9.6-1
- Update to 0.9.6 (close RHBZ#2407283)
* Sat Oct 25 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.9.5-6
- Remove a few more now-unnecessary test skips
* Sat Oct 25 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.9.5-5
- Consolidate ppc64le/s390x skips for the same test
* Sat Oct 25 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.9.5-4
- Remove python_list::python_list* test skips that no longer fail
* Sat Oct 25 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.9.5-3
- Skip a test that is flaky on ppc64le
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2403244 - rust-regex-1.12.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2403244
[ 2 ] Bug #2403245 - rust-regex-automata-0.4.13 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2403245
[ 3 ] Bug #2406419 - rust-get-size2-0.7.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2406419
[ 4 ] Bug #2406420 - rust-get-size-derive2-0.7.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2406420
[ 5 ] Bug #2411978 - rust-reqsign-core-2.0.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2411978
[ 6 ] Bug #2411979 - rust-reqsign-command-execute-tokio-2.0.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2411979
[ 7 ] Bug #2411980 - rust-reqsign-aws-v4-2.0.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2411980
[ 8 ] Bug #2411981 - rust-reqsign-0.18.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2411981
[ 9 ] Bug #2411982 - rust-reqsign-http-send-reqwest-2.0.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2411982
[ 10 ] Bug #2411983 - rust-reqsign-file-read-tokio-2.0.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2411983
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-00e5b3d89c' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
[SECURITY] Fedora 41 Update: rust-get-size-derive2-0.7.1-1.fc41
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-00e5b3d89c
2025-11-15 01:40:44.715697+00:00
--------------------------------------------------------------------------------
Name : rust-get-size-derive2
Product : Fedora 41
Version : 0.7.1
Release : 1.fc41
URL : https://crates.io/crates/get-size-derive2
Summary : Derives the GetSize trait
Description :
Derives the GetSize trait.
--------------------------------------------------------------------------------
Update Information:
uv / python-uv-build
0.9.7
https://github.com/astral-sh/uv/releases/tag/0.9.7
0.9.6
This release contains an upgrade to Astral's fork of async_zip, which addresses
potential sources of ZIP parsing differentials between uv and other Python
packaging tooling. See GHSA-pqhf-p39g-3x64 for additional details.
https://github.com/astral-sh/uv/releases/tag/0.9.6
ruff
0.14.3
https://github.com/astral-sh/ruff/releases/tag/0.14.3
Update rust-get-size2/rust-get-size-derive2 to 0.7.1 (implement GetSize for
RefCell).
Update rust-reqsign to 0.18.1 and rust-reqsign-* to 2.0.1.
Update rust-regex to 1.12.2 and rust-regex-automata to 0.4.13.
--------------------------------------------------------------------------------
ChangeLog:
* Sun Oct 26 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.7.1-1
- Update to version 0.7.1; Fixes RHBZ#2406420
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2403244 - rust-regex-1.12.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2403244
[ 2 ] Bug #2403245 - rust-regex-automata-0.4.13 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2403245
[ 3 ] Bug #2406419 - rust-get-size2-0.7.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2406419
[ 4 ] Bug #2406420 - rust-get-size-derive2-0.7.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2406420
[ 5 ] Bug #2411978 - rust-reqsign-core-2.0.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2411978
[ 6 ] Bug #2411979 - rust-reqsign-command-execute-tokio-2.0.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2411979
[ 7 ] Bug #2411980 - rust-reqsign-aws-v4-2.0.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2411980
[ 8 ] Bug #2411981 - rust-reqsign-0.18.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2411981
[ 9 ] Bug #2411982 - rust-reqsign-http-send-reqwest-2.0.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2411982
[ 10 ] Bug #2411983 - rust-reqsign-file-read-tokio-2.0.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2411983
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-00e5b3d89c' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 41 Update: rust-get-size2-0.7.1-1.fc41
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-00e5b3d89c
2025-11-15 01:40:44.715697+00:00
--------------------------------------------------------------------------------
Name : rust-get-size2
Product : Fedora 41
Version : 0.7.1
Release : 1.fc41
URL : https://crates.io/crates/get-size2
Summary : Determine the size in bytes an object occupies inside RAM
Description :
Determine the size in bytes an object occupies inside RAM.
--------------------------------------------------------------------------------
Update Information:
uv / python-uv-build
0.9.7
https://github.com/astral-sh/uv/releases/tag/0.9.7
0.9.6
This release contains an upgrade to Astral's fork of async_zip, which addresses
potential sources of ZIP parsing differentials between uv and other Python
packaging tooling. See GHSA-pqhf-p39g-3x64 for additional details.
https://github.com/astral-sh/uv/releases/tag/0.9.6
ruff
0.14.3
https://github.com/astral-sh/ruff/releases/tag/0.14.3
Update rust-get-size2/rust-get-size-derive2 to 0.7.1 (implement GetSize for
RefCell).
Update rust-reqsign to 0.18.1 and rust-reqsign-* to 2.0.1.
Update rust-regex to 1.12.2 and rust-regex-automata to 0.4.13.
--------------------------------------------------------------------------------
ChangeLog:
* Sun Oct 26 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.7.1-1
- Update to version 0.7.1; Fixes RHBZ#2406419
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2403244 - rust-regex-1.12.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2403244
[ 2 ] Bug #2403245 - rust-regex-automata-0.4.13 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2403245
[ 3 ] Bug #2406419 - rust-get-size2-0.7.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2406419
[ 4 ] Bug #2406420 - rust-get-size-derive2-0.7.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2406420
[ 5 ] Bug #2411978 - rust-reqsign-core-2.0.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2411978
[ 6 ] Bug #2411979 - rust-reqsign-command-execute-tokio-2.0.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2411979
[ 7 ] Bug #2411980 - rust-reqsign-aws-v4-2.0.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2411980
[ 8 ] Bug #2411981 - rust-reqsign-0.18.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2411981
[ 9 ] Bug #2411982 - rust-reqsign-http-send-reqwest-2.0.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2411982
[ 10 ] Bug #2411983 - rust-reqsign-file-read-tokio-2.0.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2411983
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-00e5b3d89c' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 41 Update: rust-reqsign-core-2.0.1-1.fc41
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-00e5b3d89c
2025-11-15 01:40:44.715697+00:00
--------------------------------------------------------------------------------
Name : rust-reqsign-core
Product : Fedora 41
Version : 2.0.1
Release : 1.fc41
URL : https://crates.io/crates/reqsign-core
Summary : Signing API requests without effort
Description :
Signing API requests without effort.
--------------------------------------------------------------------------------
Update Information:
uv / python-uv-build
0.9.7
https://github.com/astral-sh/uv/releases/tag/0.9.7
0.9.6
This release contains an upgrade to Astral's fork of async_zip, which addresses
potential sources of ZIP parsing differentials between uv and other Python
packaging tooling. See GHSA-pqhf-p39g-3x64 for additional details.
https://github.com/astral-sh/uv/releases/tag/0.9.6
ruff
0.14.3
https://github.com/astral-sh/ruff/releases/tag/0.14.3
Update rust-get-size2/rust-get-size-derive2 to 0.7.1 (implement GetSize for
RefCell).
Update rust-reqsign to 0.18.1 and rust-reqsign-* to 2.0.1.
Update rust-regex to 1.12.2 and rust-regex-automata to 0.4.13.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Nov 5 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 2.0.1-1
- Update to version 2.0.1; Fixes RHBZ#2411978
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2403244 - rust-regex-1.12.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2403244
[ 2 ] Bug #2403245 - rust-regex-automata-0.4.13 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2403245
[ 3 ] Bug #2406419 - rust-get-size2-0.7.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2406419
[ 4 ] Bug #2406420 - rust-get-size-derive2-0.7.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2406420
[ 5 ] Bug #2411978 - rust-reqsign-core-2.0.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2411978
[ 6 ] Bug #2411979 - rust-reqsign-command-execute-tokio-2.0.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2411979
[ 7 ] Bug #2411980 - rust-reqsign-aws-v4-2.0.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2411980
[ 8 ] Bug #2411981 - rust-reqsign-0.18.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2411981
[ 9 ] Bug #2411982 - rust-reqsign-http-send-reqwest-2.0.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2411982
[ 10 ] Bug #2411983 - rust-reqsign-file-read-tokio-2.0.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2411983
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-00e5b3d89c' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 41 Update: rust-reqsign-command-execute-tokio-2.0.1-1.fc41
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-00e5b3d89c
2025-11-15 01:40:44.715697+00:00
--------------------------------------------------------------------------------
Name : rust-reqsign-command-execute-tokio
Product : Fedora 41
Version : 2.0.1
Release : 1.fc41
URL : https://crates.io/crates/reqsign-command-execute-tokio
Summary : Tokio-based command execution implementation for reqsign
Description :
Tokio-based command execution implementation for reqsign.
--------------------------------------------------------------------------------
Update Information:
uv / python-uv-build
0.9.7
https://github.com/astral-sh/uv/releases/tag/0.9.7
0.9.6
This release contains an upgrade to Astral's fork of async_zip, which addresses
potential sources of ZIP parsing differentials between uv and other Python
packaging tooling. See GHSA-pqhf-p39g-3x64 for additional details.
https://github.com/astral-sh/uv/releases/tag/0.9.6
ruff
0.14.3
https://github.com/astral-sh/ruff/releases/tag/0.14.3
Update rust-get-size2/rust-get-size-derive2 to 0.7.1 (implement GetSize for
RefCell).
Update rust-reqsign to 0.18.1 and rust-reqsign-* to 2.0.1.
Update rust-regex to 1.12.2 and rust-regex-automata to 0.4.13.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Nov 5 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 2.0.1-1
- Update to version 2.0.1; Fixes RHBZ#2411979
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2403244 - rust-regex-1.12.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2403244
[ 2 ] Bug #2403245 - rust-regex-automata-0.4.13 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2403245
[ 3 ] Bug #2406419 - rust-get-size2-0.7.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2406419
[ 4 ] Bug #2406420 - rust-get-size-derive2-0.7.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2406420
[ 5 ] Bug #2411978 - rust-reqsign-core-2.0.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2411978
[ 6 ] Bug #2411979 - rust-reqsign-command-execute-tokio-2.0.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2411979
[ 7 ] Bug #2411980 - rust-reqsign-aws-v4-2.0.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2411980
[ 8 ] Bug #2411981 - rust-reqsign-0.18.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2411981
[ 9 ] Bug #2411982 - rust-reqsign-http-send-reqwest-2.0.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2411982
[ 10 ] Bug #2411983 - rust-reqsign-file-read-tokio-2.0.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2411983
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-00e5b3d89c' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 41 Update: rust-reqsign-aws-v4-2.0.1-1.fc41
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-00e5b3d89c
2025-11-15 01:40:44.715697+00:00
--------------------------------------------------------------------------------
Name : rust-reqsign-aws-v4
Product : Fedora 41
Version : 2.0.1
Release : 1.fc41
URL : https://crates.io/crates/reqsign-aws-v4
Summary : AWS SigV4 signing implementation for reqsign
Description :
AWS SigV4 signing implementation for reqsign.
--------------------------------------------------------------------------------
Update Information:
uv / python-uv-build
0.9.7
https://github.com/astral-sh/uv/releases/tag/0.9.7
0.9.6
This release contains an upgrade to Astral's fork of async_zip, which addresses
potential sources of ZIP parsing differentials between uv and other Python
packaging tooling. See GHSA-pqhf-p39g-3x64 for additional details.
https://github.com/astral-sh/uv/releases/tag/0.9.6
ruff
0.14.3
https://github.com/astral-sh/ruff/releases/tag/0.14.3
Update rust-get-size2/rust-get-size-derive2 to 0.7.1 (implement GetSize for
RefCell).
Update rust-reqsign to 0.18.1 and rust-reqsign-* to 2.0.1.
Update rust-regex to 1.12.2 and rust-regex-automata to 0.4.13.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Nov 5 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 2.0.1-1
- Update to version 2.0.1; Fixes RHBZ#2411980
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2403244 - rust-regex-1.12.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2403244
[ 2 ] Bug #2403245 - rust-regex-automata-0.4.13 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2403245
[ 3 ] Bug #2406419 - rust-get-size2-0.7.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2406419
[ 4 ] Bug #2406420 - rust-get-size-derive2-0.7.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2406420
[ 5 ] Bug #2411978 - rust-reqsign-core-2.0.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2411978
[ 6 ] Bug #2411979 - rust-reqsign-command-execute-tokio-2.0.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2411979
[ 7 ] Bug #2411980 - rust-reqsign-aws-v4-2.0.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2411980
[ 8 ] Bug #2411981 - rust-reqsign-0.18.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2411981
[ 9 ] Bug #2411982 - rust-reqsign-http-send-reqwest-2.0.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2411982
[ 10 ] Bug #2411983 - rust-reqsign-file-read-tokio-2.0.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2411983
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-00e5b3d89c' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 41 Update: rust-regex-1.12.2-1.fc41
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-00e5b3d89c
2025-11-15 01:40:44.715697+00:00
--------------------------------------------------------------------------------
Name : rust-regex
Product : Fedora 41
Version : 1.12.2
Release : 1.fc41
URL : https://crates.io/crates/regex
Summary : Implementation of regular expressions for Rust
Description :
An implementation of regular expressions for Rust. This implementation
uses finite automata and guarantees linear time matching on all inputs.
--------------------------------------------------------------------------------
Update Information:
uv / python-uv-build
0.9.7
https://github.com/astral-sh/uv/releases/tag/0.9.7
0.9.6
This release contains an upgrade to Astral's fork of async_zip, which addresses
potential sources of ZIP parsing differentials between uv and other Python
packaging tooling. See GHSA-pqhf-p39g-3x64 for additional details.
https://github.com/astral-sh/uv/releases/tag/0.9.6
ruff
0.14.3
https://github.com/astral-sh/ruff/releases/tag/0.14.3
Update rust-get-size2/rust-get-size-derive2 to 0.7.1 (implement GetSize for
RefCell).
Update rust-reqsign to 0.18.1 and rust-reqsign-* to 2.0.1.
Update rust-regex to 1.12.2 and rust-regex-automata to 0.4.13.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Nov 6 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 1.12.2-1
- Update to version 1.12.2; Fixes RHBZ#2403244
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2403244 - rust-regex-1.12.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2403244
[ 2 ] Bug #2403245 - rust-regex-automata-0.4.13 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2403245
[ 3 ] Bug #2406419 - rust-get-size2-0.7.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2406419
[ 4 ] Bug #2406420 - rust-get-size-derive2-0.7.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2406420
[ 5 ] Bug #2411978 - rust-reqsign-core-2.0.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2411978
[ 6 ] Bug #2411979 - rust-reqsign-command-execute-tokio-2.0.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2411979
[ 7 ] Bug #2411980 - rust-reqsign-aws-v4-2.0.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2411980
[ 8 ] Bug #2411981 - rust-reqsign-0.18.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2411981
[ 9 ] Bug #2411982 - rust-reqsign-http-send-reqwest-2.0.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2411982
[ 10 ] Bug #2411983 - rust-reqsign-file-read-tokio-2.0.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2411983
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-00e5b3d89c' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 41 Update: ruff-0.14.3-1.fc41
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-00e5b3d89c
2025-11-15 01:40:44.715697+00:00
--------------------------------------------------------------------------------
Name : ruff
Product : Fedora 41
Version : 0.14.3
Release : 1.fc41
URL : https://github.com/astral-sh/ruff
Summary : Extremely fast Python linter and code formatter
Description :
An extremely fast Python linter and code formatter, written in Rust.
Ruff aims to be orders of magnitude faster than alternative tools while
integrating more functionality behind a single, common interface.
Ruff can be used to replace Flake8 (plus dozens of plugins), Black, isort,
pydocstyle, pyupgrade, autoflake, and more, all while executing tens or
hundreds of times faster than any individual tool.
--------------------------------------------------------------------------------
Update Information:
uv / python-uv-build
0.9.7
https://github.com/astral-sh/uv/releases/tag/0.9.7
0.9.6
This release contains an upgrade to Astral's fork of async_zip, which addresses
potential sources of ZIP parsing differentials between uv and other Python
packaging tooling. See GHSA-pqhf-p39g-3x64 for additional details.
https://github.com/astral-sh/uv/releases/tag/0.9.6
ruff
0.14.3
https://github.com/astral-sh/ruff/releases/tag/0.14.3
Update rust-get-size2/rust-get-size-derive2 to 0.7.1 (implement GetSize for
RefCell).
Update rust-reqsign to 0.18.1 and rust-reqsign-* to 2.0.1.
Update rust-regex to 1.12.2 and rust-regex-automata to 0.4.13.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Oct 31 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.14.3-1
- Update to 0.14.3 (close RHBZ#2408774)
* Fri Oct 31 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.14.2-2
- Allow etcetera 0.11
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2403244 - rust-regex-1.12.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2403244
[ 2 ] Bug #2403245 - rust-regex-automata-0.4.13 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2403245
[ 3 ] Bug #2406419 - rust-get-size2-0.7.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2406419
[ 4 ] Bug #2406420 - rust-get-size-derive2-0.7.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2406420
[ 5 ] Bug #2411978 - rust-reqsign-core-2.0.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2411978
[ 6 ] Bug #2411979 - rust-reqsign-command-execute-tokio-2.0.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2411979
[ 7 ] Bug #2411980 - rust-reqsign-aws-v4-2.0.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2411980
[ 8 ] Bug #2411981 - rust-reqsign-0.18.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2411981
[ 9 ] Bug #2411982 - rust-reqsign-http-send-reqwest-2.0.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2411982
[ 10 ] Bug #2411983 - rust-reqsign-file-read-tokio-2.0.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2411983
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-00e5b3d89c' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 41 Update: python-uv-build-0.9.7-2.fc41
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-00e5b3d89c
2025-11-15 01:40:44.715697+00:00
--------------------------------------------------------------------------------
Name : python-uv-build
Product : Fedora 41
Version : 0.9.7
Release : 2.fc41
URL : https://pypi.org/project/uv-build
Summary : The uv build backend
Description :
This package is a slimmed down version of uv containing only the build
backend.
--------------------------------------------------------------------------------
Update Information:
uv / python-uv-build
0.9.7
https://github.com/astral-sh/uv/releases/tag/0.9.7
0.9.6
This release contains an upgrade to Astral's fork of async_zip, which addresses
potential sources of ZIP parsing differentials between uv and other Python
packaging tooling. See GHSA-pqhf-p39g-3x64 for additional details.
https://github.com/astral-sh/uv/releases/tag/0.9.6
ruff
0.14.3
https://github.com/astral-sh/ruff/releases/tag/0.14.3
Update rust-get-size2/rust-get-size-derive2 to 0.7.1 (implement GetSize for
RefCell).
Update rust-reqsign to 0.18.1 and rust-reqsign-* to 2.0.1.
Update rust-regex to 1.12.2 and rust-regex-automata to 0.4.13.
--------------------------------------------------------------------------------
ChangeLog:
* Sun Nov 2 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.9.7-2
- Allow spdx 0.12
* Fri Oct 31 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.9.7-1
- Update to 0.9.7 (close RHBZ#2408519)
* Wed Oct 29 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.9.6-1
- Update to 0.9.6 (close RHBZ#2407236)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2403244 - rust-regex-1.12.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2403244
[ 2 ] Bug #2403245 - rust-regex-automata-0.4.13 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2403245
[ 3 ] Bug #2406419 - rust-get-size2-0.7.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2406419
[ 4 ] Bug #2406420 - rust-get-size-derive2-0.7.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2406420
[ 5 ] Bug #2411978 - rust-reqsign-core-2.0.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2411978
[ 6 ] Bug #2411979 - rust-reqsign-command-execute-tokio-2.0.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2411979
[ 7 ] Bug #2411980 - rust-reqsign-aws-v4-2.0.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2411980
[ 8 ] Bug #2411981 - rust-reqsign-0.18.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2411981
[ 9 ] Bug #2411982 - rust-reqsign-http-send-reqwest-2.0.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2411982
[ 10 ] Bug #2411983 - rust-reqsign-file-read-tokio-2.0.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2411983
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-00e5b3d89c' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 42 Update: opentofu-1.10.7-1.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-6ab111452f
2025-11-15 01:30:31.747758+00:00
--------------------------------------------------------------------------------
Name : opentofu
Product : Fedora 42
Version : 1.10.7
Release : 1.fc42
URL : https://github.com/opentofu/opentofu
Summary : OpenTofu lets you declaratively manage your cloud infrastructure
Description :
OpenTofu lets you declaratively manage your cloud infrastructure.
--------------------------------------------------------------------------------
Update Information:
Update to 1.10.7
--------------------------------------------------------------------------------
ChangeLog:
* Thu Nov 6 2025 Mikel Olasagasti Uranga [mikel@olasagasti.info] - 1.10.7-1
- Update to 1.10.7 - Closes rhbz#2413156
* Fri Oct 10 2025 Alejandro S??ez [asm@redhat.com] - 1.10.6-2
- rebuild
* Thu Sep 4 2025 Mikel Olasagasti Uranga [mikel@olasagasti.info] - 1.10.6-1
- Update to 1.10.6 - Closes rhbz#2385775
* Fri Aug 15 2025 Maxwell G [maxwell@gtmx.me] - 1.10.3-2
- Rebuild for golang-1.25.0
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2375630 - opentofu: mapstructure May Leak Sensitive Information [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2375630
[ 2 ] Bug #2386309 - CVE-2025-8556 opentofu: CIRCL-Fourq: Missing and wrong validation can lead to incorrect results [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2386309
[ 3 ] Bug #2388887 - CVE-2025-8959 opentofu: HashiCorp go-getter Arbitrary File Read [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2388887
[ 4 ] Bug #2390878 - opentofu: go-viper's mapstructure May Leak Sensitive Information in Logs [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2390878
[ 5 ] Bug #2391666 - CVE-2025-58058 opentofu: github.com/ulikunitz/xz leaks memory [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2391666
[ 6 ] Bug #2398870 - CVE-2025-47910 opentofu: CrossOriginProtection bypass in net/http [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2398870
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-6ab111452f' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
[SECURITY] Fedora 42 Update: containerd-2.0.7-1.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-daa6238745
2025-11-15 01:30:31.747752+00:00
--------------------------------------------------------------------------------
Name : containerd
Product : Fedora 42
Version : 2.0.7
Release : 1.fc42
URL : https://github.com/containerd/containerd
Summary : An open and reliable container runtime
Description :
Containerd is an industry-standard container runtime with an emphasis on
simplicity, robustness and portability. It is available as a daemon for Linux
and Windows, which can manage the complete container lifecycle of its host
system: image transfer and storage, container execution and supervision,
low-level storage and network attachments, etc.
--------------------------------------------------------------------------------
Update Information:
Update to v2.0.7
--------------------------------------------------------------------------------
ChangeLog:
* Thu Nov 6 2025 Bradley G Smith [bradley.g.smith@gmail.com] - 2.0.7-1
- Update to v2.0.7
- Resolves: GHSA-pwhc-rpq9-4c8w (CVE-2024-25621)
- Resolves: GHSA-m6hq-p25p-ffr2
- Resolves: rhbz#2412750 rhbz#2411188 rhbz#2410276 rhbz#2409324
- Resolves: rhbz#2408632 rhbz#2407857 rhbz#2399331 rhbz#2398655
- Upstream fixes
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2398655 - CVE-2025-47910 containerd: CrossOriginProtection bypass in net/http [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2398655
[ 2 ] Bug #2399331 - CVE-2025-47906 containerd: Unexpected paths returned from LookPath in os/exec [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2399331
[ 3 ] Bug #2407857 - CVE-2025-58189 containerd: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2407857
[ 4 ] Bug #2408632 - CVE-2025-61725 containerd: Excessive CPU consumption in ParseAddress in net/mail [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2408632
[ 5 ] Bug #2409324 - CVE-2025-61723 containerd: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2409324
[ 6 ] Bug #2410276 - CVE-2025-58185 containerd: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2410276
[ 7 ] Bug #2411188 - CVE-2025-58188 containerd: Panic when validating certificates with DSA public keys in crypto/x509 [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2411188
[ 8 ] Bug #2412750 - CVE-2025-58183 containerd: Unbounded allocation when parsing GNU sparse map [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2412750
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-daa6238745' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 42 Update: rust-reqsign-core-2.0.1-1.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-e60a4ba4d7
2025-11-15 01:30:31.747715+00:00
--------------------------------------------------------------------------------
Name : rust-reqsign-core
Product : Fedora 42
Version : 2.0.1
Release : 1.fc42
URL : https://crates.io/crates/reqsign-core
Summary : Signing API requests without effort
Description :
Signing API requests without effort.
--------------------------------------------------------------------------------
Update Information:
uv / python-uv-build
0.9.7
https://github.com/astral-sh/uv/releases/tag/0.9.7
0.9.6
This release contains an upgrade to Astral's fork of async_zip, which addresses
potential sources of ZIP parsing differentials between uv and other Python
packaging tooling. See GHSA-pqhf-p39g-3x64 for additional details.
https://github.com/astral-sh/uv/releases/tag/0.9.6
ruff
0.14.3
https://github.com/astral-sh/ruff/releases/tag/0.14.3
Update rust-get-size2/rust-get-size-derive2 to 0.7.1 (implement GetSize for
RefCell).
Update rust-reqsign to 0.18.1 and rust-reqsign-* to 2.0.1.
Update rust-regex to 1.12.2 and rust-regex-automata to 0.4.13.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Nov 5 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 2.0.1-1
- Update to version 2.0.1; Fixes RHBZ#2411978
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2403244 - rust-regex-1.12.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2403244
[ 2 ] Bug #2403245 - rust-regex-automata-0.4.13 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2403245
[ 3 ] Bug #2406419 - rust-get-size2-0.7.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2406419
[ 4 ] Bug #2406420 - rust-get-size-derive2-0.7.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2406420
[ 5 ] Bug #2411978 - rust-reqsign-core-2.0.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2411978
[ 6 ] Bug #2411979 - rust-reqsign-command-execute-tokio-2.0.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2411979
[ 7 ] Bug #2411980 - rust-reqsign-aws-v4-2.0.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2411980
[ 8 ] Bug #2411981 - rust-reqsign-0.18.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2411981
[ 9 ] Bug #2411982 - rust-reqsign-http-send-reqwest-2.0.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2411982
[ 10 ] Bug #2411983 - rust-reqsign-file-read-tokio-2.0.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2411983
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-e60a4ba4d7' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 42 Update: rust-reqsign-http-send-reqwest-2.0.1-1.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-e60a4ba4d7
2025-11-15 01:30:31.747715+00:00
--------------------------------------------------------------------------------
Name : rust-reqsign-http-send-reqwest
Product : Fedora 42
Version : 2.0.1
Release : 1.fc42
URL : https://crates.io/crates/reqsign-http-send-reqwest
Summary : Reqwest-based HTTP client implementation for reqsign
Description :
Reqwest-based HTTP client implementation for reqsign.
--------------------------------------------------------------------------------
Update Information:
uv / python-uv-build
0.9.7
https://github.com/astral-sh/uv/releases/tag/0.9.7
0.9.6
This release contains an upgrade to Astral's fork of async_zip, which addresses
potential sources of ZIP parsing differentials between uv and other Python
packaging tooling. See GHSA-pqhf-p39g-3x64 for additional details.
https://github.com/astral-sh/uv/releases/tag/0.9.6
ruff
0.14.3
https://github.com/astral-sh/ruff/releases/tag/0.14.3
Update rust-get-size2/rust-get-size-derive2 to 0.7.1 (implement GetSize for
RefCell).
Update rust-reqsign to 0.18.1 and rust-reqsign-* to 2.0.1.
Update rust-regex to 1.12.2 and rust-regex-automata to 0.4.13.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Nov 5 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 2.0.1-1
- Update to version 2.0.1; Fixes RHBZ#2411982
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2403244 - rust-regex-1.12.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2403244
[ 2 ] Bug #2403245 - rust-regex-automata-0.4.13 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2403245
[ 3 ] Bug #2406419 - rust-get-size2-0.7.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2406419
[ 4 ] Bug #2406420 - rust-get-size-derive2-0.7.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2406420
[ 5 ] Bug #2411978 - rust-reqsign-core-2.0.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2411978
[ 6 ] Bug #2411979 - rust-reqsign-command-execute-tokio-2.0.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2411979
[ 7 ] Bug #2411980 - rust-reqsign-aws-v4-2.0.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2411980
[ 8 ] Bug #2411981 - rust-reqsign-0.18.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2411981
[ 9 ] Bug #2411982 - rust-reqsign-http-send-reqwest-2.0.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2411982
[ 10 ] Bug #2411983 - rust-reqsign-file-read-tokio-2.0.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2411983
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-e60a4ba4d7' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 42 Update: rust-reqsign-file-read-tokio-2.0.1-1.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-e60a4ba4d7
2025-11-15 01:30:31.747715+00:00
--------------------------------------------------------------------------------
Name : rust-reqsign-file-read-tokio
Product : Fedora 42
Version : 2.0.1
Release : 1.fc42
URL : https://crates.io/crates/reqsign-file-read-tokio
Summary : Tokio-based file reader implementation for reqsign
Description :
Tokio-based file reader implementation for reqsign.
--------------------------------------------------------------------------------
Update Information:
uv / python-uv-build
0.9.7
https://github.com/astral-sh/uv/releases/tag/0.9.7
0.9.6
This release contains an upgrade to Astral's fork of async_zip, which addresses
potential sources of ZIP parsing differentials between uv and other Python
packaging tooling. See GHSA-pqhf-p39g-3x64 for additional details.
https://github.com/astral-sh/uv/releases/tag/0.9.6
ruff
0.14.3
https://github.com/astral-sh/ruff/releases/tag/0.14.3
Update rust-get-size2/rust-get-size-derive2 to 0.7.1 (implement GetSize for
RefCell).
Update rust-reqsign to 0.18.1 and rust-reqsign-* to 2.0.1.
Update rust-regex to 1.12.2 and rust-regex-automata to 0.4.13.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Nov 5 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 2.0.1-1
- Update to version 2.0.1; Fixes RHBZ#2411983
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2403244 - rust-regex-1.12.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2403244
[ 2 ] Bug #2403245 - rust-regex-automata-0.4.13 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2403245
[ 3 ] Bug #2406419 - rust-get-size2-0.7.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2406419
[ 4 ] Bug #2406420 - rust-get-size-derive2-0.7.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2406420
[ 5 ] Bug #2411978 - rust-reqsign-core-2.0.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2411978
[ 6 ] Bug #2411979 - rust-reqsign-command-execute-tokio-2.0.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2411979
[ 7 ] Bug #2411980 - rust-reqsign-aws-v4-2.0.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2411980
[ 8 ] Bug #2411981 - rust-reqsign-0.18.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2411981
[ 9 ] Bug #2411982 - rust-reqsign-http-send-reqwest-2.0.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2411982
[ 10 ] Bug #2411983 - rust-reqsign-file-read-tokio-2.0.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2411983
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-e60a4ba4d7' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 42 Update: rust-regex-automata-0.4.13-1.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-e60a4ba4d7
2025-11-15 01:30:31.747715+00:00
--------------------------------------------------------------------------------
Name : rust-regex-automata
Product : Fedora 42
Version : 0.4.13
Release : 1.fc42
URL : https://crates.io/crates/regex-automata
Summary : Automata construction and matching using regular expressions
Description :
Automata construction and matching using regular expressions.
--------------------------------------------------------------------------------
Update Information:
uv / python-uv-build
0.9.7
https://github.com/astral-sh/uv/releases/tag/0.9.7
0.9.6
This release contains an upgrade to Astral's fork of async_zip, which addresses
potential sources of ZIP parsing differentials between uv and other Python
packaging tooling. See GHSA-pqhf-p39g-3x64 for additional details.
https://github.com/astral-sh/uv/releases/tag/0.9.6
ruff
0.14.3
https://github.com/astral-sh/ruff/releases/tag/0.14.3
Update rust-get-size2/rust-get-size-derive2 to 0.7.1 (implement GetSize for
RefCell).
Update rust-reqsign to 0.18.1 and rust-reqsign-* to 2.0.1.
Update rust-regex to 1.12.2 and rust-regex-automata to 0.4.13.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Nov 6 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.4.13-1
- Update to version 0.4.13; Fixes RHBZ#2403245
* Thu Oct 9 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.4.11-2
- Don???t pass doc test skips when running lib tests
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2403244 - rust-regex-1.12.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2403244
[ 2 ] Bug #2403245 - rust-regex-automata-0.4.13 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2403245
[ 3 ] Bug #2406419 - rust-get-size2-0.7.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2406419
[ 4 ] Bug #2406420 - rust-get-size-derive2-0.7.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2406420
[ 5 ] Bug #2411978 - rust-reqsign-core-2.0.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2411978
[ 6 ] Bug #2411979 - rust-reqsign-command-execute-tokio-2.0.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2411979
[ 7 ] Bug #2411980 - rust-reqsign-aws-v4-2.0.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2411980
[ 8 ] Bug #2411981 - rust-reqsign-0.18.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2411981
[ 9 ] Bug #2411982 - rust-reqsign-http-send-reqwest-2.0.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2411982
[ 10 ] Bug #2411983 - rust-reqsign-file-read-tokio-2.0.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2411983
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-e60a4ba4d7' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
[SECURITY] Fedora 42 Update: uv-0.9.7-2.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-e60a4ba4d7
2025-11-15 01:30:31.747715+00:00
--------------------------------------------------------------------------------
Name : uv
Product : Fedora 42
Version : 0.9.7
Release : 2.fc42
URL : https://github.com/astral-sh/uv
Summary : An extremely fast Python package installer and resolver, written in Rust
Description :
An extremely fast Python package installer and resolver, written in Rust.
Designed as a drop-in replacement for common pip and pip-tools workflows.
Highlights:
??? ?????? Drop-in replacement for common pip, pip-tools, and virtualenv commands.
??? ?????? 10-100x faster than pip and pip-tools (pip-compile and pip-sync).
??? ???? Disk-space efficient, with a global cache for dependency deduplication.
??? ???? Installable via curl, pip, pipx, etc. uv is a static binary that can be
installed without Rust or Python.
??? ???? Tested at-scale against the top 10,000 PyPI packages.
??? ??????? Support for macOS, Linux, and Windows.
??? ???? Advanced features such as dependency version overrides and alternative
resolution strategies.
??? ?????? Best-in-class error messages with a conflict-tracking resolver.
??? ???? Support for a wide range of advanced pip features, including editable
installs, Git dependencies, direct URL dependencies, local dependencies,
constraints, source distributions, HTML and JSON indexes, and more.
--------------------------------------------------------------------------------
Update Information:
uv / python-uv-build
0.9.7
https://github.com/astral-sh/uv/releases/tag/0.9.7
0.9.6
This release contains an upgrade to Astral's fork of async_zip, which addresses
potential sources of ZIP parsing differentials between uv and other Python
packaging tooling. See GHSA-pqhf-p39g-3x64 for additional details.
https://github.com/astral-sh/uv/releases/tag/0.9.6
ruff
0.14.3
https://github.com/astral-sh/ruff/releases/tag/0.14.3
Update rust-get-size2/rust-get-size-derive2 to 0.7.1 (implement GetSize for
RefCell).
Update rust-reqsign to 0.18.1 and rust-reqsign-* to 2.0.1.
Update rust-regex to 1.12.2 and rust-regex-automata to 0.4.13.
--------------------------------------------------------------------------------
ChangeLog:
* Sun Nov 2 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.9.7-2
- Allow spdx 0.12
* Fri Oct 31 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.9.7-1
- Update to 0.9.7 (close RHBZ#2408776)
* Thu Oct 30 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.9.6-1
- Update to 0.9.6 (close RHBZ#2407283)
* Sat Oct 25 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.9.5-6
- Remove a few more now-unnecessary test skips
* Sat Oct 25 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.9.5-5
- Consolidate ppc64le/s390x skips for the same test
* Sat Oct 25 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.9.5-4
- Remove python_list::python_list* test skips that no longer fail
* Sat Oct 25 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.9.5-3
- Skip a test that is flaky on ppc64le
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2403244 - rust-regex-1.12.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2403244
[ 2 ] Bug #2403245 - rust-regex-automata-0.4.13 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2403245
[ 3 ] Bug #2406419 - rust-get-size2-0.7.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2406419
[ 4 ] Bug #2406420 - rust-get-size-derive2-0.7.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2406420
[ 5 ] Bug #2411978 - rust-reqsign-core-2.0.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2411978
[ 6 ] Bug #2411979 - rust-reqsign-command-execute-tokio-2.0.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2411979
[ 7 ] Bug #2411980 - rust-reqsign-aws-v4-2.0.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2411980
[ 8 ] Bug #2411981 - rust-reqsign-0.18.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2411981
[ 9 ] Bug #2411982 - rust-reqsign-http-send-reqwest-2.0.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2411982
[ 10 ] Bug #2411983 - rust-reqsign-file-read-tokio-2.0.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2411983
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-e60a4ba4d7' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
[SECURITY] Fedora 42 Update: rust-reqsign-command-execute-tokio-2.0.1-1.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-e60a4ba4d7
2025-11-15 01:30:31.747715+00:00
--------------------------------------------------------------------------------
Name : rust-reqsign-command-execute-tokio
Product : Fedora 42
Version : 2.0.1
Release : 1.fc42
URL : https://crates.io/crates/reqsign-command-execute-tokio
Summary : Tokio-based command execution implementation for reqsign
Description :
Tokio-based command execution implementation for reqsign.
--------------------------------------------------------------------------------
Update Information:
uv / python-uv-build
0.9.7
https://github.com/astral-sh/uv/releases/tag/0.9.7
0.9.6
This release contains an upgrade to Astral's fork of async_zip, which addresses
potential sources of ZIP parsing differentials between uv and other Python
packaging tooling. See GHSA-pqhf-p39g-3x64 for additional details.
https://github.com/astral-sh/uv/releases/tag/0.9.6
ruff
0.14.3
https://github.com/astral-sh/ruff/releases/tag/0.14.3
Update rust-get-size2/rust-get-size-derive2 to 0.7.1 (implement GetSize for
RefCell).
Update rust-reqsign to 0.18.1 and rust-reqsign-* to 2.0.1.
Update rust-regex to 1.12.2 and rust-regex-automata to 0.4.13.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Nov 5 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 2.0.1-1
- Update to version 2.0.1; Fixes RHBZ#2411979
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2403244 - rust-regex-1.12.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2403244
[ 2 ] Bug #2403245 - rust-regex-automata-0.4.13 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2403245
[ 3 ] Bug #2406419 - rust-get-size2-0.7.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2406419
[ 4 ] Bug #2406420 - rust-get-size-derive2-0.7.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2406420
[ 5 ] Bug #2411978 - rust-reqsign-core-2.0.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2411978
[ 6 ] Bug #2411979 - rust-reqsign-command-execute-tokio-2.0.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2411979
[ 7 ] Bug #2411980 - rust-reqsign-aws-v4-2.0.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2411980
[ 8 ] Bug #2411981 - rust-reqsign-0.18.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2411981
[ 9 ] Bug #2411982 - rust-reqsign-http-send-reqwest-2.0.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2411982
[ 10 ] Bug #2411983 - rust-reqsign-file-read-tokio-2.0.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2411983
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-e60a4ba4d7' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 42 Update: rust-reqsign-aws-v4-2.0.1-1.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-e60a4ba4d7
2025-11-15 01:30:31.747715+00:00
--------------------------------------------------------------------------------
Name : rust-reqsign-aws-v4
Product : Fedora 42
Version : 2.0.1
Release : 1.fc42
URL : https://crates.io/crates/reqsign-aws-v4
Summary : AWS SigV4 signing implementation for reqsign
Description :
AWS SigV4 signing implementation for reqsign.
--------------------------------------------------------------------------------
Update Information:
uv / python-uv-build
0.9.7
https://github.com/astral-sh/uv/releases/tag/0.9.7
0.9.6
This release contains an upgrade to Astral's fork of async_zip, which addresses
potential sources of ZIP parsing differentials between uv and other Python
packaging tooling. See GHSA-pqhf-p39g-3x64 for additional details.
https://github.com/astral-sh/uv/releases/tag/0.9.6
ruff
0.14.3
https://github.com/astral-sh/ruff/releases/tag/0.14.3
Update rust-get-size2/rust-get-size-derive2 to 0.7.1 (implement GetSize for
RefCell).
Update rust-reqsign to 0.18.1 and rust-reqsign-* to 2.0.1.
Update rust-regex to 1.12.2 and rust-regex-automata to 0.4.13.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Nov 5 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 2.0.1-1
- Update to version 2.0.1; Fixes RHBZ#2411980
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2403244 - rust-regex-1.12.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2403244
[ 2 ] Bug #2403245 - rust-regex-automata-0.4.13 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2403245
[ 3 ] Bug #2406419 - rust-get-size2-0.7.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2406419
[ 4 ] Bug #2406420 - rust-get-size-derive2-0.7.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2406420
[ 5 ] Bug #2411978 - rust-reqsign-core-2.0.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2411978
[ 6 ] Bug #2411979 - rust-reqsign-command-execute-tokio-2.0.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2411979
[ 7 ] Bug #2411980 - rust-reqsign-aws-v4-2.0.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2411980
[ 8 ] Bug #2411981 - rust-reqsign-0.18.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2411981
[ 9 ] Bug #2411982 - rust-reqsign-http-send-reqwest-2.0.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2411982
[ 10 ] Bug #2411983 - rust-reqsign-file-read-tokio-2.0.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2411983
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-e60a4ba4d7' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 42 Update: rust-reqsign-0.18.1-1.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-e60a4ba4d7
2025-11-15 01:30:31.747715+00:00
--------------------------------------------------------------------------------
Name : rust-reqsign
Product : Fedora 42
Version : 0.18.1
Release : 1.fc42
URL : https://crates.io/crates/reqsign
Summary : Signing HTTP requests for popular cloud services
Description :
Signing HTTP requests for AWS, Azure, Google, Huawei, Aliyun, Tencent
and Oracle services.
--------------------------------------------------------------------------------
Update Information:
uv / python-uv-build
0.9.7
https://github.com/astral-sh/uv/releases/tag/0.9.7
0.9.6
This release contains an upgrade to Astral's fork of async_zip, which addresses
potential sources of ZIP parsing differentials between uv and other Python
packaging tooling. See GHSA-pqhf-p39g-3x64 for additional details.
https://github.com/astral-sh/uv/releases/tag/0.9.6
ruff
0.14.3
https://github.com/astral-sh/ruff/releases/tag/0.14.3
Update rust-get-size2/rust-get-size-derive2 to 0.7.1 (implement GetSize for
RefCell).
Update rust-reqsign to 0.18.1 and rust-reqsign-* to 2.0.1.
Update rust-regex to 1.12.2 and rust-regex-automata to 0.4.13.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Nov 5 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.18.1-1
- Update to version 0.18.1; Fixes RHBZ#2411981
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2403244 - rust-regex-1.12.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2403244
[ 2 ] Bug #2403245 - rust-regex-automata-0.4.13 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2403245
[ 3 ] Bug #2406419 - rust-get-size2-0.7.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2406419
[ 4 ] Bug #2406420 - rust-get-size-derive2-0.7.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2406420
[ 5 ] Bug #2411978 - rust-reqsign-core-2.0.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2411978
[ 6 ] Bug #2411979 - rust-reqsign-command-execute-tokio-2.0.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2411979
[ 7 ] Bug #2411980 - rust-reqsign-aws-v4-2.0.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2411980
[ 8 ] Bug #2411981 - rust-reqsign-0.18.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2411981
[ 9 ] Bug #2411982 - rust-reqsign-http-send-reqwest-2.0.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2411982
[ 10 ] Bug #2411983 - rust-reqsign-file-read-tokio-2.0.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2411983
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-e60a4ba4d7' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 42 Update: rust-regex-1.12.2-1.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-e60a4ba4d7
2025-11-15 01:30:31.747715+00:00
--------------------------------------------------------------------------------
Name : rust-regex
Product : Fedora 42
Version : 1.12.2
Release : 1.fc42
URL : https://crates.io/crates/regex
Summary : Implementation of regular expressions for Rust
Description :
An implementation of regular expressions for Rust. This implementation
uses finite automata and guarantees linear time matching on all inputs.
--------------------------------------------------------------------------------
Update Information:
uv / python-uv-build
0.9.7
https://github.com/astral-sh/uv/releases/tag/0.9.7
0.9.6
This release contains an upgrade to Astral's fork of async_zip, which addresses
potential sources of ZIP parsing differentials between uv and other Python
packaging tooling. See GHSA-pqhf-p39g-3x64 for additional details.
https://github.com/astral-sh/uv/releases/tag/0.9.6
ruff
0.14.3
https://github.com/astral-sh/ruff/releases/tag/0.14.3
Update rust-get-size2/rust-get-size-derive2 to 0.7.1 (implement GetSize for
RefCell).
Update rust-reqsign to 0.18.1 and rust-reqsign-* to 2.0.1.
Update rust-regex to 1.12.2 and rust-regex-automata to 0.4.13.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Nov 6 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 1.12.2-1
- Update to version 1.12.2; Fixes RHBZ#2403244
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2403244 - rust-regex-1.12.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2403244
[ 2 ] Bug #2403245 - rust-regex-automata-0.4.13 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2403245
[ 3 ] Bug #2406419 - rust-get-size2-0.7.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2406419
[ 4 ] Bug #2406420 - rust-get-size-derive2-0.7.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2406420
[ 5 ] Bug #2411978 - rust-reqsign-core-2.0.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2411978
[ 6 ] Bug #2411979 - rust-reqsign-command-execute-tokio-2.0.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2411979
[ 7 ] Bug #2411980 - rust-reqsign-aws-v4-2.0.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2411980
[ 8 ] Bug #2411981 - rust-reqsign-0.18.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2411981
[ 9 ] Bug #2411982 - rust-reqsign-http-send-reqwest-2.0.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2411982
[ 10 ] Bug #2411983 - rust-reqsign-file-read-tokio-2.0.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2411983
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-e60a4ba4d7' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 42 Update: rust-get-size-derive2-0.7.1-1.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-e60a4ba4d7
2025-11-15 01:30:31.747715+00:00
--------------------------------------------------------------------------------
Name : rust-get-size-derive2
Product : Fedora 42
Version : 0.7.1
Release : 1.fc42
URL : https://crates.io/crates/get-size-derive2
Summary : Derives the GetSize trait
Description :
Derives the GetSize trait.
--------------------------------------------------------------------------------
Update Information:
uv / python-uv-build
0.9.7
https://github.com/astral-sh/uv/releases/tag/0.9.7
0.9.6
This release contains an upgrade to Astral's fork of async_zip, which addresses
potential sources of ZIP parsing differentials between uv and other Python
packaging tooling. See GHSA-pqhf-p39g-3x64 for additional details.
https://github.com/astral-sh/uv/releases/tag/0.9.6
ruff
0.14.3
https://github.com/astral-sh/ruff/releases/tag/0.14.3
Update rust-get-size2/rust-get-size-derive2 to 0.7.1 (implement GetSize for
RefCell).
Update rust-reqsign to 0.18.1 and rust-reqsign-* to 2.0.1.
Update rust-regex to 1.12.2 and rust-regex-automata to 0.4.13.
--------------------------------------------------------------------------------
ChangeLog:
* Sun Oct 26 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.7.1-1
- Update to version 0.7.1; Fixes RHBZ#2406420
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2403244 - rust-regex-1.12.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2403244
[ 2 ] Bug #2403245 - rust-regex-automata-0.4.13 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2403245
[ 3 ] Bug #2406419 - rust-get-size2-0.7.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2406419
[ 4 ] Bug #2406420 - rust-get-size-derive2-0.7.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2406420
[ 5 ] Bug #2411978 - rust-reqsign-core-2.0.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2411978
[ 6 ] Bug #2411979 - rust-reqsign-command-execute-tokio-2.0.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2411979
[ 7 ] Bug #2411980 - rust-reqsign-aws-v4-2.0.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2411980
[ 8 ] Bug #2411981 - rust-reqsign-0.18.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2411981
[ 9 ] Bug #2411982 - rust-reqsign-http-send-reqwest-2.0.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2411982
[ 10 ] Bug #2411983 - rust-reqsign-file-read-tokio-2.0.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2411983
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-e60a4ba4d7' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 42 Update: rust-get-size2-0.7.1-1.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-e60a4ba4d7
2025-11-15 01:30:31.747715+00:00
--------------------------------------------------------------------------------
Name : rust-get-size2
Product : Fedora 42
Version : 0.7.1
Release : 1.fc42
URL : https://crates.io/crates/get-size2
Summary : Determine the size in bytes an object occupies inside RAM
Description :
Determine the size in bytes an object occupies inside RAM.
--------------------------------------------------------------------------------
Update Information:
uv / python-uv-build
0.9.7
https://github.com/astral-sh/uv/releases/tag/0.9.7
0.9.6
This release contains an upgrade to Astral's fork of async_zip, which addresses
potential sources of ZIP parsing differentials between uv and other Python
packaging tooling. See GHSA-pqhf-p39g-3x64 for additional details.
https://github.com/astral-sh/uv/releases/tag/0.9.6
ruff
0.14.3
https://github.com/astral-sh/ruff/releases/tag/0.14.3
Update rust-get-size2/rust-get-size-derive2 to 0.7.1 (implement GetSize for
RefCell).
Update rust-reqsign to 0.18.1 and rust-reqsign-* to 2.0.1.
Update rust-regex to 1.12.2 and rust-regex-automata to 0.4.13.
--------------------------------------------------------------------------------
ChangeLog:
* Sun Oct 26 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.7.1-1
- Update to version 0.7.1; Fixes RHBZ#2406419
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2403244 - rust-regex-1.12.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2403244
[ 2 ] Bug #2403245 - rust-regex-automata-0.4.13 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2403245
[ 3 ] Bug #2406419 - rust-get-size2-0.7.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2406419
[ 4 ] Bug #2406420 - rust-get-size-derive2-0.7.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2406420
[ 5 ] Bug #2411978 - rust-reqsign-core-2.0.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2411978
[ 6 ] Bug #2411979 - rust-reqsign-command-execute-tokio-2.0.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2411979
[ 7 ] Bug #2411980 - rust-reqsign-aws-v4-2.0.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2411980
[ 8 ] Bug #2411981 - rust-reqsign-0.18.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2411981
[ 9 ] Bug #2411982 - rust-reqsign-http-send-reqwest-2.0.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2411982
[ 10 ] Bug #2411983 - rust-reqsign-file-read-tokio-2.0.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2411983
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-e60a4ba4d7' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 42 Update: ruff-0.14.3-1.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-e60a4ba4d7
2025-11-15 01:30:31.747715+00:00
--------------------------------------------------------------------------------
Name : ruff
Product : Fedora 42
Version : 0.14.3
Release : 1.fc42
URL : https://github.com/astral-sh/ruff
Summary : Extremely fast Python linter and code formatter
Description :
An extremely fast Python linter and code formatter, written in Rust.
Ruff aims to be orders of magnitude faster than alternative tools while
integrating more functionality behind a single, common interface.
Ruff can be used to replace Flake8 (plus dozens of plugins), Black, isort,
pydocstyle, pyupgrade, autoflake, and more, all while executing tens or
hundreds of times faster than any individual tool.
--------------------------------------------------------------------------------
Update Information:
uv / python-uv-build
0.9.7
https://github.com/astral-sh/uv/releases/tag/0.9.7
0.9.6
This release contains an upgrade to Astral's fork of async_zip, which addresses
potential sources of ZIP parsing differentials between uv and other Python
packaging tooling. See GHSA-pqhf-p39g-3x64 for additional details.
https://github.com/astral-sh/uv/releases/tag/0.9.6
ruff
0.14.3
https://github.com/astral-sh/ruff/releases/tag/0.14.3
Update rust-get-size2/rust-get-size-derive2 to 0.7.1 (implement GetSize for
RefCell).
Update rust-reqsign to 0.18.1 and rust-reqsign-* to 2.0.1.
Update rust-regex to 1.12.2 and rust-regex-automata to 0.4.13.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Oct 31 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.14.3-1
- Update to 0.14.3 (close RHBZ#2408774)
* Fri Oct 31 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.14.2-2
- Allow etcetera 0.11
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2403244 - rust-regex-1.12.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2403244
[ 2 ] Bug #2403245 - rust-regex-automata-0.4.13 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2403245
[ 3 ] Bug #2406419 - rust-get-size2-0.7.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2406419
[ 4 ] Bug #2406420 - rust-get-size-derive2-0.7.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2406420
[ 5 ] Bug #2411978 - rust-reqsign-core-2.0.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2411978
[ 6 ] Bug #2411979 - rust-reqsign-command-execute-tokio-2.0.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2411979
[ 7 ] Bug #2411980 - rust-reqsign-aws-v4-2.0.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2411980
[ 8 ] Bug #2411981 - rust-reqsign-0.18.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2411981
[ 9 ] Bug #2411982 - rust-reqsign-http-send-reqwest-2.0.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2411982
[ 10 ] Bug #2411983 - rust-reqsign-file-read-tokio-2.0.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2411983
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-e60a4ba4d7' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 42 Update: python-uv-build-0.9.7-2.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-e60a4ba4d7
2025-11-15 01:30:31.747715+00:00
--------------------------------------------------------------------------------
Name : python-uv-build
Product : Fedora 42
Version : 0.9.7
Release : 2.fc42
URL : https://pypi.org/project/uv-build
Summary : The uv build backend
Description :
This package is a slimmed down version of uv containing only the build
backend.
--------------------------------------------------------------------------------
Update Information:
uv / python-uv-build
0.9.7
https://github.com/astral-sh/uv/releases/tag/0.9.7
0.9.6
This release contains an upgrade to Astral's fork of async_zip, which addresses
potential sources of ZIP parsing differentials between uv and other Python
packaging tooling. See GHSA-pqhf-p39g-3x64 for additional details.
https://github.com/astral-sh/uv/releases/tag/0.9.6
ruff
0.14.3
https://github.com/astral-sh/ruff/releases/tag/0.14.3
Update rust-get-size2/rust-get-size-derive2 to 0.7.1 (implement GetSize for
RefCell).
Update rust-reqsign to 0.18.1 and rust-reqsign-* to 2.0.1.
Update rust-regex to 1.12.2 and rust-regex-automata to 0.4.13.
--------------------------------------------------------------------------------
ChangeLog:
* Sun Nov 2 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.9.7-2
- Allow spdx 0.12
* Fri Oct 31 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.9.7-1
- Update to 0.9.7 (close RHBZ#2408519)
* Wed Oct 29 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.9.6-1
- Update to 0.9.6 (close RHBZ#2407236)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2403244 - rust-regex-1.12.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2403244
[ 2 ] Bug #2403245 - rust-regex-automata-0.4.13 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2403245
[ 3 ] Bug #2406419 - rust-get-size2-0.7.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2406419
[ 4 ] Bug #2406420 - rust-get-size-derive2-0.7.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2406420
[ 5 ] Bug #2411978 - rust-reqsign-core-2.0.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2411978
[ 6 ] Bug #2411979 - rust-reqsign-command-execute-tokio-2.0.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2411979
[ 7 ] Bug #2411980 - rust-reqsign-aws-v4-2.0.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2411980
[ 8 ] Bug #2411981 - rust-reqsign-0.18.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2411981
[ 9 ] Bug #2411982 - rust-reqsign-http-send-reqwest-2.0.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2411982
[ 10 ] Bug #2411983 - rust-reqsign-file-read-tokio-2.0.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2411983
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-e60a4ba4d7' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 43 Update: containerd-2.1.5-1.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-ffac32ead0
2025-11-15 00:51:07.993136+00:00
--------------------------------------------------------------------------------
Name : containerd
Product : Fedora 43
Version : 2.1.5
Release : 1.fc43
URL : https://github.com/containerd/containerd
Summary : An open and reliable container runtime
Description :
Containerd is an industry-standard container runtime with an emphasis on
simplicity, robustness and portability. It is available as a daemon for Linux
and Windows, which can manage the complete container lifecycle of its host
system: image transfer and storage, container execution and supervision,
low-level storage and network attachments, etc.
--------------------------------------------------------------------------------
Update Information:
Update to release v2.1.5
--------------------------------------------------------------------------------
ChangeLog:
* Thu Nov 6 2025 Bradley G Smith [bradley.g.smith@gmail.com] - 2.1.5-1
- Update to release v2.1.5
- Resolves: GHSA-pwhc-rpq9-4c8w (CVE-2024-25621)
- Resolves: GHSA-m6hq-p25p-ffr2
- Resolves: rhbz#2408134 rhbz#2408696 rhbz#2409604 rhbz#2410555
- Resolves: rhbz#2412671
- Upstream fixes
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2408134 - CVE-2025-58189 containerd: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2408134
[ 2 ] Bug #2408696 - CVE-2025-61725 containerd: Excessive CPU consumption in ParseAddress in net/mail [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2408696
[ 3 ] Bug #2409604 - CVE-2025-61723 containerd: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2409604
[ 4 ] Bug #2410555 - CVE-2025-58185 containerd: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2410555
[ 5 ] Bug #2412671 - CVE-2025-58183 containerd: Unbounded allocation when parsing GNU sparse map [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2412671
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-ffac32ead0' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 43 Update: opentofu-1.10.7-1.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-21b93506d5
2025-11-15 00:51:07.993138+00:00
--------------------------------------------------------------------------------
Name : opentofu
Product : Fedora 43
Version : 1.10.7
Release : 1.fc43
URL : https://github.com/opentofu/opentofu
Summary : OpenTofu lets you declaratively manage your cloud infrastructure
Description :
OpenTofu lets you declaratively manage your cloud infrastructure.
--------------------------------------------------------------------------------
Update Information:
Update to 1.10.7
--------------------------------------------------------------------------------
ChangeLog:
* Thu Nov 6 2025 Mikel Olasagasti Uranga [mikel@olasagasti.info] - 1.10.7-1
- Update to 1.10.7 - Closes rhbz#2413156
* Fri Oct 10 2025 Alejandro S??ez [asm@redhat.com] - 1.10.6-2
- rebuild
* Thu Sep 4 2025 Mikel Olasagasti Uranga [mikel@olasagasti.info] - 1.10.6-1
- Update to 1.10.6 - Closes rhbz#2385775
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-21b93506d5' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
