Fedora 44 Update: pypy-7.3.22-2.fc44
Fedora 44 Update: libgit2_1.8-1.8.5-1.fc44
Fedora 44 Update: yelp-49.1-1.fc44
Fedora 44 Update: python-jupytext-1.19.1-4.fc44
Fedora 42 Update: libgit2_1.8-1.8.5-1.fc42
Fedora 42 Update: python-jupytext-1.19.1-4.fc42
Fedora 43 Update: pypy-7.3.22-2.fc43
Fedora 43 Update: yelp-49.1-1.fc43
Fedora 43 Update: libgit2_1.8-1.8.5-1.fc43
Fedora 43 Update: python-jupytext-1.19.1-4.fc43
[SECURITY] Fedora 44 Update: pypy-7.3.22-2.fc44
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-130f7539d3
2026-05-17 01:26:47.130170+00:00
--------------------------------------------------------------------------------
Name : pypy
Product : Fedora 44
Version : 7.3.22
Release : 2.fc44
URL : https://www.pypy.org/
Summary : Python implementation with a Just-In-Time compiler
Description :
PyPy's implementation of Python, featuring a Just-In-Time compiler on some CPU
architectures, and various optimized implementations of the standard types
(strings, dictionaries, etc)
This build of PyPy has JIT-compilation enabled.
--------------------------------------------------------------------------------
Update Information:
Security fix for CVE-2026-3219 in the bundled pip wheel
--------------------------------------------------------------------------------
ChangeLog:
* Tue May 5 2026 Charalampos Stratakis [cstratak@redhat.com] - 7.3.22-2
- Security fix for CVE-2026-3219 in the bundled pip wheel
- Fixes: rhbz#2461288
* Tue May 5 2026 Charalampos Stratakis [cstratak@redhat.com] - 7.3.22-1
- Update to 7.3.22
- Fixes: rhbz#2463475
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2461288 - CVE-2026-3219 pypy: pip: Incorrect file installation due to improper archive handling [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2461288
[ 2 ] Bug #2463475 - pypy-7.3.22 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2463475
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-130f7539d3' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 44 Update: libgit2_1.8-1.8.5-1.fc44
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-a4d5162b52
2026-05-17 01:26:47.130155+00:00
--------------------------------------------------------------------------------
Name : libgit2_1.8
Product : Fedora 44
Version : 1.8.5
Release : 1.fc44
URL : https://libgit2.org/
Summary : C implementation of the Git core methods as a library with a solid API
Description :
libgit2 is a portable, pure C implementation of the Git core methods
provided as a re-entrant linkable library with a solid API, allowing
you to write native speed custom Git applications in any language
with bindings.
--------------------------------------------------------------------------------
Update Information:
Update to version 1.8.5.
Release notes: https://github.com/libgit2/libgit2/releases/tag/v1.8.5
--------------------------------------------------------------------------------
ChangeLog:
* Wed May 6 2026 Fabio Valentini [decathorpe@gmail.com] - 1.8.5-1
- Update to version 1.8.5
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-a4d5162b52' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 44 Update: yelp-49.1-1.fc44
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-ed4f450fa9
2026-05-17 01:26:47.130151+00:00
--------------------------------------------------------------------------------
Name : yelp
Product : Fedora 44
Version : 49.1
Release : 1.fc44
URL : https://wiki.gnome.org/Apps/Yelp
Summary : Help browser for the GNOME desktop
Description :
Yelp is the help browser for the GNOME desktop. It is designed
to help you browse all the documentation on your system in
one central tool, including traditional man pages, info pages and
documentation written in DocBook.
--------------------------------------------------------------------------------
Update Information:
Yelp 49.1, fixing: Flatpak applications are able to exfiltrate host files due to
yelp's CSP being too permissive
--------------------------------------------------------------------------------
ChangeLog:
* Wed May 6 2026 Packit [hello@packit.dev] - 2:49.1-1
- Update to 49.1 upstream release
* Mon Mar 2 2026 Jan Grulich [jgrulich@redhat.com] - 2:49.0-5
- Packit: drop upstream_project_url and rely on release-monitoring only
* Wed Feb 25 2026 Jan Grulich [jgrulich@redhat.com] - 2:49.0-4
- Packit: drop fast_forward_merge_into as current stable branches diverge
* Tue Feb 24 2026 Jan Grulich [jgrulich@redhat.com] - 2:49.0-3
- Onboard to Packit for stable Fedora branches
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-ed4f450fa9' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 44 Update: python-jupytext-1.19.1-4.fc44
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-301cbbe347
2026-05-17 01:26:47.130078+00:00
--------------------------------------------------------------------------------
Name : python-jupytext
Product : Fedora 44
Version : 1.19.1
Release : 4.fc44
URL : https://jupytext.readthedocs.io/
Summary : Save Jupyter notebooks as text documents or scripts
Description :
Have you always wished Jupyter notebooks were plain text documents? Wished
you could edit them in your favorite IDE? And get clear and meaningful diffs
when doing version control? Then... Jupytext may well be the tool you're
looking for!
Jupytext is a plugin for Jupyter that can save Jupyter notebooks as
- Markdown files (or MyST Markdown files, or R Markdown or Quarto text
notebooks)
- Scripts in many languages.
Common use cases for Jupytext are:
- Doing version control on Jupyter Notebooks
- Editing, merging or refactoring notebooks in your favorite text editor
- Applying Q&A checks on notebooks.
--------------------------------------------------------------------------------
Update Information:
This update contains upgrades to various npm packages used during the build to
address CVEs, namely:
CVE-2025-69873 (ajv)
CVE-2026-0540 (DOMPurify)
CVE-2026-3449 (@tootallnate/once)
CVE-2026-4800 (lodash)
CVE-2026-6321 (fast-uri)
CVE-2026-41240 (DOMPurify)
This is probably unimportant since these packages are used at build-time only.
They are not shipped with python3-jupytext and therefore do not affect runtime.
--------------------------------------------------------------------------------
ChangeLog:
* Thu May 7 2026 Jerry James [loganjerry@gmail.com] - 1.19.1-4
- Update various npm components used in the build
- Fix CVE-2025-69873: update ajv to 6.15.0/8.20.0
- Fix CVE-2026-0540 and CVE-2026-41240: update DOMPurify to 3.4.2
- Fix CVE-2026-3449: update @tootallnate/once to 3.0.1
- Fix CVE-2026-4800: update lodash to 4.18.1
- Fix CVE-2026-6321: update fast-uri to 3.1.2
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2444210 - CVE-2026-3449 python-jupytext: @tootallnate/once: Denial of Service due to incorrect control flow scoping with AbortSignal [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2444210
[ 2 ] Bug #2444288 - CVE-2026-0540 python-jupytext: DOMPurify: Cross-site scripting vulnerability [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2444288
[ 3 ] Bug #2454050 - CVE-2026-4800 python-jupytext: lodash: Arbitrary code execution via untrusted input in template imports [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2454050
[ 4 ] Bug #2463432 - CVE-2026-41240 python-jupytext: DOMPurify: Cross-Site Scripting (XSS) via inconsistent tag sanitization [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2463432
[ 5 ] Bug #2466943 - CVE-2026-6321 python-jupytext: fast-uri: Path traversal vulnerability allows bypass of security policies [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2466943
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-301cbbe347' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 42 Update: libgit2_1.8-1.8.5-1.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-bb6bb5d1e4
2026-05-17 01:05:24.299228+00:00
--------------------------------------------------------------------------------
Name : libgit2_1.8
Product : Fedora 42
Version : 1.8.5
Release : 1.fc42
URL : https://libgit2.org/
Summary : C implementation of the Git core methods as a library with a solid API
Description :
libgit2 is a portable, pure C implementation of the Git core methods
provided as a re-entrant linkable library with a solid API, allowing
you to write native speed custom Git applications in any language
with bindings.
--------------------------------------------------------------------------------
Update Information:
Update to version 1.8.5.
Release notes: https://github.com/libgit2/libgit2/releases/tag/v1.8.5
--------------------------------------------------------------------------------
ChangeLog:
* Wed May 6 2026 Fabio Valentini [decathorpe@gmail.com] - 1.8.5-1
- Update to version 1.8.5
* Fri Jan 16 2026 Fedora Release Engineering [releng@fedoraproject.org] - 1.8.4-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
* Thu Jul 24 2025 Fedora Release Engineering [releng@fedoraproject.org] - 1.8.4-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
* Sun May 18 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 1.8.4-3
- Rebuilt for llhttp 9.3.0
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-bb6bb5d1e4' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 42 Update: python-jupytext-1.19.1-4.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-793b55138d
2026-05-17 01:05:24.299184+00:00
--------------------------------------------------------------------------------
Name : python-jupytext
Product : Fedora 42
Version : 1.19.1
Release : 4.fc42
URL : https://jupytext.readthedocs.io/
Summary : Save Jupyter notebooks as text documents or scripts
Description :
Have you always wished Jupyter notebooks were plain text documents? Wished
you could edit them in your favorite IDE? And get clear and meaningful diffs
when doing version control? Then... Jupytext may well be the tool you're
looking for!
Jupytext is a plugin for Jupyter that can save Jupyter notebooks as
- Markdown files (or MyST Markdown files, or R Markdown or Quarto text
notebooks)
- Scripts in many languages.
Common use cases for Jupytext are:
- Doing version control on Jupyter Notebooks
- Editing, merging or refactoring notebooks in your favorite text editor
- Applying Q&A checks on notebooks.
--------------------------------------------------------------------------------
Update Information:
This update contains upgrades to various npm packages used during the build to
address CVEs, namely:
CVE-2025-69873 (ajv)
CVE-2026-0540 (DOMPurify)
CVE-2026-3449 (@tootallnate/once)
CVE-2026-4800 (lodash)
CVE-2026-6321 (fast-uri)
CVE-2026-41240 (DOMPurify)
This is probably unimportant since these packages are used at build-time only.
They are not shipped with python3-jupytext and therefore do not affect runtime.
--------------------------------------------------------------------------------
ChangeLog:
* Fri May 8 2026 Jerry James [loganjerry@gmail.com] - 1.19.1-4
- Update various npm components used in the build
- Fix CVE-2025-69873: update ajv to 6.15.0/8.20.0
- Fix CVE-2026-0540 and CVE-2026-41240: update DOMPurify to 3.4.2
- Fix CVE-2026-3449: update @tootallnate/once to 3.0.1
- Fix CVE-2026-4800: update lodash to 4.18.1
- Fix CVE-2026-6321: update fast-uri to 3.1.2
* Fri May 8 2026 Jerry James [loganjerry@gmail.com] - 1.19.1-3
- Permit building with any version of nodejs
* Fri May 8 2026 Jerry James [loganjerry@gmail.com] - 1.19.1-2
- Adapt to nodejs24
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2439389 - CVE-2025-69873 python-jupytext: ReDoS via $data reference [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2439389
[ 2 ] Bug #2444210 - CVE-2026-3449 python-jupytext: @tootallnate/once: Denial of Service due to incorrect control flow scoping with AbortSignal [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2444210
[ 3 ] Bug #2444288 - CVE-2026-0540 python-jupytext: DOMPurify: Cross-site scripting vulnerability [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2444288
[ 4 ] Bug #2454050 - CVE-2026-4800 python-jupytext: lodash: Arbitrary code execution via untrusted input in template imports [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2454050
[ 5 ] Bug #2463432 - CVE-2026-41240 python-jupytext: DOMPurify: Cross-Site Scripting (XSS) via inconsistent tag sanitization [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2463432
[ 6 ] Bug #2466943 - CVE-2026-6321 python-jupytext: fast-uri: Path traversal vulnerability allows bypass of security policies [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2466943
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-793b55138d' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 43 Update: pypy-7.3.22-2.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-3505a95524
2026-05-17 00:48:46.610623+00:00
--------------------------------------------------------------------------------
Name : pypy
Product : Fedora 43
Version : 7.3.22
Release : 2.fc43
URL : https://www.pypy.org/
Summary : Python implementation with a Just-In-Time compiler
Description :
PyPy's implementation of Python, featuring a Just-In-Time compiler on some CPU
architectures, and various optimized implementations of the standard types
(strings, dictionaries, etc)
This build of PyPy has JIT-compilation enabled.
--------------------------------------------------------------------------------
Update Information:
Security fix for CVE-2026-3219 in the bundled pip wheel
--------------------------------------------------------------------------------
ChangeLog:
* Tue May 5 2026 Charalampos Stratakis [cstratak@redhat.com] - 7.3.22-2
- Security fix for CVE-2026-3219 in the bundled pip wheel
- Fixes: rhbz#2461288
* Tue May 5 2026 Charalampos Stratakis [cstratak@redhat.com] - 7.3.22-1
- Update to 7.3.22
- Fixes: rhbz#2463475
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2461288 - CVE-2026-3219 pypy: pip: Incorrect file installation due to improper archive handling [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2461288
[ 2 ] Bug #2463475 - pypy-7.3.22 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2463475
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-3505a95524' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 43 Update: yelp-49.1-1.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-7c3b91a2bc
2026-05-17 00:48:46.610603+00:00
--------------------------------------------------------------------------------
Name : yelp
Product : Fedora 43
Version : 49.1
Release : 1.fc43
URL : https://wiki.gnome.org/Apps/Yelp
Summary : Help browser for the GNOME desktop
Description :
Yelp is the help browser for the GNOME desktop. It is designed
to help you browse all the documentation on your system in
one central tool, including traditional man pages, info pages and
documentation written in DocBook.
--------------------------------------------------------------------------------
Update Information:
Yelp 49.1, fixing: Flatpak applications are able to exfiltrate host files due to
yelp's CSP being too permissive
--------------------------------------------------------------------------------
ChangeLog:
* Wed May 6 2026 Packit [hello@packit.dev] - 2:49.1-1
- Update to 49.1 upstream release
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-7c3b91a2bc' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 43 Update: libgit2_1.8-1.8.5-1.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-7b1d032de7
2026-05-17 00:48:46.610610+00:00
--------------------------------------------------------------------------------
Name : libgit2_1.8
Product : Fedora 43
Version : 1.8.5
Release : 1.fc43
URL : https://libgit2.org/
Summary : C implementation of the Git core methods as a library with a solid API
Description :
libgit2 is a portable, pure C implementation of the Git core methods
provided as a re-entrant linkable library with a solid API, allowing
you to write native speed custom Git applications in any language
with bindings.
--------------------------------------------------------------------------------
Update Information:
Update to version 1.8.5.
Release notes: https://github.com/libgit2/libgit2/releases/tag/v1.8.5
--------------------------------------------------------------------------------
ChangeLog:
* Wed May 6 2026 Fabio Valentini [decathorpe@gmail.com] - 1.8.5-1
- Update to version 1.8.5
* Fri Jan 16 2026 Fedora Release Engineering [releng@fedoraproject.org] - 1.8.4-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-7b1d032de7' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 43 Update: python-jupytext-1.19.1-4.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-85b819b928
2026-05-17 00:48:46.610569+00:00
--------------------------------------------------------------------------------
Name : python-jupytext
Product : Fedora 43
Version : 1.19.1
Release : 4.fc43
URL : https://jupytext.readthedocs.io/
Summary : Save Jupyter notebooks as text documents or scripts
Description :
Have you always wished Jupyter notebooks were plain text documents? Wished
you could edit them in your favorite IDE? And get clear and meaningful diffs
when doing version control? Then... Jupytext may well be the tool you're
looking for!
Jupytext is a plugin for Jupyter that can save Jupyter notebooks as
- Markdown files (or MyST Markdown files, or R Markdown or Quarto text
notebooks)
- Scripts in many languages.
Common use cases for Jupytext are:
- Doing version control on Jupyter Notebooks
- Editing, merging or refactoring notebooks in your favorite text editor
- Applying Q&A checks on notebooks.
--------------------------------------------------------------------------------
Update Information:
This update contains upgrades to various npm packages used during the build to
address CVEs, namely:
CVE-2025-69873 (ajv)
CVE-2026-0540 (DOMPurify)
CVE-2026-3449 (@tootallnate/once)
CVE-2026-4800 (lodash)
CVE-2026-6321 (fast-uri)
CVE-2026-41240 (DOMPurify)
This is probably unimportant since these packages are used at build-time only.
They are not shipped with python3-jupytext and therefore do not affect runtime.
--------------------------------------------------------------------------------
ChangeLog:
* Fri May 8 2026 Jerry James [loganjerry@gmail.com] - 1.19.1-4
- Update various npm components used in the build
- Fix CVE-2025-69873: update ajv to 6.15.0/8.20.0
- Fix CVE-2026-0540 and CVE-2026-41240: update DOMPurify to 3.4.2
- Fix CVE-2026-3449: update @tootallnate/once to 3.0.1
- Fix CVE-2026-4800: update lodash to 4.18.1
- Fix CVE-2026-6321: update fast-uri to 3.1.2
* Fri May 8 2026 Jerry James [loganjerry@gmail.com] - 1.19.1-3
- Permit building with any version of nodejs
* Fri May 8 2026 Jerry James [loganjerry@gmail.com] - 1.19.1-2
- Adapt to nodejs24
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2439408 - CVE-2025-69873 python-jupytext: ReDoS via $data reference [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2439408
[ 2 ] Bug #2444210 - CVE-2026-3449 python-jupytext: @tootallnate/once: Denial of Service due to incorrect control flow scoping with AbortSignal [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2444210
[ 3 ] Bug #2444288 - CVE-2026-0540 python-jupytext: DOMPurify: Cross-site scripting vulnerability [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2444288
[ 4 ] Bug #2454050 - CVE-2026-4800 python-jupytext: lodash: Arbitrary code execution via untrusted input in template imports [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2454050
[ 5 ] Bug #2463432 - CVE-2026-41240 python-jupytext: DOMPurify: Cross-Site Scripting (XSS) via inconsistent tag sanitization [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2463432
[ 6 ] Bug #2466943 - CVE-2026-6321 python-jupytext: fast-uri: Path traversal vulnerability allows bypass of security policies [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2466943
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-85b819b928' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
