Fedora 44 Update: python3.14-3.14.3-2.fc44
Fedora 44 Update: insight-18.0.50.20260306-2.fc44
Fedora 44 Update: rust-scx_rusty-0.5.4-8.fc44
Fedora 44 Update: rust-scx_rustland-0.0.3-8.fc44
Fedora 44 Update: rust-scx_layered-0.0.6-8.fc44
Fedora 44 Update: rust-resctl-bench-2.2.5-12.fc44
Fedora 44 Update: cpp-httplib-0.38.0-1.fc44
Fedora 42 Update: xen-4.19.5-1.fc42
Fedora 42 Update: insight-18.0.50.20260306-2.fc42
Fedora 42 Update: firefox-149.0-4.fc42
Fedora 42 Update: rust-resctl-bench-2.2.5-12.fc42
Fedora 42 Update: rust-cargo-vendor-filterer-0.5.18-4.fc42
Fedora 42 Update: cpp-httplib-0.37.2-1.fc42
Fedora 42 Update: rust-cargo-rpmstatus-0.2.4-3.fc42
Fedora 43 Update: python-gstreamer1-1.26.11-1.fc43
Fedora 43 Update: gstreamer1-vaapi-1.26.11-1.fc43
Fedora 43 Update: gstreamer1-rtsp-server-1.26.11-1.fc43
Fedora 43 Update: gstreamer1-plugins-bad-free-1.26.11-1.fc43
Fedora 43 Update: gstreamer1-plugins-ugly-free-1.26.11-1.fc43
Fedora 43 Update: gstreamer1-doc-1.26.11-1.fc43
Fedora 43 Update: gstreamer1-1.26.11-1.fc43
Fedora 43 Update: gst-editing-services-1.26.11-1.fc43
Fedora 43 Update: gst-devtools-1.26.11-1.fc43
Fedora 43 Update: gstreamer1-plugins-good-1.26.11-1.fc43
Fedora 43 Update: gstreamer1-plugins-base-1.26.11-1.fc43
Fedora 43 Update: gstreamer1-plugin-libav-1.26.11-1.fc43
Fedora 43 Update: rust-1.94.1-1.fc43
Fedora 43 Update: insight-18.0.50.20260306-2.fc43
Fedora 43 Update: freerdp-3.24.2-1.fc43
Fedora 43 Update: rust-resctl-bench-2.2.5-12.fc43
Fedora 43 Update: chunkah-0.3.2-1.fc43
Fedora 43 Update: cpp-httplib-0.38.0-1.fc43
Fedora 43 Update: rust-cargo-vendor-filterer-0.5.18-4.fc43
[SECURITY] Fedora 44 Update: python3.14-3.14.3-2.fc44
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-3d7ea476e1
2026-03-31 14:46:13.737884+00:00
--------------------------------------------------------------------------------
Name : python3.14
Product : Fedora 44
Version : 3.14.3
Release : 2.fc44
URL : https://www.python.org/
Summary : Version 3.14 of the Python interpreter
Description :
Python 3.14 is an accessible, high-level, dynamically typed, interpreted
programming language, designed with an emphasis on code readability.
It includes an extensive standard library, and has a vast ecosystem of
third-party libraries.
--------------------------------------------------------------------------------
Update Information:
Security fix for CVE-2026-4519
--------------------------------------------------------------------------------
ChangeLog:
* Thu Mar 26 2026 Lum??r Balhar [lbalhar@redhat.com] - 3.14.3-2
- Security fix for CVE-2026-4519 (rhbz#2449730)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2449730 - CVE-2026-4519 python3.14: Python: Command-line option injection in webbrowser.open() via crafted URLs [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2449730
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-3d7ea476e1' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
[SECURITY] Fedora 44 Update: insight-18.0.50.20260306-2.fc44
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-d79ba951dd
2026-03-31 14:46:13.737844+00:00
--------------------------------------------------------------------------------
Name : insight
Product : Fedora 44
Version : 18.0.50.20260306
Release : 2.fc44
URL : https://www.sourceware.org/insight/
Summary : Graphical debugger based on GDB
Description :
Insight is a tight graphical user interface to GDB written in Tcl/Tk.
It provides a comprehensive interface that enables users to harness
most of GDB's power. It's also probably the only up-to-date UI for
the latest GDB version.
--------------------------------------------------------------------------------
Update Information:
Fix CVE-2026-4647.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Mar 23 2026 Patrick Monnerat [patrick@monnerat.net] 18.0.50.20260306-2
- Patch "cve-2026-4647" to fix CVE-2026-4647.
https://bugzilla.redhat.com/show_bug.cgi?id=2450318
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2450318 - CVE-2026-4647 insight: Out-of-Bounds Read in XCOFF Relocation Processing in GNU Binutils BFD Library [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2450318
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-d79ba951dd' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 44 Update: rust-scx_rusty-0.5.4-8.fc44
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-2d77e9f2c0
2026-03-31 14:46:13.737867+00:00
--------------------------------------------------------------------------------
Name : rust-scx_rusty
Product : Fedora 44
Version : 0.5.4
Release : 8.fc44
URL : https://crates.io/crates/scx_rusty
Summary : A multi-domain, BPF / user space hybrid scheduler
Description :
A multi-domain, BPF / user space hybrid scheduler used within sched_ext,
which is a Linux kernel feature which enables implementing kernel thread
schedulers in BPF and dynamically loading them.
https://github.com/sched-ext/scx/tree/main
--------------------------------------------------------------------------------
Update Information:
Rebuilt with rust-tar 0.4.45 for CVE-2026-33056
--------------------------------------------------------------------------------
ChangeLog:
* Mon Mar 23 2026 Benjamin A. Beasley [code@musicinmybrain.net] - 0.5.4-8
- Rebuilt with rust-tar 0.4.45 for CVE-2026-33056
- Update License based on a current Rawhide build
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-2d77e9f2c0' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 44 Update: rust-scx_rustland-0.0.3-8.fc44
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-4bf6df19ae
2026-03-31 14:46:13.737863+00:00
--------------------------------------------------------------------------------
Name : rust-scx_rustland
Product : Fedora 44
Version : 0.0.3
Release : 8.fc44
URL : https://crates.io/crates/scx_rustland
Summary : A simple user-space scheduler written in Rust
Description :
A BPF component (dispatcher) that implements the low level
sched-ext functionalities and a user-space counterpart (scheduler),
written in Rust, that implements the actual scheduling policy.
This is used within sched_ext, which is a Linux kernel feature
which enables implementing kernel thread schedulers in BPF and
dynamically loading them.
https://github.com/sched-ext/scx/tree/main
--------------------------------------------------------------------------------
Update Information:
Rebuilt with rust-tar 0.4.45 for CVE-2026-33056
--------------------------------------------------------------------------------
ChangeLog:
* Mon Mar 23 2026 Benjamin A. Beasley [code@musicinmybrain.net] - 0.0.3-8
- Rebuilt with rust-tar 0.4.45 for CVE-2026-33056
- Update License based on a current Rawhide build
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-4bf6df19ae' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 44 Update: rust-scx_layered-0.0.6-8.fc44
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-27e6e0b664
2026-03-31 14:46:13.737860+00:00
--------------------------------------------------------------------------------
Name : rust-scx_layered
Product : Fedora 44
Version : 0.0.6
Release : 8.fc44
URL : https://crates.io/crates/scx_layered
Summary : Configurable multi-layer BPF / user space hybrid scheduler
Description :
A highly configurable multi-layer BPF / user space hybrid scheduler
used within sched_ext, which is a Linux kernel feature which enables
implementing kernel thread schedulers in BPF and dynamically loading
them. https://github.com/sched-ext/scx/tree/main
--------------------------------------------------------------------------------
Update Information:
Rebuilt with rust-tar 0.4.45 for CVE-2026-33056
--------------------------------------------------------------------------------
ChangeLog:
* Mon Mar 23 2026 Benjamin A. Beasley [code@musicinmybrain.net] - 0.0.6-8
- Rebuilt with rust-tar 0.4.45 for CVE-2026-33056
- Update License expression based on a current Rawhide build
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-27e6e0b664' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 44 Update: rust-resctl-bench-2.2.5-12.fc44
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-12baf239f8
2026-03-31 14:46:13.737777+00:00
--------------------------------------------------------------------------------
Name : rust-resctl-bench
Product : Fedora 44
Version : 2.2.5
Release : 12.fc44
URL : https://crates.io/crates/resctl-bench
Summary : Whole system resource control benchmarks with realistic scenarios
Description :
resctl-bench is a collection of whole-system benchmarks to evaluate resource
control and hardware behaviors using realistic simulated workloads.
Comprehensive resource control involves the whole system. Furthermore, testing
resource control end-to-end requires scenarios involving realistic workloads
and monitoring their interactions. The combination makes benchmarking resource
control challenging and error-prone. It's easy to slip up on a configuration
and testing with real workloads can be tedious and unreliable.
resctl-bench encapsulates the whole process so that resource control benchmarks
can be performed easily and reliably. It verifies and updates system
configurations, reproduces resource contention scenarios with a realistic
latency-sensitive workload simulator and other secondary workloads, analyzes
the resulting system and workload behaviors, and generates easily
understandable reports.
--------------------------------------------------------------------------------
Update Information:
Rebuilt with rust-tar 0.4.45 for CVE-2026-33056
--------------------------------------------------------------------------------
ChangeLog:
* Mon Mar 23 2026 Benjamin A. Beasley [code@musicinmybrain.net] - 2.2.5-12
- Rebuilt with rust-tar 0.4.45 for CVE-2026-33056
- Updated the License expression
* Mon Mar 23 2026 Benjamin A. Beasley [code@musicinmybrain.net] - 2.2.5-11
- Rebuilt with rust-tar 0.4.45 for CVE-2026-33056
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2450241 - rust-resctl-bench: tar-rs: Arbitrary directory permission modification via crafted tar archive
https://bugzilla.redhat.com/show_bug.cgi?id=2450241
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-12baf239f8' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 44 Update: cpp-httplib-0.38.0-1.fc44
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-03599f0b32
2026-03-31 14:46:13.737745+00:00
--------------------------------------------------------------------------------
Name : cpp-httplib
Product : Fedora 44
Version : 0.38.0
Release : 1.fc44
URL : https://github.com/yhirose/cpp-httplib
Summary : A C++11 single-file header-only cross platform HTTP/HTTPS library
Description :
A C++11 single-file header-only cross platform HTTP/HTTPS library.
It's extremely easy to setup. Just include the httplib.h file in your code!
--------------------------------------------------------------------------------
Update Information:
Update to 0.38.0 (rhbz#2447261)
Filename sanitization for path traversal prevention ??? Added sanitize_filename()
to prevent path traversal attacks via malicious filenames in multipart uploads
(83e98a2)
Symlink protection in static file server ??? Static file serving now detects and
rejects symlinks that point outside the mount directory, preventing symlink-
based directory traversal (f787f31)
Brotli compression support ??? Added Brotli (br) as a supported content encoding
alongside gzip and deflate (ec1ffbc)
Accept-Encoding quality parameter parsing ??? The server now parses q= quality
values in the Accept-Encoding header and selects the best encoding accordingly
(bb7c7ab)
SSL proxy connection support ??? SSLClient can now establish connections through
HTTPS proxies, with a new setup_proxy_connection method for cleaner proxy
handling (f6ed5fc, b1bb2b7)
WebSocket ping interval runtime configuration ??? WebSocket ping interval can now
be configured at runtime instead of only at compile time (257b266)
Benchmark test suite ??? Added benchmark tests and configurations for performance
evaluation (ba0d0b8)
Unicode path component decoding tests ??? Added test coverage for Unicode
characters in decode_path_component (43a54a3)
Documentation updates ??? Enhanced TLS backend documentation with platform-
specific certificate handling details; clarified progress callback usage and
user data handling in examples (511e3ef, 2e61fd3)
Fix port conflict in test ??? Fixed port number in
OpenStreamMalformedContentLength test to avoid conflicts (4978f26)
Removed large data tests for GzipDecompressor and SSLClientServerTest that
caused memory issues (5ecba74, 69d468f)
Enabled BindDualStack test (69d468f)
Source: https://github.com/yhirose/cpp-httplib/releases/tag/v0.38.0
Fixes silent TLS certificate verification bypass on HTTPS Redirect via
proxy (CVE-2026-32627, rhbz#2448105)
Source: https://github.com/yhirose/cpp-httplib/releases/tag/v0.37.2
--------------------------------------------------------------------------------
ChangeLog:
* Tue Mar 17 2026 Petr Men????k [pemensik@redhat.com] - 0.38.0-1
- Update to 0.38.0 (rhbz#2447261)
* Tue Mar 17 2026 Petr Men????k [pemensik@redhat.com] - 0.37.2-1
- Update to 0.37.2
- Fixes silent TLS certificate verification bypass on HTTPS Redirect via
proxy (CVE-2026-32627, rhbz#2448105)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2447261 - cpp-httplib-0.38.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2447261
[ 2 ] Bug #2448105 - CVE-2026-32627 cpp-httplib: silent TLS certificate verification bypass on HTTPS Redirect via proxy [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2448105
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-03599f0b32' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
[SECURITY] Fedora 42 Update: xen-4.19.5-1.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-f04da48123
2026-04-01 01:08:42.227745+00:00
--------------------------------------------------------------------------------
Name : xen
Product : Fedora 42
Version : 4.19.5
Release : 1.fc42
URL : http://xen.org/
Summary : Xen is a virtual machine monitor
Description :
This package contains the XenD daemon and xm command line
tools, needed to manage virtual machines running under the
Xen hypervisor
--------------------------------------------------------------------------------
Update Information:
update to xen 4.19.5
Use after free of paging structures in EPT [XSA-480, CVE-2026-23554]
Xenstored DoS by unprivileged domain [XSA-481, CVE-2026-23555]
--------------------------------------------------------------------------------
ChangeLog:
* Fri Mar 27 2026 Michael Young [m.a.young@durham.ac.uk] - 4.19.5-1
- update to xen 4.19.5
remove patches now included or superceded upstream
* Wed Mar 18 2026 Michael Young [m.a.young@durham.ac.uk] - 4.19.4-3
- Use after free of paging structures in EPT [XSA-480, CVE-2026-23554]
- Xenstored DoS by unprivileged domain [XSA-481, CVE-2026-23555]
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2450273 - CVE-2026-23554 xen: Xen: Information disclosure and potential privilege escalation via use-after-free in EPT paging [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2450273
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-f04da48123' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 42 Update: insight-18.0.50.20260306-2.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-62cea4650e
2026-04-01 01:08:42.227712+00:00
--------------------------------------------------------------------------------
Name : insight
Product : Fedora 42
Version : 18.0.50.20260306
Release : 2.fc42
URL : https://www.sourceware.org/insight/
Summary : Graphical debugger based on GDB
Description :
Insight is a tight graphical user interface to GDB written in Tcl/Tk.
It provides a comprehensive interface that enables users to harness
most of GDB's power. It's also probably the only up-to-date UI for
the latest GDB version.
--------------------------------------------------------------------------------
Update Information:
Fix CVE-2026-4647.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Mar 23 2026 Patrick Monnerat [patrick@monnerat.net] 18.0.50.20260306-2
- Patch "cve-2026-4647" to fix CVE-2026-4647.
https://bugzilla.redhat.com/show_bug.cgi?id=2450318
- Always use Tcl/Tk version 9.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2450318 - CVE-2026-4647 insight: Out-of-Bounds Read in XCOFF Relocation Processing in GNU Binutils BFD Library [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2450318
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-62cea4650e' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 42 Update: firefox-149.0-4.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-a026a1b0c5
2026-04-01 01:08:42.227737+00:00
--------------------------------------------------------------------------------
Name : firefox
Product : Fedora 42
Version : 149.0
Release : 4.fc42
URL : https://www.mozilla.org/firefox/
Summary : Mozilla Firefox Web browser
Description :
Mozilla Firefox is an open-source web browser, designed for standards
compliance, performance and portability.
--------------------------------------------------------------------------------
Update Information:
Fix blurry popups on some fraction scales (mzbz#2019668)
--------------------------------------------------------------------------------
ChangeLog:
* Wed Mar 25 2026 Martin Stransky [stransky@redhat.com] - 149.0-4
- Add fix for mzbz#2019668 - blurry popups on fractional scales
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-a026a1b0c5' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 42 Update: rust-resctl-bench-2.2.5-12.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-dd42661781
2026-04-01 01:08:42.227699+00:00
--------------------------------------------------------------------------------
Name : rust-resctl-bench
Product : Fedora 42
Version : 2.2.5
Release : 12.fc42
URL : https://crates.io/crates/resctl-bench
Summary : Whole system resource control benchmarks with realistic scenarios
Description :
resctl-bench is a collection of whole-system benchmarks to evaluate resource
control and hardware behaviors using realistic simulated workloads.
Comprehensive resource control involves the whole system. Furthermore, testing
resource control end-to-end requires scenarios involving realistic workloads
and monitoring their interactions. The combination makes benchmarking resource
control challenging and error-prone. It's easy to slip up on a configuration
and testing with real workloads can be tedious and unreliable.
resctl-bench encapsulates the whole process so that resource control benchmarks
can be performed easily and reliably. It verifies and updates system
configurations, reproduces resource contention scenarios with a realistic
latency-sensitive workload simulator and other secondary workloads, analyzes
the resulting system and workload behaviors, and generates easily
understandable reports.
--------------------------------------------------------------------------------
Update Information:
Rebuilt with rust-tar 0.4.45 for CVE-2026-33056
--------------------------------------------------------------------------------
ChangeLog:
* Mon Mar 23 2026 Benjamin A. Beasley [code@musicinmybrain.net] - 2.2.5-12
- Rebuilt with rust-tar 0.4.45 for CVE-2026-33056
- Updated the License expression
* Mon Mar 23 2026 Benjamin A. Beasley [code@musicinmybrain.net] - 2.2.5-11
- Rebuilt with rust-tar 0.4.45 for CVE-2026-33056
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2450241 - rust-resctl-bench: tar-rs: Arbitrary directory permission modification via crafted tar archive
https://bugzilla.redhat.com/show_bug.cgi?id=2450241
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-dd42661781' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 42 Update: rust-cargo-vendor-filterer-0.5.18-4.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-1a04e4e1ed
2026-04-01 01:08:42.227669+00:00
--------------------------------------------------------------------------------
Name : rust-cargo-vendor-filterer
Product : Fedora 42
Version : 0.5.18
Release : 4.fc42
URL : https://crates.io/crates/cargo-vendor-filterer
Summary : Cargo vendor, but with filtering for platforms and more
Description :
`cargo vendor`, but with filtering for platforms and more.
--------------------------------------------------------------------------------
Update Information:
Rebuilt with rust-tar 0.4.45 for CVE-2026-33056
--------------------------------------------------------------------------------
ChangeLog:
* Sun Mar 22 2026 Benjamin A. Beasley [code@musicinmybrain.net] - 0.5.18-4
- Rebuilt with rust-tar 0.4.45 for CVE-2026-33056
- Updated the License expression based on a current Rawhide build
* Sat Jan 17 2026 Fedora Release Engineering [releng@fedoraproject.org] - 0.5.18-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-1a04e4e1ed' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 42 Update: cpp-httplib-0.37.2-1.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-04a531cece
2026-04-01 01:08:42.227682+00:00
--------------------------------------------------------------------------------
Name : cpp-httplib
Product : Fedora 42
Version : 0.37.2
Release : 1.fc42
URL : https://github.com/yhirose/cpp-httplib
Summary : A C++11 single-file header-only cross platform HTTP/HTTPS library
Description :
A C++11 single-file header-only cross platform HTTP/HTTPS library.
It's extremely easy to setup. Just include the httplib.h file in your code!
--------------------------------------------------------------------------------
Update Information:
Update to 0.37.2
Fixes silent TLS certificate verification bypass on HTTPS Redirect via
proxy (CVE-2026-32627, rhbz#2448105)
Source: https://github.com/yhirose/cpp-httplib/releases/tag/v0.37.2
--------------------------------------------------------------------------------
ChangeLog:
* Tue Mar 17 2026 Petr Men????k [pemensik@redhat.com] - 0.37.2-1
- Update to 0.37.2
- Fixes silent TLS certificate verification bypass on HTTPS Redirect via
proxy (CVE-2026-32627, rhbz#2448105)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2448105 - CVE-2026-32627 cpp-httplib: silent TLS certificate verification bypass on HTTPS Redirect via proxy [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2448105
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-04a531cece' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
[SECURITY] Fedora 42 Update: rust-cargo-rpmstatus-0.2.4-3.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-433d51e09b
2026-04-01 01:08:42.227661+00:00
--------------------------------------------------------------------------------
Name : rust-cargo-rpmstatus
Product : Fedora 42
Version : 0.2.4
Release : 3.fc42
URL : https://crates.io/crates/cargo-rpmstatus
Summary : Cargo-tree for RPM packaging
Description :
Cargo-tree for RPM packaging.
--------------------------------------------------------------------------------
Update Information:
Rebuilt with rust-tar 0.4.45 for CVE-2026-33056
--------------------------------------------------------------------------------
ChangeLog:
* Sun Mar 22 2026 Benjamin A. Beasley [code@musicinmybrain.net] - 0.2.4-3
- Rebuilt with rust-tar 0.4.45 for CVE-2026-33056
- Fixes RHBZ#2423511
* Sat Jan 17 2026 Fedora Release Engineering [releng@fedoraproject.org] - 0.2.4-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-433d51e09b' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 43 Update: python-gstreamer1-1.26.11-1.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-e77ad9d792
2026-04-01 00:56:24.864678+00:00
--------------------------------------------------------------------------------
Name : python-gstreamer1
Product : Fedora 43
Version : 1.26.11
Release : 1.fc43
URL : http://gstreamer.freedesktop.org/
Summary : Python bindings for GStreamer
Description :
This module contains PyGObject overrides to make it easier to write
applications that use GStreamer 1.x in Python.
--------------------------------------------------------------------------------
Update Information:
1.26.11
--------------------------------------------------------------------------------
ChangeLog:
* Mon Mar 30 2026 Gwyn Ciesla [gwync@protonmail.com] - 1.26.11-1
- 1.26.11
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-e77ad9d792' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 43 Update: gstreamer1-vaapi-1.26.11-1.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-e77ad9d792
2026-04-01 00:56:24.864678+00:00
--------------------------------------------------------------------------------
Name : gstreamer1-vaapi
Product : Fedora 43
Version : 1.26.11
Release : 1.fc43
URL : https://cgit.freedesktop.org/gstreamer/gstreamer-vaapi
Summary : GStreamer plugins to use VA API video acceleration
Description :
A collection of GStreamer plugins to let you make use of VA API video
acceleration from GStreamer applications.
Includes elements for video decoding, display, encoding and post-processing
using VA API (subject to hardware limitations).
--------------------------------------------------------------------------------
Update Information:
1.26.11
--------------------------------------------------------------------------------
ChangeLog:
* Mon Mar 30 2026 Gwyn Ciesla [gwync@protonmail.com] - 1.26.11-1
- 1.26.11
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-e77ad9d792' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 43 Update: gstreamer1-rtsp-server-1.26.11-1.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-e77ad9d792
2026-04-01 00:56:24.864678+00:00
--------------------------------------------------------------------------------
Name : gstreamer1-rtsp-server
Product : Fedora 43
Version : 1.26.11
Release : 1.fc43
URL : http://gstreamer.freedesktop.org/
Summary : GStreamer RTSP server library
Description :
A GStreamer-based RTSP server library.
--------------------------------------------------------------------------------
Update Information:
1.26.11
--------------------------------------------------------------------------------
ChangeLog:
* Mon Mar 30 2026 Gwyn Ciesla [gwync@protonmail.com] - 1.26.11-1
- 1.26.11
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-e77ad9d792' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 43 Update: gstreamer1-plugins-bad-free-1.26.11-1.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-e77ad9d792
2026-04-01 00:56:24.864678+00:00
--------------------------------------------------------------------------------
Name : gstreamer1-plugins-bad-free
Product : Fedora 43
Version : 1.26.11
Release : 1.fc43
URL : http://gstreamer.freedesktop.org/
Summary : GStreamer streaming media framework "bad" plugins
Description :
GStreamer is a streaming media framework, based on graphs of elements which
operate on media data.
This package contains plug-ins that aren't tested well enough, or the code
is not of good enough quality.
--------------------------------------------------------------------------------
Update Information:
1.26.11
--------------------------------------------------------------------------------
ChangeLog:
* Mon Mar 30 2026 Gwyn Ciesla [gwync@protonmail.com] - 1.26.11-1
- 1.26.11
* Mon Feb 16 2026 Marcin Juszkiewicz [mjuszkiewicz@redhat.com] - 1.26.10-2
- Disable onnx on riscv64 port
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-e77ad9d792' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 43 Update: gstreamer1-plugins-ugly-free-1.26.11-1.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-e77ad9d792
2026-04-01 00:56:24.864678+00:00
--------------------------------------------------------------------------------
Name : gstreamer1-plugins-ugly-free
Product : Fedora 43
Version : 1.26.11
Release : 1.fc43
URL : http://gstreamer.freedesktop.org/
Summary : GStreamer streaming media framework "ugly" plugins
Description :
GStreamer is a streaming media framework, based on graphs of elements which
operate on media data.
This package contains plug-ins whose license is not fully compatible with LGPL.
--------------------------------------------------------------------------------
Update Information:
1.26.11
--------------------------------------------------------------------------------
ChangeLog:
* Mon Mar 30 2026 Gwyn Ciesla [gwync@protonmail.com] - 1.26.11-1
- 1.26.11
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-e77ad9d792' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 43 Update: gstreamer1-doc-1.26.11-1.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-e77ad9d792
2026-04-01 00:56:24.864678+00:00
--------------------------------------------------------------------------------
Name : gstreamer1-doc
Product : Fedora 43
Version : 1.26.11
Release : 1.fc43
URL : http://gstreamer.freedesktop.org/
Summary : GStreamer documentation
Description :
GStreamer documentation.
--------------------------------------------------------------------------------
Update Information:
1.26.11
--------------------------------------------------------------------------------
ChangeLog:
* Mon Mar 30 2026 Gwyn Ciesla [gwync@protonmail.com] - 1.26.11-1
- 1.26.11
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-e77ad9d792' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 43 Update: gstreamer1-1.26.11-1.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-e77ad9d792
2026-04-01 00:56:24.864678+00:00
--------------------------------------------------------------------------------
Name : gstreamer1
Product : Fedora 43
Version : 1.26.11
Release : 1.fc43
URL : http://gstreamer.freedesktop.org/
Summary : GStreamer streaming media framework runtime
Description :
GStreamer is a streaming media framework, based on graphs of filters which
operate on media data. Applications using this library can do anything
from real-time sound processing to playing videos, and just about anything
else media-related. Its plugin-based architecture means that new data
types or processing capabilities can be added simply by installing new
plugins.
--------------------------------------------------------------------------------
Update Information:
1.26.11
--------------------------------------------------------------------------------
ChangeLog:
* Mon Mar 30 2026 Gwyn Ciesla [gwync@protonmail.com] - 1.26.11-1
- 1.26.11
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-e77ad9d792' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 43 Update: gst-editing-services-1.26.11-1.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-e77ad9d792
2026-04-01 00:56:24.864678+00:00
--------------------------------------------------------------------------------
Name : gst-editing-services
Product : Fedora 43
Version : 1.26.11
Release : 1.fc43
URL : http://cgit.freedesktop.org/gstreamer/gst-editing-services/
Summary : Gstreamer editing services
Description :
This is a high-level library for facilitating the creation of audio/video
non-linear editors.
--------------------------------------------------------------------------------
Update Information:
1.26.11
--------------------------------------------------------------------------------
ChangeLog:
* Mon Mar 30 2026 Gwyn Ciesla [gwync@protonmail.com] - 1.26.11-1
- 1.26.11
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-e77ad9d792' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 43 Update: gst-devtools-1.26.11-1.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-e77ad9d792
2026-04-01 00:56:24.864678+00:00
--------------------------------------------------------------------------------
Name : gst-devtools
Product : Fedora 43
Version : 1.26.11
Release : 1.fc43
URL : https://gstreamer.freedesktop.org/src/gst-devtools
Summary : Development and debugging tools for GStreamer
Description :
Development and debugging tools for GStreamer.
--------------------------------------------------------------------------------
Update Information:
1.26.11
--------------------------------------------------------------------------------
ChangeLog:
* Mon Mar 30 2026 Gwyn Ciesla [gwync@protonmail.com] - 1.26.11-1
- 1.26.11
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-e77ad9d792' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 43 Update: gstreamer1-plugins-good-1.26.11-1.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-e77ad9d792
2026-04-01 00:56:24.864678+00:00
--------------------------------------------------------------------------------
Name : gstreamer1-plugins-good
Product : Fedora 43
Version : 1.26.11
Release : 1.fc43
URL : http://gstreamer.freedesktop.org/
Summary : GStreamer plugins with good code and licensing
Description :
GStreamer is a streaming media framework, based on graphs of filters which
operate on media data. Applications using this library can do anything
from real-time sound processing to playing videos, and just about anything
else media-related. Its plugin-based architecture means that new data
types or processing capabilities can be added simply by installing new
plugins.
GStreamer Good Plugins is a collection of well-supported plugins of
good quality and under the LGPL license.
--------------------------------------------------------------------------------
Update Information:
1.26.11
--------------------------------------------------------------------------------
ChangeLog:
* Mon Mar 30 2026 Gwyn Ciesla [gwync@protonmail.com] - 1.26.11-1
- 1.26.11
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-e77ad9d792' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 43 Update: gstreamer1-plugins-base-1.26.11-1.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-e77ad9d792
2026-04-01 00:56:24.864678+00:00
--------------------------------------------------------------------------------
Name : gstreamer1-plugins-base
Product : Fedora 43
Version : 1.26.11
Release : 1.fc43
URL : http://gstreamer.freedesktop.org/
Summary : GStreamer streaming media framework base plugins
Description :
GStreamer is a streaming media framework, based on graphs of filters which
operate on media data. Applications using this library can do anything
from real-time sound processing to playing videos, and just about anything
else media-related. Its plugin-based architecture means that new data
types or processing capabilities can be added simply by installing new
plug-ins.
This package contains a set of well-maintained base plug-ins.
--------------------------------------------------------------------------------
Update Information:
1.26.11
--------------------------------------------------------------------------------
ChangeLog:
* Mon Mar 30 2026 Gwyn Ciesla [gwync@protonmail.com] - 1.26.11-1
- 1.26.11
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-e77ad9d792' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 43 Update: gstreamer1-plugin-libav-1.26.11-1.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-e77ad9d792
2026-04-01 00:56:24.864678+00:00
--------------------------------------------------------------------------------
Name : gstreamer1-plugin-libav
Product : Fedora 43
Version : 1.26.11
Release : 1.fc43
URL : https://gstreamer.freedesktop.org/
Summary : GStreamer FFmpeg/LibAV plugin
Description :
GStreamer is a streaming media framework, based on graphs of filters which
operate on media data. Applications using this library can do anything
from real-time sound processing to playing videos, and just about anything
else media-related. Its plugin-based architecture means that new data
types or processing capabilities can be added simply by installing new
plugins.
This package provides FFmpeg/LibAV GStreamer plugin.
--------------------------------------------------------------------------------
Update Information:
1.26.11
--------------------------------------------------------------------------------
ChangeLog:
* Mon Mar 30 2026 Gwyn Ciesla [gwync@protonmail.com] - 1.26.11-1
- 1.26.11
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-e77ad9d792' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 43 Update: rust-1.94.1-1.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-99de392ccb
2026-04-01 00:56:24.864673+00:00
--------------------------------------------------------------------------------
Name : rust
Product : Fedora 43
Version : 1.94.1
Release : 1.fc43
URL : https://www.rust-lang.org
Summary : The Rust Programming Language
Description :
Rust is a systems programming language that runs blazingly fast, prevents
segfaults, and guarantees thread safety.
This package includes the Rust compiler and documentation generator.
--------------------------------------------------------------------------------
Update Information:
Update to 1.94.1
--------------------------------------------------------------------------------
ChangeLog:
* Thu Mar 26 2026 Paul Murphy [murp@redhat.com] - 1.94.1-1
- Update to Rust 1.94.1
* Tue Mar 17 2026 Jesus Checa Hidalgo [jchecahi@redhat.com] - 1.94.0-2
- Disable `package::publish_to_crates_io_warns` cargo test
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2449686 - CVE-2026-33056 rust: tar-rs: Arbitrary directory permission modification via crafted tar archive [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2449686
[ 2 ] Bug #2451697 - rust-1.94.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2451697
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-99de392ccb' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 43 Update: insight-18.0.50.20260306-2.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-0b2e9c67ef
2026-04-01 00:56:24.864658+00:00
--------------------------------------------------------------------------------
Name : insight
Product : Fedora 43
Version : 18.0.50.20260306
Release : 2.fc43
URL : https://www.sourceware.org/insight/
Summary : Graphical debugger based on GDB
Description :
Insight is a tight graphical user interface to GDB written in Tcl/Tk.
It provides a comprehensive interface that enables users to harness
most of GDB's power. It's also probably the only up-to-date UI for
the latest GDB version.
--------------------------------------------------------------------------------
Update Information:
Fix CVE-2026-4647.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Mar 23 2026 Patrick Monnerat [patrick@monnerat.net] 18.0.50.20260306-2
- Patch "cve-2026-4647" to fix CVE-2026-4647.
https://bugzilla.redhat.com/show_bug.cgi?id=2450318
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2450318 - CVE-2026-4647 insight: Out-of-Bounds Read in XCOFF Relocation Processing in GNU Binutils BFD Library [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2450318
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-0b2e9c67ef' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 43 Update: freerdp-3.24.2-1.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-f6fe509803
2026-04-01 00:56:24.864665+00:00
--------------------------------------------------------------------------------
Name : freerdp
Product : Fedora 43
Version : 3.24.2
Release : 1.fc43
URL : http://www.freerdp.com/
Summary : Free implementation of the Remote Desktop Protocol (RDP)
Description :
The xfreerdp & wlfreerdp Remote Desktop Protocol (RDP) clients from the FreeRDP
project.
xfreerdp & wlfreerdp can connect to RDP servers such as Microsoft Windows
machines, xrdp and VirtualBox.
--------------------------------------------------------------------------------
Update Information:
Update to 3.24.2
It fixes CVE-2026-33952, CVE-2026-33977, CVE-2026-33982, CVE-2026-33983,
CVE-2026-33984, CVE-2026-33985, CVE-2026-33986, CVE-2026-33987 and
CVE-2026-33995.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Mar 26 2026 Ondrej Holy [oholy@redhat.com] - 2:3.24.2-1
- Update to 3.24.2 (CVE-2026-33952, CVE-2026-33977, CVE-2026-33982,
CVE-2026-33983, CVE-2026-33984, CVE-2026-33985, CVE-2026-33986,
CVE-2026-33987, CVE-2026-33995)
Resolves: rhbz#2448592
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-f6fe509803' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 43 Update: rust-resctl-bench-2.2.5-12.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-d7252cbfc9
2026-04-01 00:56:24.864648+00:00
--------------------------------------------------------------------------------
Name : rust-resctl-bench
Product : Fedora 43
Version : 2.2.5
Release : 12.fc43
URL : https://crates.io/crates/resctl-bench
Summary : Whole system resource control benchmarks with realistic scenarios
Description :
resctl-bench is a collection of whole-system benchmarks to evaluate resource
control and hardware behaviors using realistic simulated workloads.
Comprehensive resource control involves the whole system. Furthermore, testing
resource control end-to-end requires scenarios involving realistic workloads
and monitoring their interactions. The combination makes benchmarking resource
control challenging and error-prone. It's easy to slip up on a configuration
and testing with real workloads can be tedious and unreliable.
resctl-bench encapsulates the whole process so that resource control benchmarks
can be performed easily and reliably. It verifies and updates system
configurations, reproduces resource contention scenarios with a realistic
latency-sensitive workload simulator and other secondary workloads, analyzes
the resulting system and workload behaviors, and generates easily
understandable reports.
--------------------------------------------------------------------------------
Update Information:
Rebuilt with rust-tar 0.4.45 for CVE-2026-33056
--------------------------------------------------------------------------------
ChangeLog:
* Mon Mar 23 2026 Benjamin A. Beasley [code@musicinmybrain.net] - 2.2.5-12
- Rebuilt with rust-tar 0.4.45 for CVE-2026-33056
- Updated the License expression
* Mon Mar 23 2026 Benjamin A. Beasley [code@musicinmybrain.net] - 2.2.5-11
- Rebuilt with rust-tar 0.4.45 for CVE-2026-33056
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2450241 - rust-resctl-bench: tar-rs: Arbitrary directory permission modification via crafted tar archive
https://bugzilla.redhat.com/show_bug.cgi?id=2450241
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-d7252cbfc9' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 43 Update: chunkah-0.3.2-1.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-1269948465
2026-04-01 00:56:24.864638+00:00
--------------------------------------------------------------------------------
Name : chunkah
Product : Fedora 43
Version : 0.3.2
Release : 1.fc43
URL : https://github.com/coreos/chunkah
Summary : OCI building tool for content-based container image layers
Description :
chunkah is an OCI building tool that takes a flat rootfs and outputs a
layered OCI image with content-based layers. It optimizes container image
layer reuse by grouping files based on their content (e.g., by RPM package)
rather than by Dockerfile instruction order.
It is a generalized successor to rpm-ostree's build-chunked-oci command.
--------------------------------------------------------------------------------
Update Information:
Automatic update for chunkah-0.3.2-1.fc43.
Changelog for chunkah
* Mon Mar 23 2026 Packit [hello@packit.dev] - 0.3.2-1
- Update to 0.3.2 upstream release
* Fri Mar 20 2026 Packit [hello@packit.dev] - 0.3.1-1
- Update to 0.3.1 upstream release
Automatic update for chunkah-0.3.1-1.fc43.
Changelog for chunkah
* Fri Mar 20 2026 Packit [hello@packit.dev] - 0.3.1-1
- Update to 0.3.1 upstream release
--------------------------------------------------------------------------------
ChangeLog:
* Mon Mar 23 2026 Packit [hello@packit.dev] - 0.3.2-1
- Update to 0.3.2 upstream release
* Fri Mar 20 2026 Packit [hello@packit.dev] - 0.3.1-1
- Update to 0.3.1 upstream release
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2449673 - CVE-2026-33056 chunkah: tar-rs: Arbitrary directory permission modification via crafted tar archive [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2449673
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-1269948465' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 43 Update: cpp-httplib-0.38.0-1.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-e76feaf213
2026-04-01 00:56:24.864633+00:00
--------------------------------------------------------------------------------
Name : cpp-httplib
Product : Fedora 43
Version : 0.38.0
Release : 1.fc43
URL : https://github.com/yhirose/cpp-httplib
Summary : A C++11 single-file header-only cross platform HTTP/HTTPS library
Description :
A C++11 single-file header-only cross platform HTTP/HTTPS library.
It's extremely easy to setup. Just include the httplib.h file in your code!
--------------------------------------------------------------------------------
Update Information:
Update to 0.38.0 (rhbz#2447261)
Filename sanitization for path traversal prevention ??? Added sanitize_filename()
to prevent path traversal attacks via malicious filenames in multipart uploads
(83e98a2)
Symlink protection in static file server ??? Static file serving now detects and
rejects symlinks that point outside the mount directory, preventing symlink-
based directory traversal (f787f31)
Brotli compression support ??? Added Brotli (br) as a supported content encoding
alongside gzip and deflate (ec1ffbc)
Accept-Encoding quality parameter parsing ??? The server now parses q= quality
values in the Accept-Encoding header and selects the best encoding accordingly
(bb7c7ab)
SSL proxy connection support ??? SSLClient can now establish connections through
HTTPS proxies, with a new setup_proxy_connection method for cleaner proxy
handling (f6ed5fc, b1bb2b7)
WebSocket ping interval runtime configuration ??? WebSocket ping interval can now
be configured at runtime instead of only at compile time (257b266)
Benchmark test suite ??? Added benchmark tests and configurations for performance
evaluation (ba0d0b8)
Unicode path component decoding tests ??? Added test coverage for Unicode
characters in decode_path_component (43a54a3)
Documentation updates ??? Enhanced TLS backend documentation with platform-
specific certificate handling details; clarified progress callback usage and
user data handling in examples (511e3ef, 2e61fd3)
Fix port conflict in test ??? Fixed port number in
OpenStreamMalformedContentLength test to avoid conflicts (4978f26)
Removed large data tests for GzipDecompressor and SSLClientServerTest that
caused memory issues (5ecba74, 69d468f)
Enabled BindDualStack test (69d468f)
Source: https://github.com/yhirose/cpp-httplib/releases/tag/v0.38.0
Fixes silent TLS certificate verification bypass on HTTPS Redirect via
proxy (CVE-2026-32627, rhbz#2448105)
Source: https://github.com/yhirose/cpp-httplib/releases/tag/v0.37.2
--------------------------------------------------------------------------------
ChangeLog:
* Tue Mar 17 2026 Petr Men????k [pemensik@redhat.com] - 0.38.0-1
- Update to 0.38.0 (rhbz#2447261)
* Tue Mar 17 2026 Petr Men????k [pemensik@redhat.com] - 0.37.2-1
- Update to 0.37.2
- Fixes silent TLS certificate verification bypass on HTTPS Redirect via
proxy (CVE-2026-32627, rhbz#2448105)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2447261 - cpp-httplib-0.38.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2447261
[ 2 ] Bug #2448105 - CVE-2026-32627 cpp-httplib: silent TLS certificate verification bypass on HTTPS Redirect via proxy [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2448105
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-e76feaf213' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
[SECURITY] Fedora 43 Update: rust-cargo-vendor-filterer-0.5.18-4.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-f0710d7a56
2026-04-01 00:56:24.864624+00:00
--------------------------------------------------------------------------------
Name : rust-cargo-vendor-filterer
Product : Fedora 43
Version : 0.5.18
Release : 4.fc43
URL : https://crates.io/crates/cargo-vendor-filterer
Summary : Cargo vendor, but with filtering for platforms and more
Description :
`cargo vendor`, but with filtering for platforms and more.
--------------------------------------------------------------------------------
Update Information:
Rebuilt with rust-tar 0.4.45 for CVE-2026-33056
--------------------------------------------------------------------------------
ChangeLog:
* Sun Mar 22 2026 Benjamin A. Beasley [code@musicinmybrain.net] - 0.5.18-4
- Rebuilt with rust-tar 0.4.45 for CVE-2026-33056
- Updated the License expression based on a current Rawhide build
* Sat Jan 17 2026 Fedora Release Engineering [releng@fedoraproject.org] - 0.5.18-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-f0710d7a56' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
