Fedora 42 Update: python3.6-3.6.15-55.fc42
Fedora 42 Update: python3.11-3.11.15-2.fc42
Fedora 42 Update: rust-ingredients-0.2.2-3.fc42
Fedora 42 Update: rust-cargo-c-0.10.19-2.fc42
Fedora 42 Update: rustup-1.29.0-2.fc42
Fedora 42 Update: rust-sequoia-chameleon-gnupg-0.13.1-11.fc42
Fedora 42 Update: rust-pty-process-0.5.3-1.fc42
Fedora 42 Update: uv-0.10.12-1.fc42
Fedora 42 Update: rust-nix-0.31.2-1.fc42
Fedora 42 Update: rust-tar-0.4.45-1.fc42
Fedora 42 Update: python-fastar-0.8.0-4.fc42
Fedora 42 Update: maturin-1.9.6-4.fc42
Fedora 42 Update: rust-astral-tokio-tar-0.6.0-1.fc42
Fedora 42 Update: python-uv-build-0.10.12-1.fc42
Fedora 43 Update: python3.6-3.6.15-55.fc43
Fedora 43 Update: python3.11-3.11.15-2.fc43
Fedora 43 Update: python-ply-3.11-33.fc43
Fedora 43 Update: python3.13-3.13.12-2.fc43
Fedora 43 Update: bind-dyndb-ldap-11.11-11.fc43
Fedora 43 Update: bind-9.18.47-1.fc43
Fedora 43 Update: chromium-146.0.7680.164-1.fc43
Fedora 43 Update: rust-cargo-c-0.10.19-2.fc43
Fedora 43 Update: rust-ingredients-0.2.2-3.fc43
Fedora 43 Update: rustup-1.29.0-2.fc43
Fedora 43 Update: pypy3.10-7.3.19-11.3.10.fc43
Fedora 43 Update: pypy-7.3.21-3.fc43
Fedora 43 Update: rust-sequoia-chameleon-gnupg-0.13.1-11.fc43
Fedora 43 Update: rust-pty-process-0.5.3-1.fc43
Fedora 44 Update: python3.6-3.6.15-55.fc44
Fedora 44 Update: python3.11-3.11.15-2.fc44
Fedora 44 Update: python3.13-3.13.12-2.fc44
Fedora 44 Update: python-ply-3.11-33.fc44
Fedora 44 Update: rust-ingredients-0.2.2-3.fc44
Fedora 44 Update: rust-cargo-c-0.10.19-2.fc44
Fedora 44 Update: rustup-1.29.0-2.fc44
Fedora 44 Update: pypy3.10-7.3.19-11.3.10.fc44
Fedora 44 Update: pypy-7.3.21-3.fc44
Fedora 44 Update: rust-pty-process-0.5.3-1.fc44
Fedora 44 Update: rust-sequoia-chameleon-gnupg-0.13.1-11.fc44
[SECURITY] Fedora 42 Update: python3.6-3.6.15-55.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-156169f944
2026-03-29 01:07:01.422678+00:00
--------------------------------------------------------------------------------
Name : python3.6
Product : Fedora 42
Version : 3.6.15
Release : 55.fc42
URL : https://www.python.org/
Summary : Version 3.6 of the Python interpreter
Description :
Python 3.6 package for developers.
This package exists to allow developers to test their code against an older
version of Python. This is not a full Python stack and if you wish to run
your applications with Python 3.6, see other distributions
that support it, such as CentOS or RHEL with Software Collections
or older Fedora releases.
--------------------------------------------------------------------------------
Update Information:
Security fix for CVE-2026-4519.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Mar 26 2026 Lum??r Balhar [lbalhar@redhat.com] - 3.6.15-55
- Security fix for CVE-2026-4519 (rhbz#2449733)
* Thu Mar 12 2026 Miro Hron??ok [mhroncok@redhat.com] - 3.6.15-54
- Rebuilt for improvements of %python_wheel_inject_sbom in python-rpm-macros-3.14-11
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2449733 - CVE-2026-4519 python3.6: Python: Command-line option injection in webbrowser.open() via crafted URLs [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2449733
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-156169f944' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
[SECURITY] Fedora 42 Update: python3.11-3.11.15-2.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-a0b1d4b9fa
2026-03-29 01:07:01.422675+00:00
--------------------------------------------------------------------------------
Name : python3.11
Product : Fedora 42
Version : 3.11.15
Release : 2.fc42
URL : https://www.python.org/
Summary : Version 3.11 of the Python interpreter
Description :
Python 3.11 is an accessible, high-level, dynamically typed, interpreted
programming language, designed with an emphasis on code readability.
It includes an extensive standard library, and has a vast ecosystem of
third-party libraries.
The python3.11 package provides the "python3.11" executable: the reference
interpreter for the Python language, version 3.
The majority of its standard library is provided in the python3.11-libs package,
which should be installed automatically along with python3.11.
The remaining parts of the Python standard library are broken out into the
python3.11-tkinter and python3.11-test packages, which may need to be installed
separately.
Documentation for Python is provided in the python3.11-docs package.
Packages containing additional libraries for Python are generally named with
the "python3.11-" prefix.
--------------------------------------------------------------------------------
Update Information:
Security fix for CVE-2026-4519.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Mar 26 2026 Lum??r Balhar [lbalhar@redhat.com] - 3.11.15-2
- Security fix for CVE-2026-4519 (rhbz#2449727)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2449727 - CVE-2026-4519 python3.11: Python: Command-line option injection in webbrowser.open() via crafted URLs [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2449727
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-a0b1d4b9fa' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
[SECURITY] Fedora 42 Update: rust-ingredients-0.2.2-3.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-1c54435571
2026-03-29 01:07:01.422661+00:00
--------------------------------------------------------------------------------
Name : rust-ingredients
Product : Fedora 42
Version : 0.2.2
Release : 3.fc42
URL : https://crates.io/crates/ingredients
Summary : Check ingredients of published Rust crates
Description :
Check ingredients of published Rust crates.
--------------------------------------------------------------------------------
Update Information:
Rebuilt with rust-tar 0.4.45 for CVE-2026-33056
--------------------------------------------------------------------------------
ChangeLog:
* Mon Mar 23 2026 Benjamin A. Beasley [code@musicinmybrain.net] - 0.2.2-3
- Rebuilt with rust-tar 0.4.45 for CVE-2026-33056
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-1c54435571' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 42 Update: rust-cargo-c-0.10.19-2.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-82783c3c1d
2026-03-29 01:07:01.422657+00:00
--------------------------------------------------------------------------------
Name : rust-cargo-c
Product : Fedora 42
Version : 0.10.19
Release : 2.fc42
URL : https://crates.io/crates/cargo-c
Summary : Helper program to build and install c-like libraries
Description :
Helper program to build and install c-like libraries.
--------------------------------------------------------------------------------
Update Information:
Rebuilt with rust-tar 0.4.45 for CVE-2026-33056
--------------------------------------------------------------------------------
ChangeLog:
* Sun Mar 22 2026 Benjamin A. Beasley [code@musicinmybrain.net] - 0.10.19-2
- Rebuilt with rust-tar 0.4.45 for CVE-2026-33056
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-82783c3c1d' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 42 Update: rustup-1.29.0-2.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-609bc373aa
2026-03-29 01:07:01.422652+00:00
--------------------------------------------------------------------------------
Name : rustup
Product : Fedora 42
Version : 1.29.0
Release : 2.fc42
URL : https://github.com/rust-lang/rustup
Summary : Manage multiple rust installations with ease
Description :
Manage multiple rust installations with ease.
--------------------------------------------------------------------------------
Update Information:
Rebuilt with rust-tar 0.4.45 for CVE-2026-33056
--------------------------------------------------------------------------------
ChangeLog:
* Sun Mar 22 2026 Benjamin A. Beasley [code@musicinmybrain.net] - 1.29.0-2
- Rebuilt with rust-tar 0.4.45 for CVE-2026-33056
- Fixes RHBZ#2449688
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2449688 - CVE-2026-33056 rustup: tar-rs: Arbitrary directory permission modification via crafted tar archive [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2449688
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-609bc373aa' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 42 Update: rust-sequoia-chameleon-gnupg-0.13.1-11.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-8f1d7b6821
2026-03-29 01:07:01.422551+00:00
--------------------------------------------------------------------------------
Name : rust-sequoia-chameleon-gnupg
Product : Fedora 42
Version : 0.13.1
Release : 11.fc42
URL : https://crates.io/crates/sequoia-chameleon-gnupg
Summary : Sequoia's reimplementation of the GnuPG interface
Description :
Sequoia's reimplementation of the GnuPG interface.
--------------------------------------------------------------------------------
Update Information:
Rebuild rust-sequoia-chameleon-gnupg with rust-tar 0.4.45 for CVE-2026-33056.
Update rust-pty-process to 0.5.3, and adjust the dev-dependency in rust-sequoia-
chameleon-gnupg to allow it.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Mar 23 2026 Benjamin A. Beasley [code@musicinmybrain.net] - 0.13.1-11
- Rebuilt with rust-tar 0.4.45 for CVE-2026-33056
* Tue Mar 17 2026 Benjamin A. Beasley [code@musicinmybrain.net] - 0.13.1-10
- Update pty-process dev-dependency from v0.4 to v0.5
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2344560 - rust-pty-process-0.5.3 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2344560
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-8f1d7b6821' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 42 Update: rust-pty-process-0.5.3-1.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-8f1d7b6821
2026-03-29 01:07:01.422551+00:00
--------------------------------------------------------------------------------
Name : rust-pty-process
Product : Fedora 42
Version : 0.5.3
Release : 1.fc42
URL : https://crates.io/crates/pty-process
Summary : Spawn commands attached to a pty
Description :
Spawn commands attached to a pty.
--------------------------------------------------------------------------------
Update Information:
Rebuild rust-sequoia-chameleon-gnupg with rust-tar 0.4.45 for CVE-2026-33056.
Update rust-pty-process to 0.5.3, and adjust the dev-dependency in rust-sequoia-
chameleon-gnupg to allow it.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Mar 17 2026 Benjamin A. Beasley [code@musicinmybrain.net] - 0.5.3-1
- Update to version 0.5.3; Fixes RHBZ#2344560
* Sat Jan 17 2026 Fedora Release Engineering [releng@fedoraproject.org] - 0.4.0-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
* Fri Jul 25 2025 Fedora Release Engineering [releng@fedoraproject.org] - 0.4.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2344560 - rust-pty-process-0.5.3 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2344560
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-8f1d7b6821' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 42 Update: uv-0.10.12-1.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-23bb71ea52
2026-03-29 01:07:01.422539+00:00
--------------------------------------------------------------------------------
Name : uv
Product : Fedora 42
Version : 0.10.12
Release : 1.fc42
URL : https://github.com/astral-sh/uv
Summary : An extremely fast Python package installer and resolver, written in Rust
Description :
An extremely fast Python package and project manager, written in Rust.
Highlights:
??? A single tool to replace pip, pip-tools, pipx, poetry, pyenv, twine,
virtualenv, and more.
??? 10-100x faster than pip.
??? Provides comprehensive project management, with a universal lockfile.
??? Runs scripts, with support for inline dependency metadata.
??? Installs and manages Python versions.
??? Runs and installs tools published as Python packages.
??? Includes a pip-compatible interface for a performance boost with a familiar
CLI.
??? Supports Cargo-style workspaces for scalable projects.
??? Disk-space efficient, with a global cache for dependency deduplication.
--------------------------------------------------------------------------------
Update Information:
Update rust-astral-tokio-tar to 0.6.0, fixing CVE-2026-32766. Update rust-tar to
0.4.45, fixing CVE-2026-33056. Update rust-nix to 0.31.2. Update uv and python-
uv-build to 0.10.2, rebuilding them with the latest rust-astral-tokio-tar and
rust-tar. Update python-fastar to 0.9.0, rebuilding it with the lastest rust-
tar. Rebuild maturin with the latest rust-tar.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Mar 20 2026 Benjamin A. Beasley [code@musicinmybrain.net] - 0.10.12-1
- Update to 0.10.12 (close RHBZ#2449243)
* Tue Mar 17 2026 Benjamin A. Beasley [code@musicinmybrain.net] - 0.10.11-1
- Update to 0.10.11 (close RHBZ#2448300)
* Sun Mar 15 2026 Benjamin A. Beasley [code@musicinmybrain.net] - 0.10.10-1
- Update to 0.10.10 (close RHBZ#2447540)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2448054 - rust-astral-tokio-tar-0.6.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2448054
[ 2 ] Bug #2449243 - uv-0.10.12 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2449243
[ 3 ] Bug #2449274 - rust-tar-0.4.45 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2449274
[ 4 ] Bug #2449338 - python-uv-build-0.10.12 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2449338
[ 5 ] Bug #2449547 - CVE-2026-32766 python-uv-build: astral-tokio-tar: Potential archive misinterpretation via malformed PAX extensions [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2449547
[ 6 ] Bug #2449549 - CVE-2026-32766 uv: astral-tokio-tar: Potential archive misinterpretation via malformed PAX extensions [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2449549
[ 7 ] Bug #2449645 - python-fastar-0.9.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2449645
[ 8 ] Bug #2449681 - CVE-2026-33056 maturin: tar-rs: Arbitrary directory permission modification via crafted tar archive [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2449681
[ 9 ] Bug #2449683 - CVE-2026-33056 python-fastar: tar-rs: Arbitrary directory permission modification via crafted tar archive [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2449683
[ 10 ] Bug #2449684 - CVE-2026-33056 python-uv-build: tar-rs: Arbitrary directory permission modification via crafted tar archive [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2449684
[ 11 ] Bug #2449694 - CVE-2026-33056 uv: tar-rs: Arbitrary directory permission modification via crafted tar archive [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2449694
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-23bb71ea52' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
[SECURITY] Fedora 42 Update: rust-nix-0.31.2-1.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-23bb71ea52
2026-03-29 01:07:01.422539+00:00
--------------------------------------------------------------------------------
Name : rust-nix
Product : Fedora 42
Version : 0.31.2
Release : 1.fc42
URL : https://crates.io/crates/nix
Summary : Rust friendly bindings to *nix APIs
Description :
Rust friendly bindings to *nix APIs.
--------------------------------------------------------------------------------
Update Information:
Update rust-astral-tokio-tar to 0.6.0, fixing CVE-2026-32766. Update rust-tar to
0.4.45, fixing CVE-2026-33056. Update rust-nix to 0.31.2. Update uv and python-
uv-build to 0.10.2, rebuilding them with the latest rust-astral-tokio-tar and
rust-tar. Update python-fastar to 0.9.0, rebuilding it with the lastest rust-
tar. Rebuild maturin with the latest rust-tar.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Mar 17 2026 Benjamin A. Beasley [code@musicinmybrain.net] - 0.31.2-1
- Update to verison 0.31.2; Fixes RHBZ#2443509
* Thu Feb 12 2026 Fabio Valentini [decathorpe@gmail.com] - 0.31.1-2
- Skip one additional test that fails on RHEL 9
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2448054 - rust-astral-tokio-tar-0.6.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2448054
[ 2 ] Bug #2449243 - uv-0.10.12 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2449243
[ 3 ] Bug #2449274 - rust-tar-0.4.45 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2449274
[ 4 ] Bug #2449338 - python-uv-build-0.10.12 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2449338
[ 5 ] Bug #2449547 - CVE-2026-32766 python-uv-build: astral-tokio-tar: Potential archive misinterpretation via malformed PAX extensions [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2449547
[ 6 ] Bug #2449549 - CVE-2026-32766 uv: astral-tokio-tar: Potential archive misinterpretation via malformed PAX extensions [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2449549
[ 7 ] Bug #2449645 - python-fastar-0.9.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2449645
[ 8 ] Bug #2449681 - CVE-2026-33056 maturin: tar-rs: Arbitrary directory permission modification via crafted tar archive [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2449681
[ 9 ] Bug #2449683 - CVE-2026-33056 python-fastar: tar-rs: Arbitrary directory permission modification via crafted tar archive [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2449683
[ 10 ] Bug #2449684 - CVE-2026-33056 python-uv-build: tar-rs: Arbitrary directory permission modification via crafted tar archive [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2449684
[ 11 ] Bug #2449694 - CVE-2026-33056 uv: tar-rs: Arbitrary directory permission modification via crafted tar archive [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2449694
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-23bb71ea52' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 42 Update: rust-tar-0.4.45-1.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-23bb71ea52
2026-03-29 01:07:01.422539+00:00
--------------------------------------------------------------------------------
Name : rust-tar
Product : Fedora 42
Version : 0.4.45
Release : 1.fc42
URL : https://crates.io/crates/tar
Summary : Rust implementation of a TAR file reader and writer
Description :
A Rust implementation of a TAR file reader and writer. This library does
not currently handle compression, but it is abstract over all I/O
readers and writers. Additionally, great lengths are taken to ensure
that the entire contents are never required to be entirely resident in
memory all at once.
--------------------------------------------------------------------------------
Update Information:
Update rust-astral-tokio-tar to 0.6.0, fixing CVE-2026-32766. Update rust-tar to
0.4.45, fixing CVE-2026-33056. Update rust-nix to 0.31.2. Update uv and python-
uv-build to 0.10.2, rebuilding them with the latest rust-astral-tokio-tar and
rust-tar. Update python-fastar to 0.9.0, rebuilding it with the lastest rust-
tar. Rebuild maturin with the latest rust-tar.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Mar 20 2026 Benjamin A. Beasley [code@musicinmybrain.net] - 0.4.45-1
- Update to version 0.4.45; Fixes RHBZ#2449274
* Sat Jan 17 2026 Fedora Release Engineering [releng@fedoraproject.org] - 0.4.44-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
* Fri Jul 25 2025 Fedora Release Engineering [releng@fedoraproject.org] - 0.4.44-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2448054 - rust-astral-tokio-tar-0.6.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2448054
[ 2 ] Bug #2449243 - uv-0.10.12 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2449243
[ 3 ] Bug #2449274 - rust-tar-0.4.45 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2449274
[ 4 ] Bug #2449338 - python-uv-build-0.10.12 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2449338
[ 5 ] Bug #2449547 - CVE-2026-32766 python-uv-build: astral-tokio-tar: Potential archive misinterpretation via malformed PAX extensions [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2449547
[ 6 ] Bug #2449549 - CVE-2026-32766 uv: astral-tokio-tar: Potential archive misinterpretation via malformed PAX extensions [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2449549
[ 7 ] Bug #2449645 - python-fastar-0.9.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2449645
[ 8 ] Bug #2449681 - CVE-2026-33056 maturin: tar-rs: Arbitrary directory permission modification via crafted tar archive [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2449681
[ 9 ] Bug #2449683 - CVE-2026-33056 python-fastar: tar-rs: Arbitrary directory permission modification via crafted tar archive [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2449683
[ 10 ] Bug #2449684 - CVE-2026-33056 python-uv-build: tar-rs: Arbitrary directory permission modification via crafted tar archive [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2449684
[ 11 ] Bug #2449694 - CVE-2026-33056 uv: tar-rs: Arbitrary directory permission modification via crafted tar archive [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2449694
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-23bb71ea52' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 42 Update: python-fastar-0.8.0-4.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-23bb71ea52
2026-03-29 01:07:01.422539+00:00
--------------------------------------------------------------------------------
Name : python-fastar
Product : Fedora 42
Version : 0.8.0
Release : 4.fc42
URL : https://github.com/DoctorJohn/fastar
Summary : High-level bindings for the Rust tar crate
Description :
The fastar library wraps the Rust tar, flate2, and zstd crates, providing a
high-performance way to work with compressed and uncompressed tar archives in
Python.
--------------------------------------------------------------------------------
Update Information:
Update rust-astral-tokio-tar to 0.6.0, fixing CVE-2026-32766. Update rust-tar to
0.4.45, fixing CVE-2026-33056. Update rust-nix to 0.31.2. Update uv and python-
uv-build to 0.10.2, rebuilding them with the latest rust-astral-tokio-tar and
rust-tar. Update python-fastar to 0.9.0, rebuilding it with the lastest rust-
tar. Rebuild maturin with the latest rust-tar.
--------------------------------------------------------------------------------
ChangeLog:
* Sat Mar 21 2026 Benjamin A. Beasley [code@musicinmybrain.net] - 0.8.0-4
- Rebuilt with rust-tar 0.4.45 for CVE-2026-33056
* Fri Mar 20 2026 Benjamin A. Beasley [code@musicinmybrain.net] - 0.8.0-3
- Allow PyO3 0.28
* Sat Jan 17 2026 Fedora Release Engineering [releng@fedoraproject.org] - 0.8.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2448054 - rust-astral-tokio-tar-0.6.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2448054
[ 2 ] Bug #2449243 - uv-0.10.12 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2449243
[ 3 ] Bug #2449274 - rust-tar-0.4.45 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2449274
[ 4 ] Bug #2449338 - python-uv-build-0.10.12 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2449338
[ 5 ] Bug #2449547 - CVE-2026-32766 python-uv-build: astral-tokio-tar: Potential archive misinterpretation via malformed PAX extensions [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2449547
[ 6 ] Bug #2449549 - CVE-2026-32766 uv: astral-tokio-tar: Potential archive misinterpretation via malformed PAX extensions [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2449549
[ 7 ] Bug #2449645 - python-fastar-0.9.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2449645
[ 8 ] Bug #2449681 - CVE-2026-33056 maturin: tar-rs: Arbitrary directory permission modification via crafted tar archive [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2449681
[ 9 ] Bug #2449683 - CVE-2026-33056 python-fastar: tar-rs: Arbitrary directory permission modification via crafted tar archive [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2449683
[ 10 ] Bug #2449684 - CVE-2026-33056 python-uv-build: tar-rs: Arbitrary directory permission modification via crafted tar archive [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2449684
[ 11 ] Bug #2449694 - CVE-2026-33056 uv: tar-rs: Arbitrary directory permission modification via crafted tar archive [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2449694
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-23bb71ea52' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 42 Update: maturin-1.9.6-4.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-23bb71ea52
2026-03-29 01:07:01.422539+00:00
--------------------------------------------------------------------------------
Name : maturin
Product : Fedora 42
Version : 1.9.6
Release : 4.fc42
URL : https://github.com/PyO3/maturin
Summary : Build and publish Rust crates as Python packages
Description :
Build and publish crates with pyo3, rust-cpython and cffi bindings as
well as rust binaries as python packages.
--------------------------------------------------------------------------------
Update Information:
Update rust-astral-tokio-tar to 0.6.0, fixing CVE-2026-32766. Update rust-tar to
0.4.45, fixing CVE-2026-33056. Update rust-nix to 0.31.2. Update uv and python-
uv-build to 0.10.2, rebuilding them with the latest rust-astral-tokio-tar and
rust-tar. Update python-fastar to 0.9.0, rebuilding it with the lastest rust-
tar. Rebuild maturin with the latest rust-tar.
--------------------------------------------------------------------------------
ChangeLog:
* Sat Mar 21 2026 Benjamin A. Beasley [code@musicinmybrain.net] - 1.9.6-4
- Rebuilt with rust-tar 0.4.45 for CVE-2026-33056
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2448054 - rust-astral-tokio-tar-0.6.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2448054
[ 2 ] Bug #2449243 - uv-0.10.12 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2449243
[ 3 ] Bug #2449274 - rust-tar-0.4.45 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2449274
[ 4 ] Bug #2449338 - python-uv-build-0.10.12 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2449338
[ 5 ] Bug #2449547 - CVE-2026-32766 python-uv-build: astral-tokio-tar: Potential archive misinterpretation via malformed PAX extensions [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2449547
[ 6 ] Bug #2449549 - CVE-2026-32766 uv: astral-tokio-tar: Potential archive misinterpretation via malformed PAX extensions [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2449549
[ 7 ] Bug #2449645 - python-fastar-0.9.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2449645
[ 8 ] Bug #2449681 - CVE-2026-33056 maturin: tar-rs: Arbitrary directory permission modification via crafted tar archive [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2449681
[ 9 ] Bug #2449683 - CVE-2026-33056 python-fastar: tar-rs: Arbitrary directory permission modification via crafted tar archive [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2449683
[ 10 ] Bug #2449684 - CVE-2026-33056 python-uv-build: tar-rs: Arbitrary directory permission modification via crafted tar archive [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2449684
[ 11 ] Bug #2449694 - CVE-2026-33056 uv: tar-rs: Arbitrary directory permission modification via crafted tar archive [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2449694
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-23bb71ea52' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 42 Update: rust-astral-tokio-tar-0.6.0-1.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-23bb71ea52
2026-03-29 01:07:01.422539+00:00
--------------------------------------------------------------------------------
Name : rust-astral-tokio-tar
Product : Fedora 42
Version : 0.6.0
Release : 1.fc42
URL : https://crates.io/crates/astral-tokio-tar
Summary : Rust implementation of an async TAR file reader and writer
Description :
A Rust implementation of an async TAR file reader and writer. This
library does not currently handle compression, but it is abstract over
all I/O readers and writers. Additionally, great lengths are taken to
ensure that the entire contents are never required to be entirely
resident in memory all at once.
--------------------------------------------------------------------------------
Update Information:
Update rust-astral-tokio-tar to 0.6.0, fixing CVE-2026-32766. Update rust-tar to
0.4.45, fixing CVE-2026-33056. Update rust-nix to 0.31.2. Update uv and python-
uv-build to 0.10.2, rebuilding them with the latest rust-astral-tokio-tar and
rust-tar. Update python-fastar to 0.9.0, rebuilding it with the lastest rust-
tar. Rebuild maturin with the latest rust-tar.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Mar 16 2026 Benjamin A. Beasley [code@musicinmybrain.net] - 0.6.0-1
- Update to version 0.6.0; Fixes RHBZ#2448054
* Sat Jan 17 2026 Fedora Release Engineering [releng@fedoraproject.org] - 0.5.6-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2448054 - rust-astral-tokio-tar-0.6.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2448054
[ 2 ] Bug #2449243 - uv-0.10.12 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2449243
[ 3 ] Bug #2449274 - rust-tar-0.4.45 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2449274
[ 4 ] Bug #2449338 - python-uv-build-0.10.12 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2449338
[ 5 ] Bug #2449547 - CVE-2026-32766 python-uv-build: astral-tokio-tar: Potential archive misinterpretation via malformed PAX extensions [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2449547
[ 6 ] Bug #2449549 - CVE-2026-32766 uv: astral-tokio-tar: Potential archive misinterpretation via malformed PAX extensions [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2449549
[ 7 ] Bug #2449645 - python-fastar-0.9.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2449645
[ 8 ] Bug #2449681 - CVE-2026-33056 maturin: tar-rs: Arbitrary directory permission modification via crafted tar archive [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2449681
[ 9 ] Bug #2449683 - CVE-2026-33056 python-fastar: tar-rs: Arbitrary directory permission modification via crafted tar archive [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2449683
[ 10 ] Bug #2449684 - CVE-2026-33056 python-uv-build: tar-rs: Arbitrary directory permission modification via crafted tar archive [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2449684
[ 11 ] Bug #2449694 - CVE-2026-33056 uv: tar-rs: Arbitrary directory permission modification via crafted tar archive [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2449694
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-23bb71ea52' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 42 Update: python-uv-build-0.10.12-1.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-23bb71ea52
2026-03-29 01:07:01.422539+00:00
--------------------------------------------------------------------------------
Name : python-uv-build
Product : Fedora 42
Version : 0.10.12
Release : 1.fc42
URL : https://pypi.org/project/uv-build
Summary : The uv build backend
Description :
This package is a slimmed down version of uv containing only the build
backend.
--------------------------------------------------------------------------------
Update Information:
Update rust-astral-tokio-tar to 0.6.0, fixing CVE-2026-32766. Update rust-tar to
0.4.45, fixing CVE-2026-33056. Update rust-nix to 0.31.2. Update uv and python-
uv-build to 0.10.2, rebuilding them with the latest rust-astral-tokio-tar and
rust-tar. Update python-fastar to 0.9.0, rebuilding it with the lastest rust-
tar. Rebuild maturin with the latest rust-tar.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Mar 20 2026 Benjamin A. Beasley [code@musicinmybrain.net] - 0.10.12-1
- Update to 0.10.12 (close RHBZ#2449338)
* Tue Mar 17 2026 Benjamin A. Beasley [code@musicinmybrain.net] - 0.10.11-1
- Update to 0.10.11 (close RHBZ#2448298)
* Sun Mar 15 2026 Benjamin A. Beasley [code@musicinmybrain.net] - 0.10.10-1
- Update to 0.10.10 (close RHBZ#2447539)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2448054 - rust-astral-tokio-tar-0.6.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2448054
[ 2 ] Bug #2449243 - uv-0.10.12 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2449243
[ 3 ] Bug #2449274 - rust-tar-0.4.45 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2449274
[ 4 ] Bug #2449338 - python-uv-build-0.10.12 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2449338
[ 5 ] Bug #2449547 - CVE-2026-32766 python-uv-build: astral-tokio-tar: Potential archive misinterpretation via malformed PAX extensions [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2449547
[ 6 ] Bug #2449549 - CVE-2026-32766 uv: astral-tokio-tar: Potential archive misinterpretation via malformed PAX extensions [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2449549
[ 7 ] Bug #2449645 - python-fastar-0.9.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2449645
[ 8 ] Bug #2449681 - CVE-2026-33056 maturin: tar-rs: Arbitrary directory permission modification via crafted tar archive [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2449681
[ 9 ] Bug #2449683 - CVE-2026-33056 python-fastar: tar-rs: Arbitrary directory permission modification via crafted tar archive [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2449683
[ 10 ] Bug #2449684 - CVE-2026-33056 python-uv-build: tar-rs: Arbitrary directory permission modification via crafted tar archive [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2449684
[ 11 ] Bug #2449694 - CVE-2026-33056 uv: tar-rs: Arbitrary directory permission modification via crafted tar archive [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2449694
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-23bb71ea52' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 43 Update: python3.6-3.6.15-55.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-1a816eeca2
2026-03-29 00:48:39.566783+00:00
--------------------------------------------------------------------------------
Name : python3.6
Product : Fedora 43
Version : 3.6.15
Release : 55.fc43
URL : https://www.python.org/
Summary : Version 3.6 of the Python interpreter
Description :
Python 3.6 package for developers.
This package exists to allow developers to test their code against an older
version of Python. This is not a full Python stack and if you wish to run
your applications with Python 3.6, see other distributions
that support it, such as CentOS or RHEL with Software Collections
or older Fedora releases.
--------------------------------------------------------------------------------
Update Information:
Security fix for CVE-2026-4519.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Mar 26 2026 Lum??r Balhar [lbalhar@redhat.com] - 3.6.15-55
- Security fix for CVE-2026-4519 (rhbz#2449733)
* Thu Mar 12 2026 Miro Hron??ok [mhroncok@redhat.com] - 3.6.15-54
- Rebuilt for improvements of %python_wheel_inject_sbom in python-rpm-macros-3.14-11
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2449733 - CVE-2026-4519 python3.6: Python: Command-line option injection in webbrowser.open() via crafted URLs [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2449733
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-1a816eeca2' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
[SECURITY] Fedora 43 Update: python3.11-3.11.15-2.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-5dd28d8058
2026-03-29 00:48:39.566780+00:00
--------------------------------------------------------------------------------
Name : python3.11
Product : Fedora 43
Version : 3.11.15
Release : 2.fc43
URL : https://www.python.org/
Summary : Version 3.11 of the Python interpreter
Description :
Python 3.11 is an accessible, high-level, dynamically typed, interpreted
programming language, designed with an emphasis on code readability.
It includes an extensive standard library, and has a vast ecosystem of
third-party libraries.
The python3.11 package provides the "python3.11" executable: the reference
interpreter for the Python language, version 3.
The majority of its standard library is provided in the python3.11-libs package,
which should be installed automatically along with python3.11.
The remaining parts of the Python standard library are broken out into the
python3.11-tkinter and python3.11-test packages, which may need to be installed
separately.
Documentation for Python is provided in the python3.11-docs package.
Packages containing additional libraries for Python are generally named with
the "python3.11-" prefix.
--------------------------------------------------------------------------------
Update Information:
Security fix for CVE-2026-4519.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Mar 26 2026 Lum??r Balhar [lbalhar@redhat.com] - 3.11.15-2
- Security fix for CVE-2026-4519 (rhbz#2449727)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2449727 - CVE-2026-4519 python3.11: Python: Command-line option injection in webbrowser.open() via crafted URLs [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2449727
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-5dd28d8058' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
[SECURITY] Fedora 43 Update: python-ply-3.11-33.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-516db080b7
2026-03-29 00:48:39.566775+00:00
--------------------------------------------------------------------------------
Name : python-ply
Product : Fedora 43
Version : 3.11
Release : 33.fc43
URL : http://www.dabeaz.com/ply/
Summary : Python Lex-Yacc
Description :
PLY is a straightforward lex/yacc implementation. Here is a list of its
essential features:
* It is implemented entirely in Python.
* It uses LR-parsing which is reasonably efficient and well suited for larger
grammars.
* PLY provides most of the standard lex/yacc features including support
for empty productions, precedence rules, error recovery, and support
for ambiguous grammars.
* PLY is straightforward to use and provides very extensive error checking.
* PLY doesn't try to do anything more or less than provide the basic lex/yacc
functionality. In other words, it's not a large parsing framework or a
component of some larger system.
--------------------------------------------------------------------------------
Update Information:
Security fix for CVE-2025-56005
--------------------------------------------------------------------------------
ChangeLog:
* Wed Mar 25 2026 Charalampos Stratakis [cstratak@redhat.com] - 3.11-33
- Security fix for CVE-2025-56005
- Fixes: rhbz#2437981
* Sat Jan 17 2026 Fedora Release Engineering [releng@fedoraproject.org] - 3.11-32
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
* Thu Dec 18 2025 Tom Callaway [spot@fedoraproject.org] - 3.11-31
- fix build for Python 3.15
- use modern macros
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2437981 - CVE-2025-56005 python-ply: Unsafe pickle file handling in Ply [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2437981
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-516db080b7' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 43 Update: python3.13-3.13.12-2.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-f373d5f528
2026-03-29 00:48:39.566777+00:00
--------------------------------------------------------------------------------
Name : python3.13
Product : Fedora 43
Version : 3.13.12
Release : 2.fc43
URL : https://www.python.org/
Summary : Version 3.13 of the Python interpreter
Description :
Python 3.13 is an accessible, high-level, dynamically typed, interpreted
programming language, designed with an emphasis on code readability.
It includes an extensive standard library, and has a vast ecosystem of
third-party libraries.
The python3.13 package provides the "python3.13" executable: the reference
interpreter for the Python language, version 3.
The majority of its standard library is provided in the python3.13-libs package,
which should be installed automatically along with python3.13.
The remaining parts of the Python standard library are broken out into the
python3.13-tkinter and python3.13-test packages, which may need to be installed
separately.
Documentation for Python is provided in the python3.13-docs package.
Packages containing additional libraries for Python are generally named with
the "python3.13-" prefix.
--------------------------------------------------------------------------------
Update Information:
Security fix for CVE-2026-4519.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Mar 26 2026 Lum??r Balhar [lbalhar@redhat.com] - 3.13.12-2
- Security fix for CVE-2026-4519 (rhbz#2449729)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2449729 - CVE-2026-4519 python3.13: Python: Command-line option injection in webbrowser.open() via crafted URLs [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2449729
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-f373d5f528' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
[SECURITY] Fedora 43 Update: bind-dyndb-ldap-11.11-11.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-b2ec0d8a47
2026-03-29 00:48:39.566769+00:00
--------------------------------------------------------------------------------
Name : bind-dyndb-ldap
Product : Fedora 43
Version : 11.11
Release : 11.fc43
URL : https://releases.pagure.org/bind-dyndb-ldap
Summary : LDAP back-end plug-in for BIND
Description :
This package provides an LDAP back-end plug-in for BIND. It features
support for dynamic updates and internal caching, to lift the load
off of your LDAP server.
--------------------------------------------------------------------------------
Update Information:
Update to 9.18.47 (rhbz#2440561)
Security Fixes:
Fix unbounded NSEC3 iterations when validating referrals to unsigned
delegations. (CVE-2026-1519)
Source:
https://downloads.isc.org/isc/bind9/9.18.47/doc/arm/html/notes.html#notes-for-
bind-9-18-47
--------------------------------------------------------------------------------
ChangeLog:
* Wed Mar 25 2026 Petr Men????k [pemensik@redhat.com] - 11.11-11
- Rebuild for BIND 9.18.47 (rhbz#2440561)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2440561 - bind-9.18.47 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2440561
[ 2 ] Bug #2451360 - CVE-2026-1519 bind: BIND: Denial of Service via maliciously crafted DNSSEC-validated zone [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2451360
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-b2ec0d8a47' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
[SECURITY] Fedora 43 Update: bind-9.18.47-1.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-b2ec0d8a47
2026-03-29 00:48:39.566769+00:00
--------------------------------------------------------------------------------
Name : bind
Product : Fedora 43
Version : 9.18.47
Release : 1.fc43
URL : https://www.isc.org/downloads/bind/
Summary : The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) server
Description :
BIND (Berkeley Internet Name Domain) is an implementation of the DNS
(Domain Name System) protocols. BIND includes a DNS server (named),
which resolves host names to IP addresses; a resolver library
(routines for applications to use when interfacing with DNS); and
tools for verifying that the DNS server is operating properly.
--------------------------------------------------------------------------------
Update Information:
Update to 9.18.47 (rhbz#2440561)
Security Fixes:
Fix unbounded NSEC3 iterations when validating referrals to unsigned
delegations. (CVE-2026-1519)
Source:
https://downloads.isc.org/isc/bind9/9.18.47/doc/arm/html/notes.html#notes-for-
bind-9-18-47
--------------------------------------------------------------------------------
ChangeLog:
* Wed Mar 25 2026 Petr Men????k [pemensik@redhat.com] - 32:9.18.47-1
- Update to 9.18.47 (rhbz#2440561)
* Wed Jan 28 2026 Petr Men????k [pemensik@redhat.com] - 32:9.18.44-2
- Create /var/named directories for bind-chroot (RHEL-132053)
- Add forgotten _libdir/named into bind-chroot tmpfiles
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2440561 - bind-9.18.47 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2440561
[ 2 ] Bug #2451360 - CVE-2026-1519 bind: BIND: Denial of Service via maliciously crafted DNSSEC-validated zone [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2451360
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-b2ec0d8a47' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
[SECURITY] Fedora 43 Update: chromium-146.0.7680.164-1.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-ad5b2b6b68
2026-03-29 00:48:39.566766+00:00
--------------------------------------------------------------------------------
Name : chromium
Product : Fedora 43
Version : 146.0.7680.164
Release : 1.fc43
URL : http://www.chromium.org/Home
Summary : A WebKit (Blink) powered web browser that Google doesn't want you to use
Description :
Chromium is an open-source web browser, powered by WebKit (Blink).
--------------------------------------------------------------------------------
Update Information:
Update to 146.0.7680.164
* High CVE-2026-4673: Heap buffer overflow in WebAudio
* High CVE-2026-4674: Out of bounds read in CSS
* High CVE-2026-4675: Heap buffer overflow in WebGL
* High CVE-2026-4676: Use after free in Dawn
* High CVE-2026-4677: Out of bounds read in WebAudio
* High CVE-2026-4678: Use after free in WebGPU
* High CVE-2026-4679: Integer overflow in Fonts
* High CVE-2026-4680: Use after free in FedCM
--------------------------------------------------------------------------------
ChangeLog:
* Tue Mar 24 2026 Than Ngo [than@redhat.com] - 146.0.7680.164-1
- Update to 146.0.7680.164
* High CVE-2026-4673: Heap buffer overflow in WebAudio
* High CVE-2026-4674: Out of bounds read in CSS
* High CVE-2026-4675: Heap buffer overflow in WebGL
* High CVE-2026-4676: Use after free in Dawn
* High CVE-2026-4677: Out of bounds read in WebAudio
* High CVE-2026-4678: Use after free in WebGPU
* High CVE-2026-4679: Integer overflow in Fonts
* High CVE-2026-4680: Use after free in FedCM
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-ad5b2b6b68' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 43 Update: rust-cargo-c-0.10.19-2.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-7624cdcfb6
2026-03-29 00:48:39.566756+00:00
--------------------------------------------------------------------------------
Name : rust-cargo-c
Product : Fedora 43
Version : 0.10.19
Release : 2.fc43
URL : https://crates.io/crates/cargo-c
Summary : Helper program to build and install c-like libraries
Description :
Helper program to build and install c-like libraries.
--------------------------------------------------------------------------------
Update Information:
Rebuilt with rust-tar 0.4.45 for CVE-2026-33056
--------------------------------------------------------------------------------
ChangeLog:
* Sun Mar 22 2026 Benjamin A. Beasley [code@musicinmybrain.net] - 0.10.19-2
- Rebuilt with rust-tar 0.4.45 for CVE-2026-33056
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-7624cdcfb6' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 43 Update: rust-ingredients-0.2.2-3.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-d0a08cfd21
2026-03-29 00:48:39.566758+00:00
--------------------------------------------------------------------------------
Name : rust-ingredients
Product : Fedora 43
Version : 0.2.2
Release : 3.fc43
URL : https://crates.io/crates/ingredients
Summary : Check ingredients of published Rust crates
Description :
Check ingredients of published Rust crates.
--------------------------------------------------------------------------------
Update Information:
Rebuilt with rust-tar 0.4.45 for CVE-2026-33056
--------------------------------------------------------------------------------
ChangeLog:
* Mon Mar 23 2026 Benjamin A. Beasley [code@musicinmybrain.net] - 0.2.2-3
- Rebuilt with rust-tar 0.4.45 for CVE-2026-33056
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-d0a08cfd21' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 43 Update: rustup-1.29.0-2.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-9defa0fb00
2026-03-29 00:48:39.566753+00:00
--------------------------------------------------------------------------------
Name : rustup
Product : Fedora 43
Version : 1.29.0
Release : 2.fc43
URL : https://github.com/rust-lang/rustup
Summary : Manage multiple rust installations with ease
Description :
Manage multiple rust installations with ease.
--------------------------------------------------------------------------------
Update Information:
Rebuilt with rust-tar 0.4.45 for CVE-2026-33056
--------------------------------------------------------------------------------
ChangeLog:
* Sun Mar 22 2026 Benjamin A. Beasley [code@musicinmybrain.net] - 1.29.0-2
- Rebuilt with rust-tar 0.4.45 for CVE-2026-33056
- Fixes RHBZ#2449688
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2449688 - CVE-2026-33056 rustup: tar-rs: Arbitrary directory permission modification via crafted tar archive [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2449688
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-9defa0fb00' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 43 Update: pypy3.10-7.3.19-11.3.10.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-98502d7938
2026-03-29 00:48:39.566739+00:00
--------------------------------------------------------------------------------
Name : pypy3.10
Product : Fedora 43
Version : 7.3.19
Release : 11.3.10.fc43
URL : https://www.pypy.org/
Summary : Python 3.10 implementation with a Just-In-Time compiler
Description :
PyPy's implementation of Python 3.10, featuring a Just-In-Time compiler
on some CPU architectures, and various optimized implementations
of the standard types (strings, dictionaries, etc.).
This build of PyPy has JIT-compilation enabled.
--------------------------------------------------------------------------------
Update Information:
Security fix for CVE-2025-56005 for the bundled ply within the bundled pycparser
--------------------------------------------------------------------------------
ChangeLog:
* Thu Mar 19 2026 Charalampos Stratakis [cstratak@redhat.com] - 7.3.19-11
- Security fix for CVE-2025-56005 for the bundled ply within the bundled
pycparser
- Fixes: rhbz#2431977
* Sat Jan 17 2026 Fedora Release Engineering [releng@fedoraproject.org] - 7.3.19-10
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
* Wed Jan 7 2026 Miro Hron??ok [miro@hroncok.cz] - 7.3.19-9
- Enable JIT on riscv64
* Tue Jan 6 2026 Miro Hron??ok [miro@hroncok.cz] - 7.3.19-8
- Inject SBOM into the installed wheels (when using the bundled ones)
* Thu Aug 14 2025 Miro Hron??ok [miro@hroncok.cz] - 7.3.19-5
- Don't use the gold linker
- https://fedoraproject.org/wiki/Changes/DeprecateGoldLinker
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2431977 - CVE-2025-56005 pypy3.10: From CVEorg collector [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2431977
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-98502d7938' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
[SECURITY] Fedora 43 Update: pypy-7.3.21-3.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-6c4a7cd1b1
2026-03-29 00:48:39.566734+00:00
--------------------------------------------------------------------------------
Name : pypy
Product : Fedora 43
Version : 7.3.21
Release : 3.fc43
URL : https://www.pypy.org/
Summary : Python implementation with a Just-In-Time compiler
Description :
PyPy's implementation of Python, featuring a Just-In-Time compiler on some CPU
architectures, and various optimized implementations of the standard types
(strings, dictionaries, etc)
This build of PyPy has JIT-compilation enabled.
--------------------------------------------------------------------------------
Update Information:
Fix jit backend for ppc64le and s390x
--------------------------------------------------------------------------------
ChangeLog:
* Thu Mar 19 2026 Charalampos Stratakis [cstratak@redhat.com] - 7.3.21-2
- Security fix for CVE-2025-56005 for the bundled ply within the bundled
pycparser
- Fixes: rhbz#2431976
* Thu Mar 19 2026 Charalampos Stratakis [cstratak@redhat.com] - 7.3.21-1
- Update to 7.3.21
- Fixes: rhbz#2447284
* Thu Mar 12 2026 Miro Hron??ok [miro@hroncok.cz] - 7.3.20-12
- Rebuilt for improvements of %python_wheel_inject_sbom in python-rpm-
macros-3.14-11
* Fri Jan 30 2026 Miroslav Such?? [msuchy@redhat.com] - 7.3.20-11
- migrate license to SPDX
* Sat Jan 17 2026 Fedora Release Engineering [releng@fedoraproject.org] - 7.3.20-10
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
* Wed Jan 7 2026 Miro Hron??ok [miro@hroncok.cz] - 7.3.20-9
- Enable JIT on riscv64
* Wed Sep 24 2025 Miro Hron??ok [miro@hroncok.cz] - 7.3.20-6
- Inject SBOM into the installed wheels
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2431976 - CVE-2025-56005 pypy: From CVEorg collector [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2431976
[ 2 ] Bug #2447284 - pypy-7.3.21 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2447284
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-6c4a7cd1b1' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
[SECURITY] Fedora 43 Update: rust-sequoia-chameleon-gnupg-0.13.1-11.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-936a74ccc0
2026-03-29 00:48:39.566648+00:00
--------------------------------------------------------------------------------
Name : rust-sequoia-chameleon-gnupg
Product : Fedora 43
Version : 0.13.1
Release : 11.fc43
URL : https://crates.io/crates/sequoia-chameleon-gnupg
Summary : Sequoia's reimplementation of the GnuPG interface
Description :
Sequoia's reimplementation of the GnuPG interface.
--------------------------------------------------------------------------------
Update Information:
Rebuild rust-sequoia-chameleon-gnupg with rust-tar 0.4.45 for CVE-2026-33056.
Update rust-pty-process to 0.5.3, and adjust the dev-dependency in rust-sequoia-
chameleon-gnupg to allow it.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Mar 23 2026 Benjamin A. Beasley [code@musicinmybrain.net] - 0.13.1-11
- Rebuilt with rust-tar 0.4.45 for CVE-2026-33056
* Tue Mar 17 2026 Benjamin A. Beasley [code@musicinmybrain.net] - 0.13.1-10
- Update pty-process dev-dependency from v0.4 to v0.5
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2344560 - rust-pty-process-0.5.3 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2344560
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-936a74ccc0' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 43 Update: rust-pty-process-0.5.3-1.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-936a74ccc0
2026-03-29 00:48:39.566648+00:00
--------------------------------------------------------------------------------
Name : rust-pty-process
Product : Fedora 43
Version : 0.5.3
Release : 1.fc43
URL : https://crates.io/crates/pty-process
Summary : Spawn commands attached to a pty
Description :
Spawn commands attached to a pty.
--------------------------------------------------------------------------------
Update Information:
Rebuild rust-sequoia-chameleon-gnupg with rust-tar 0.4.45 for CVE-2026-33056.
Update rust-pty-process to 0.5.3, and adjust the dev-dependency in rust-sequoia-
chameleon-gnupg to allow it.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Mar 17 2026 Benjamin A. Beasley [code@musicinmybrain.net] - 0.5.3-1
- Update to version 0.5.3; Fixes RHBZ#2344560
* Sat Jan 17 2026 Fedora Release Engineering [releng@fedoraproject.org] - 0.4.0-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2344560 - rust-pty-process-0.5.3 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2344560
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-936a74ccc0' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 44 Update: python3.6-3.6.15-55.fc44
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-b79ae5877b
2026-03-29 00:15:07.927190+00:00
--------------------------------------------------------------------------------
Name : python3.6
Product : Fedora 44
Version : 3.6.15
Release : 55.fc44
URL : https://www.python.org/
Summary : Version 3.6 of the Python interpreter
Description :
Python is an accessible, high-level, dynamically typed, interpreted programming
language, designed with an emphasis on code readability.
It includes an extensive standard library, and has a vast ecosystem of
third-party libraries.
The python3.6 package provides the "python3" executable: the reference
interpreter for the Python language, version 3.
The majority of its standard library is provided in the python3.6-libs package,
which should be installed automatically along with python3.6.
The remaining parts of the Python standard library are broken out into the
python3.6-tkinter and python3.6-test packages, which may need to be installed
separately.
Documentation for Python is provided in the python3.6-docs package.
Packages containing additional libraries for Python are generally named with
the "python3.6-" prefix.
--------------------------------------------------------------------------------
Update Information:
Security fix for CVE-2026-4519.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Mar 26 2026 Lum??r Balhar [lbalhar@redhat.com] - 3.6.15-55
- Security fix for CVE-2026-4519 (rhbz#2449733)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2449733 - CVE-2026-4519 python3.6: Python: Command-line option injection in webbrowser.open() via crafted URLs [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2449733
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-b79ae5877b' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
[SECURITY] Fedora 44 Update: python3.11-3.11.15-2.fc44
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-5e63b7a761
2026-03-29 00:15:07.927186+00:00
--------------------------------------------------------------------------------
Name : python3.11
Product : Fedora 44
Version : 3.11.15
Release : 2.fc44
URL : https://www.python.org/
Summary : Version 3.11 of the Python interpreter
Description :
Python 3.11 is an accessible, high-level, dynamically typed, interpreted
programming language, designed with an emphasis on code readability.
It includes an extensive standard library, and has a vast ecosystem of
third-party libraries.
The python3.11 package provides the "python3.11" executable: the reference
interpreter for the Python language, version 3.
The majority of its standard library is provided in the python3.11-libs package,
which should be installed automatically along with python3.11.
The remaining parts of the Python standard library are broken out into the
python3.11-tkinter and python3.11-test packages, which may need to be installed
separately.
Documentation for Python is provided in the python3.11-docs package.
Packages containing additional libraries for Python are generally named with
the "python3.11-" prefix.
--------------------------------------------------------------------------------
Update Information:
Security fix for CVE-2026-4519.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Mar 26 2026 Lum??r Balhar [lbalhar@redhat.com] - 3.11.15-2
- Security fix for CVE-2026-4519 (rhbz#2449727)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2449727 - CVE-2026-4519 python3.11: Python: Command-line option injection in webbrowser.open() via crafted URLs [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2449727
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-5e63b7a761' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
[SECURITY] Fedora 44 Update: python3.13-3.13.12-2.fc44
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-742bf8c12d
2026-03-29 00:15:07.927182+00:00
--------------------------------------------------------------------------------
Name : python3.13
Product : Fedora 44
Version : 3.13.12
Release : 2.fc44
URL : https://www.python.org/
Summary : Version 3.13 of the Python interpreter
Description :
Python 3.13 is an accessible, high-level, dynamically typed, interpreted
programming language, designed with an emphasis on code readability.
It includes an extensive standard library, and has a vast ecosystem of
third-party libraries.
The python3.13 package provides the "python3.13" executable: the reference
interpreter for the Python language, version 3.
The majority of its standard library is provided in the python3.13-libs package,
which should be installed automatically along with python3.13.
The remaining parts of the Python standard library are broken out into the
python3.13-tkinter and python3.13-test packages, which may need to be installed
separately.
Documentation for Python is provided in the python3.13-docs package.
Packages containing additional libraries for Python are generally named with
the "python3.13-" prefix.
--------------------------------------------------------------------------------
Update Information:
Security fix for CVE-2026-4519.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Mar 26 2026 Lum??r Balhar [lbalhar@redhat.com] - 3.13.12-2
- Security fix for CVE-2026-4519 (rhbz#2449729)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2449729 - CVE-2026-4519 python3.13: Python: Command-line option injection in webbrowser.open() via crafted URLs [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2449729
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-742bf8c12d' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
[SECURITY] Fedora 44 Update: python-ply-3.11-33.fc44
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-c081ac890b
2026-03-29 00:15:07.927179+00:00
--------------------------------------------------------------------------------
Name : python-ply
Product : Fedora 44
Version : 3.11
Release : 33.fc44
URL : http://www.dabeaz.com/ply/
Summary : Python Lex-Yacc
Description :
PLY is a straightforward lex/yacc implementation. Here is a list of its
essential features:
* It is implemented entirely in Python.
* It uses LR-parsing which is reasonably efficient and well suited for larger
grammars.
* PLY provides most of the standard lex/yacc features including support
for empty productions, precedence rules, error recovery, and support
for ambiguous grammars.
* PLY is straightforward to use and provides very extensive error checking.
* PLY doesn't try to do anything more or less than provide the basic lex/yacc
functionality. In other words, it's not a large parsing framework or a
component of some larger system.
--------------------------------------------------------------------------------
Update Information:
Security fix for CVE-2025-56005
--------------------------------------------------------------------------------
ChangeLog:
* Wed Mar 25 2026 Charalampos Stratakis [cstratak@redhat.com] - 3.11-33
- Security fix for CVE-2025-56005
- Fixes: rhbz#2437981
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2437981 - CVE-2025-56005 python-ply: Unsafe pickle file handling in Ply [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2437981
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-c081ac890b' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 44 Update: rust-ingredients-0.2.2-3.fc44
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-f5938ebad0
2026-03-29 00:15:07.927151+00:00
--------------------------------------------------------------------------------
Name : rust-ingredients
Product : Fedora 44
Version : 0.2.2
Release : 3.fc44
URL : https://crates.io/crates/ingredients
Summary : Check ingredients of published Rust crates
Description :
Check ingredients of published Rust crates.
--------------------------------------------------------------------------------
Update Information:
Rebuilt with rust-tar 0.4.45 for CVE-2026-33056
--------------------------------------------------------------------------------
ChangeLog:
* Mon Mar 23 2026 Benjamin A. Beasley [code@musicinmybrain.net] - 0.2.2-3
- Rebuilt with rust-tar 0.4.45 for CVE-2026-33056
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-f5938ebad0' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 44 Update: rust-cargo-c-0.10.19-2.fc44
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-ad73d6fafe
2026-03-29 00:15:07.927147+00:00
--------------------------------------------------------------------------------
Name : rust-cargo-c
Product : Fedora 44
Version : 0.10.19
Release : 2.fc44
URL : https://crates.io/crates/cargo-c
Summary : Helper program to build and install c-like libraries
Description :
Helper program to build and install c-like libraries.
--------------------------------------------------------------------------------
Update Information:
Rebuilt with rust-tar 0.4.45 for CVE-2026-33056
--------------------------------------------------------------------------------
ChangeLog:
* Sun Mar 22 2026 Benjamin A. Beasley [code@musicinmybrain.net] - 0.10.19-2
- Rebuilt with rust-tar 0.4.45 for CVE-2026-33056
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-ad73d6fafe' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 44 Update: rustup-1.29.0-2.fc44
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-89d4b6644b
2026-03-29 00:15:07.927143+00:00
--------------------------------------------------------------------------------
Name : rustup
Product : Fedora 44
Version : 1.29.0
Release : 2.fc44
URL : https://github.com/rust-lang/rustup
Summary : Manage multiple rust installations with ease
Description :
Manage multiple rust installations with ease.
--------------------------------------------------------------------------------
Update Information:
Rebuilt with rust-tar 0.4.45 for CVE-2026-33056
--------------------------------------------------------------------------------
ChangeLog:
* Sun Mar 22 2026 Benjamin A. Beasley [code@musicinmybrain.net] - 1.29.0-2
- Rebuilt with rust-tar 0.4.45 for CVE-2026-33056
- Fixes RHBZ#2449688
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2449688 - CVE-2026-33056 rustup: tar-rs: Arbitrary directory permission modification via crafted tar archive [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2449688
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-89d4b6644b' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 44 Update: pypy3.10-7.3.19-11.3.10.fc44
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-55dd4da86b
2026-03-29 00:15:07.927110+00:00
--------------------------------------------------------------------------------
Name : pypy3.10
Product : Fedora 44
Version : 7.3.19
Release : 11.3.10.fc44
URL : https://www.pypy.org/
Summary : Python 3.10 implementation with a Just-In-Time compiler
Description :
PyPy's implementation of Python 3.10, featuring a Just-In-Time compiler
on some CPU architectures, and various optimized implementations
of the standard types (strings, dictionaries, etc.).
This build of PyPy has JIT-compilation enabled.
--------------------------------------------------------------------------------
Update Information:
Security fix for CVE-2025-56005 for the bundled ply within the bundled pycparser
--------------------------------------------------------------------------------
ChangeLog:
* Thu Mar 19 2026 Charalampos Stratakis [cstratak@redhat.com] - 7.3.19-11
- Security fix for CVE-2025-56005 for the bundled ply within the bundled
pycparser
- Fixes: rhbz#2431977
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2431977 - CVE-2025-56005 pypy3.10: From CVEorg collector [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2431977
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-55dd4da86b' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 44 Update: pypy-7.3.21-3.fc44
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-496bf1e0dd
2026-03-29 00:15:07.927106+00:00
--------------------------------------------------------------------------------
Name : pypy
Product : Fedora 44
Version : 7.3.21
Release : 3.fc44
URL : https://www.pypy.org/
Summary : Python implementation with a Just-In-Time compiler
Description :
PyPy's implementation of Python, featuring a Just-In-Time compiler on some CPU
architectures, and various optimized implementations of the standard types
(strings, dictionaries, etc)
This build of PyPy has JIT-compilation enabled.
--------------------------------------------------------------------------------
Update Information:
Fix jit backend for ppc64le and s390x
--------------------------------------------------------------------------------
ChangeLog:
* Thu Mar 19 2026 Charalampos Stratakis [cstratak@redhat.com] - 7.3.21-2
- Security fix for CVE-2025-56005 for the bundled ply within the bundled
pycparser
- Fixes: rhbz#2431976
* Thu Mar 19 2026 Charalampos Stratakis [cstratak@redhat.com] - 7.3.21-1
- Update to 7.3.21
- Fixes: rhbz#2447284
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2431976 - CVE-2025-56005 pypy: From CVEorg collector [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2431976
[ 2 ] Bug #2447284 - pypy-7.3.21 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2447284
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-496bf1e0dd' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 44 Update: rust-pty-process-0.5.3-1.fc44
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-29e1155702
2026-03-29 00:15:07.926946+00:00
--------------------------------------------------------------------------------
Name : rust-pty-process
Product : Fedora 44
Version : 0.5.3
Release : 1.fc44
URL : https://crates.io/crates/pty-process
Summary : Spawn commands attached to a pty
Description :
Spawn commands attached to a pty.
--------------------------------------------------------------------------------
Update Information:
Rebuild rust-sequoia-chameleon-gnupg with rust-tar 0.4.45 for CVE-2026-33056.
Update rust-pty-process to 0.5.3, and adjust the dev-dependency in rust-sequoia-
chameleon-gnupg to allow it.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Mar 17 2026 Benjamin A. Beasley [code@musicinmybrain.net] - 0.5.3-1
- Update to version 0.5.3; Fixes RHBZ#2344560
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2344560 - rust-pty-process-0.5.3 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2344560
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-29e1155702' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 44 Update: rust-sequoia-chameleon-gnupg-0.13.1-11.fc44
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-29e1155702
2026-03-29 00:15:07.926946+00:00
--------------------------------------------------------------------------------
Name : rust-sequoia-chameleon-gnupg
Product : Fedora 44
Version : 0.13.1
Release : 11.fc44
URL : https://crates.io/crates/sequoia-chameleon-gnupg
Summary : Sequoia's reimplementation of the GnuPG interface
Description :
Sequoia's reimplementation of the GnuPG interface.
--------------------------------------------------------------------------------
Update Information:
Rebuild rust-sequoia-chameleon-gnupg with rust-tar 0.4.45 for CVE-2026-33056.
Update rust-pty-process to 0.5.3, and adjust the dev-dependency in rust-sequoia-
chameleon-gnupg to allow it.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Mar 23 2026 Benjamin A. Beasley [code@musicinmybrain.net] - 0.13.1-11
- Rebuilt with rust-tar 0.4.45 for CVE-2026-33056
* Tue Mar 17 2026 Benjamin A. Beasley [code@musicinmybrain.net] - 0.13.1-10
- Update pty-process dev-dependency from v0.4 to v0.5
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2344560 - rust-pty-process-0.5.3 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2344560
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-29e1155702' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
