Fedora 43 Update: python3.12-3.12.13-1.fc43
Fedora 43 Update: easyrpg-player-0.8.1.1-4.fc43
Fedora 43 Update: task-3.4.2-3.fc43
Fedora 42 Update: strongswan-6.0.4-2.fc42
Fedora 42 Update: easyrpg-player-0.8.1.1-2.fc42
Fedora 42 Update: python3.12-3.12.13-1.fc42
Fedora 42 Update: libmaxminddb-1.13.1-1.fc42
Fedora 42 Update: dr_libs-0^20241216git660795b-4.fc42
Fedora 44 Update: dnf5-5.4.0.0-2.fc44
Fedora 44 Update: task-3.4.2-3.fc44
Fedora 44 Update: strongswan-6.0.4-2.fc44
Fedora 44 Update: easyrpg-player-0.8.1.1-5.fc44
Fedora 44 Update: python3.12-3.12.13-1.fc44
Fedora 44 Update: udisks2-2.11.1-1.fc44
Fedora 44 Update: libmaxminddb-1.13.1-1.fc44
[SECURITY] Fedora 43 Update: python3.12-3.12.13-1.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-ac5dd35f2d
2026-03-13 01:17:50.866505+00:00
--------------------------------------------------------------------------------
Name : python3.12
Product : Fedora 43
Version : 3.12.13
Release : 1.fc43
URL : https://www.python.org/
Summary : Version 3.12 of the Python interpreter
Description :
Python 3.12 is an accessible, high-level, dynamically typed, interpreted
programming language, designed with an emphasis on code readability.
It includes an extensive standard library, and has a vast ecosystem of
third-party libraries.
The python3.12 package provides the "python3.12" executable: the reference
interpreter for the Python language, version 3.
The majority of its standard library is provided in the python3.12-libs package,
which should be installed automatically along with python3.12.
The remaining parts of the Python standard library are broken out into the
python3.12-tkinter and python3.12-test packages, which may need to be installed
separately.
Documentation for Python is provided in the python3.12-docs package.
Packages containing additional libraries for Python are generally named with
the "python3.12-" prefix.
--------------------------------------------------------------------------------
Update Information:
Update to 3.12.13
--------------------------------------------------------------------------------
ChangeLog:
* Tue Mar 3 2026 Tom???? Hrn??iar [thrnciar@redhat.com] - 3.12.13-1
- Update to 3.12.13
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2413056 - CVE-2025-6075 python3.12: Quadratic complexity in os.path.expandvars() with user-controlled template [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2413056
[ 2 ] Bug #2431819 - CVE-2025-11468 python3.12: Missing character filtering in Python [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2431819
[ 3 ] Bug #2431828 - CVE-2026-0672 python3.12: Header injection in http.cookies.Morsel in Python [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2431828
[ 4 ] Bug #2431847 - CVE-2025-15282 python3.12: Header injection via newlines in data URL mediatype in Python [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2431847
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-ac5dd35f2d' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
[SECURITY] Fedora 43 Update: easyrpg-player-0.8.1.1-4.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-63c5e7d076
2026-03-13 01:17:50.866526+00:00
--------------------------------------------------------------------------------
Name : easyrpg-player
Product : Fedora 43
Version : 0.8.1.1
Release : 4.fc43
URL : https://easyrpg.org
Summary : Game interpreter for RPG Maker 2000/2003 and EasyRPG games
Description :
EasyRPG Player is a game interpreter for RPG Maker 2000/2003 and EasyRPG games.
To play a game, run the "easyrpg-player" executable inside
a RPG Maker 2000/2003 game project folder (same place as RPG_RT.exe).
--------------------------------------------------------------------------------
Update Information:
Rebuilt with updated dr_wav to fix CVE-2026-29022
--------------------------------------------------------------------------------
ChangeLog:
* Wed Mar 4 2026 Benjamin A. Beasley [code@musicinmybrain.net] - 0.8.1.1-4
- Rebuilt with updated dr_wav to fix CVE-2026-29022
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-63c5e7d076' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 43 Update: task-3.4.2-3.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-eb2fc8e93d
2026-03-13 01:17:50.866519+00:00
--------------------------------------------------------------------------------
Name : task
Product : Fedora 43
Version : 3.4.2
Release : 3.fc43
URL : https://taskwarrior.org
Summary : Taskwarrior - a command-line TODO list manager
Description :
Taskwarrior is a command-line TODO list manager. It is flexible, fast,
efficient, unobtrusive, does its job then gets out of your way.
Taskwarrior scales to fit your workflow. Use it as a simple app that captures
tasks, shows you the list, and removes tasks from that list. Leverage its
capabilities though, and it becomes a sophisticated data query tool that can
help you stay organized, and get through your work.
--------------------------------------------------------------------------------
Update Information:
Update to new release, includes updated dependencies that fix for a number of
CVEs
--------------------------------------------------------------------------------
ChangeLog:
* Wed Mar 4 2026 Ankur Sinha (Ankur Sinha Gmail) [sanjay.ankur@gmail.com] - 3.4.2-3
- fix: remove Cargo.lock (fixes rh#2438090, rh#2438156 rh#2444169,
rh#2444179, rh#2444189)
* Wed Mar 4 2026 Ankur Sinha (Ankur Sinha Gmail) [sanjay.ankur@gmail.com] - 3.4.2-2
- fix: regenerate with updated vendored crates (fixes rh#2438090,
rh#2438156 rh#2444169, rh#2444179, rh#2444189)
* Wed Mar 4 2026 Ankur Sinha (Ankur Sinha Gmail) [sanjay.ankur@gmail.com] - 3.4.2-1
- feat: update to 3.4.2 (fixes rh#2405583)
* Sat Jan 17 2026 Fedora Release Engineering [releng@fedoraproject.org] - 3.4.1-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2438090 - CVE-2026-25727 task: time affected by a stack exhaustion denial of service attack [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2438090
[ 2 ] Bug #2438156 - CVE-2026-25727 task: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438156
[ 3 ] Bug #2444169 - CVE-2026-3338 task: AWS-LC: Signature bypass due to improper validation in PKCS7_verify() [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2444169
[ 4 ] Bug #2444179 - CVE-2026-3337 task: AWS-LC: Information disclosure via timing discrepancy in AES-CCM decryption [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2444179
[ 5 ] Bug #2444189 - CVE-2026-3336 task: aws-lc: Certificate validation bypass via improper handling of PKCS7 objects [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2444189
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-eb2fc8e93d' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 42 Update: strongswan-6.0.4-2.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-bd04c426b3
2026-03-13 00:58:40.063214+00:00
--------------------------------------------------------------------------------
Name : strongswan
Product : Fedora 42
Version : 6.0.4
Release : 2.fc42
URL : https://www.strongswan.org/
Summary : An OpenSource IPsec-based VPN and TNC solution
Description :
The strongSwan IPsec implementation supports both the IKEv1 and IKEv2 key
exchange protocols in conjunction with the native NETKEY IPsec stack of the
Linux kernel.
--------------------------------------------------------------------------------
Update Information:
Update to address CVE-2025-9615 and CVE-2025-62291
--------------------------------------------------------------------------------
ChangeLog:
* Wed Mar 4 2026 Paul Wouters [paul.wouters@aiven.io] - 6.0.4-1
- Update to 6.0.4 for CVE-2025-9615 and CVE-2025-62291
* Sat Jan 17 2026 Fedora Release Engineering [releng@fedoraproject.org] - 6.0.2-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2312429 - strongswan-6.0.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2312429
[ 2 ] Bug #2406574 - strongswan-6.0.4 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2406574
[ 3 ] Bug #2430436 - CVE-2025-62291 strongswan: From CVEorg collector [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2430436
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-bd04c426b3' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 42 Update: easyrpg-player-0.8.1.1-2.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-8ad39e4a3f
2026-03-13 00:58:40.063232+00:00
--------------------------------------------------------------------------------
Name : easyrpg-player
Product : Fedora 42
Version : 0.8.1.1
Release : 2.fc42
URL : https://easyrpg.org
Summary : Game interpreter for RPG Maker 2000/2003 and EasyRPG games
Description :
EasyRPG Player is a game interpreter for RPG Maker 2000/2003 and EasyRPG games.
To play a game, run the "easyrpg-player" executable inside
a RPG Maker 2000/2003 game project folder (same place as RPG_RT.exe).
--------------------------------------------------------------------------------
Update Information:
Rebuilt with updated dr_wav to fix CVE-2026-29022
--------------------------------------------------------------------------------
ChangeLog:
* Wed Mar 4 2026 Benjamin A. Beasley [code@musicinmybrain.net] - 0.8.1.1-2
- Rebuilt with updated dr_wav to fix CVE-2026-29022
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-8ad39e4a3f' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 42 Update: python3.12-3.12.13-1.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-3ebfc12a16
2026-03-13 00:58:40.063204+00:00
--------------------------------------------------------------------------------
Name : python3.12
Product : Fedora 42
Version : 3.12.13
Release : 1.fc42
URL : https://www.python.org/
Summary : Version 3.12 of the Python interpreter
Description :
Python 3.12 is an accessible, high-level, dynamically typed, interpreted
programming language, designed with an emphasis on code readability.
It includes an extensive standard library, and has a vast ecosystem of
third-party libraries.
The python3.12 package provides the "python3.12" executable: the reference
interpreter for the Python language, version 3.
The majority of its standard library is provided in the python3.12-libs package,
which should be installed automatically along with python3.12.
The remaining parts of the Python standard library are broken out into the
python3.12-tkinter and python3.12-test packages, which may need to be installed
separately.
Documentation for Python is provided in the python3.12-docs package.
Packages containing additional libraries for Python are generally named with
the "python3.12-" prefix.
--------------------------------------------------------------------------------
Update Information:
Update to 3.12.13
Security fixes for CVE-2026-1299, CVE-2026-0865, CVE-2025-15366 and
CVE-2025-15367
--------------------------------------------------------------------------------
ChangeLog:
* Tue Mar 3 2026 Tom???? Hrn??iar [thrnciar@redhat.com] - 3.12.13-1
- Update to 3.12.13
* Fri Feb 6 2026 Tom???? Hrn??iar [thrnciar@redhat.com] - 3.12.12-4
- Security fixes for CVE-2026-0865, CVE-2025-15366 and CVE-2025-15367
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2431617 - CVE-2025-15366 python3.12: IMAP command injection in user-controlled commands [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2431617
[ 2 ] Bug #2431641 - CVE-2025-15367 python3.12: POP3 command injection in user-controlled commands [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2431641
[ 3 ] Bug #2431764 - CVE-2025-11468 python3.12: Missing character filtering in Python [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2431764
[ 4 ] Bug #2431787 - CVE-2026-0672 python3.12: Header injection in http.cookies.Morsel in Python [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2431787
[ 5 ] Bug #2431793 - CVE-2026-0865 python3.12: wsgiref.headers.Headers allows header newline injection in Python [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2431793
[ 6 ] Bug #2431808 - CVE-2025-15282 python3.12: Header injection via newlines in data URL mediatype in Python [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2431808
[ 7 ] Bug #2433817 - CVE-2026-1299 python3.12: email header injection due to unquoted newlines [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2433817
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-3ebfc12a16' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
[SECURITY] Fedora 42 Update: libmaxminddb-1.13.1-1.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-1e497526c7
2026-03-13 00:58:40.063165+00:00
--------------------------------------------------------------------------------
Name : libmaxminddb
Product : Fedora 42
Version : 1.13.1
Release : 1.fc42
URL : https://maxmind.github.io/libmaxminddb/
Summary : C library for reading MaxMind DB files
Description :
The libmaxminddb library provides a C library for reading MaxMind DB
files, including the GeoIP2 databases from MaxMind. This is a custom
binary format designed to facilitate fast lookups of IP addresses
while allowing for great flexibility in the type of data associated
with an address.
The MaxMind DB format is an open file format. The specification is
available at https://maxmind.github.io/MaxMind-DB/ and licensed under
the Creative Commons Attribution-ShareAlike 3.0 Unported License.
--------------------------------------------------------------------------------
Update Information:
libmaxminddb 1.13.1
Re-release for Ubuntu PPA, no code changes.
libmaxminddb 1.13.0
MMDB_get_entry_data_list() now validates that the claimed array/map size is
plausible given the remaining bytes in the data section. A crafted database
could previously claim millions of array elements while only having a few
bytes of data, causing disproportionate memory allocation (memory
amplification DoS).
Fixed integer overflow in MMDB_read_node() and find_ipv4_start_node()
pointer arithmetic. The node_number * record_length multiplication was
performed in uint32_t, which could overflow for very large databases. Now
cast to uint64_t before multiplying, matching the pattern already used in
find_address_in_search_tree().
Fixed printf format specifier mismatches in mmdblookup's metadata dump. %i
was used for unsigned types and %llu for uint64_t, which is technically
undefined behavior. Now uses the portable PRIu32, PRIu16, and PRIu64
macros from .
Fixed an integer overflow in the search tree bounds check in
find_address_in_search_tree(). The addition of node_count and
data_section_size was performed in uint32_t arithmetic, which could wrap
on very large databases, causing valid lookups to be incorrectly rejected as
corrupt.
Fixed a NULL pointer dereference in mmdblookup when displaying metadata for
a database with an out-of-range build_epoch. The gmtime() return value is
now checked before passing to strftime().
MMDB_close() now NULLs the file_content, data_section, and
metadata_section pointers and zeroes file_size, data_section_size, and
metadata_section_size after unmapping. Previously, calling MMDB_close()
twice on the same struct (or calling it after a failed MMDB_open() that
succeeded at mapping) would double-munmap the file content, which is undefined
behavior.
Fixed a stack buffer overflow in print_indentation() when
MMDB_dump_entry_data_list() was called with a negative indent value. The
negative integer was cast to size_t, producing a massive value passed to
memset(). Negative indent values are now clamped to 0.
MMDB_lookup_string() now sets *mmdb_error to MMDB_SUCCESS when
getaddrinfo fails (non-zero *gai_error). Previously, *mmdb_error was
left uninitialized in this case, which could cause callers to read an
indeterminate value.
Added a recursion depth limit to skip_map_or_array(), matching the existing
MAXIMUM_DATA_STRUCTURE_DEPTH (512) limit already used by
get_entry_data_list(). A crafted MMDB file with deeply nested maps or arrays
could previously cause a stack overflow via unbounded recursion in the
MMDB_aget_value / MMDB_get_value code path.
Fixed an off-by-one error in MMDB_read_node() that allowed reading one node
past the end of the search tree when called with node_number == node_count.
This caused the function to read from the data section separator and return an
invalid record with an underflowed data offset. The check now correctly
rejects node_number >= node_count.
The handling of float and double types was rewritten to fix compiler errors
and to eliminate the use of volatile.
Improved endian preprocessor check if MMDB_LITTLE_ENDIAN is not set.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Feb 25 2026 Robert Scheck [robert@fedoraproject.org] 1.13.1-1
- Upgrade to 1.13.1 (#2442507)
* Fri Jan 16 2026 Fedora Release Engineering [releng@fedoraproject.org] - 1.12.2-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
* Thu Jul 24 2025 Fedora Release Engineering [releng@fedoraproject.org] - 1.12.2-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2442507 - libmaxminddb-1.13.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2442507
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-1e497526c7' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 42 Update: dr_libs-0^20241216git660795b-4.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-2350c6fd8c
2026-03-13 00:58:40.063197+00:00
--------------------------------------------------------------------------------
Name : dr_libs
Product : Fedora 42
Version : 0^20241216git660795b
Release : 4.fc42
URL : https://github.com/mackron/dr_libs
Summary : Single-file audio decoding libraries for C/C++
Description :
Single-file audio decoding libraries for C/C++.
--------------------------------------------------------------------------------
Update Information:
Backport the fix for CVE-2026-29022
--------------------------------------------------------------------------------
ChangeLog:
* Wed Mar 4 2026 Benjamin A. Beasley [code@musicinmybrain.net] - 0^20241216git660795b-4
- Adjust Release number after reverting an incompatible update
* Wed Mar 4 2026 Benjamin A. Beasley [code@musicinmybrain.net] - 0^20241216git660795b-2
- Backport the fix for CVE-2026-29022
* Wed Mar 4 2026 Benjamin A. Beasley [code@musicinmybrain.net] - 0^20241216git660795b-1
- Revert "Update to 0^20250722git80bc891"
* Wed Mar 4 2026 Benjamin A. Beasley [code@musicinmybrain.net] - 0^20250722git80bc891-2
- Revert "Fix a small typo in a spec-file comment"
* Wed Mar 4 2026 Benjamin A. Beasley [code@musicinmybrain.net] - 0^20250722git80bc891-1
- Revert "Update to 0^20251201.80bc891"
* Wed Mar 4 2026 Benjamin A. Beasley [code@musicinmybrain.net] - 0^20251201.877b096-2
- Revert "Stop tracking some obsolete/unused files"
* Wed Mar 4 2026 Benjamin A. Beasley [code@musicinmybrain.net] - 0^20251201.877b096-1
- Revert "Update to 0^20251216.d6e1d92"
* Wed Mar 4 2026 Benjamin A. Beasley [code@musicinmybrain.net] - 0^20251216.d6e1d92-1
- Revert "Update to 0^20260302.fa931f3"
* Tue Mar 3 2026 Benjamin A. Beasley [code@musicinmybrain.net] - 0^20260302.fa931f3-1
- Update to 0^20260302.fa931f3
- dr_flac 0.13.3
- dr_mp3 0.7.3
- dr_wav 0.14.5
* Fri Jan 16 2026 Fedora Release Engineering [releng@fedoraproject.org] - 0^20251216.d6e1d92-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
* Fri Jan 16 2026 Fedora Release Engineering [releng@fedoraproject.org] - 0^20251216.d6e1d92-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
* Tue Dec 16 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0^20251216.d6e1d92-1
- Update to 0^20251216.d6e1d92
- dr_mp3 0.7.3 (pre-release)
- dr_wav 0.14.3
* Wed Dec 3 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0^20251201.877b096-1
- Update to 0^20251201.80bc891
- dr_flac 0.13.2
- dr_mp3 0.7.2
- dr_wav 0.14.2
- Change snapshot information field format in Release
* Mon Jul 28 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0^20250722git80bc891-1
- Update to 0^20250722git80bc891
- New CMake build system for tests, and redesigned tests overall
- dr_flac 0.13.0: BREAKING API CHANGES and fixes
- dr_mp3 0.7.0: BREAKING API CHANGES and fixes
- dr_wav 0.14.0: BREAKING API CHANGES and fixes
* Wed Jul 23 2025 Fedora Release Engineering [releng@fedoraproject.org] - 0^20241216git660795b-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
* Fri Apr 25 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0^20241216git660795b-3
- Update .rpmlintrc file for current rpmlint
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2444310 - CVE-2026-29022 dr_libs: dr_libs: Heap buffer overflow via crafted WAV files [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2444310
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-2350c6fd8c' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 44 Update: dnf5-5.4.0.0-2.fc44
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-6072c6888a
2026-03-13 00:15:54.963939+00:00
--------------------------------------------------------------------------------
Name : dnf5
Product : Fedora 44
Version : 5.4.0.0
Release : 2.fc44
URL : https://github.com/rpm-software-management/dnf5
Summary : Command-line package manager
Description :
DNF5 is a command-line package manager that automates the process of installing,
upgrading, configuring, and removing computer programs in a consistent manner.
It supports RPM packages, modulemd modules, and comps groups & environments.
--------------------------------------------------------------------------------
Update Information:
This release fixes CVE-2026-3836 (a crash in dnf5daemon-server when receiving an
unknown locale from a D-Bus client.
Update to upstream release 5.4.0.0. Full changelog.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Mar 10 2026 Petr Pisar [ppisar@redhat.com] - 5.4.0.0-2
- Fix a crash in dnf5daemon-server when receiving an unknown locale from
a D-Bus client (CVE-2026-3836) (bug #2445771)
* Mon Mar 2 2026 Petr Pisar [ppisar@redhat.com] - 5.4.0.0-1
- Fix segmentation fault in bash completion (bug #2443105)
* Thu Feb 19 2026 Petr Pisar [ppisar@redhat.com] - 5.4.0.0-1
- Honor localpkg_gpgcheck in RPM transaction per-element policy (bug #2440722)
* Tue Feb 17 2026 Packit [hello@packit.dev] - 5.4.0.0-1
- Update to version 5.4.0.0
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2445770 - CVE-2026-3836 dnf5: dnf5: Denial of Service via path traversal in D-Bus locale configuration
https://bugzilla.redhat.com/show_bug.cgi?id=2445770
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-6072c6888a' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 44 Update: task-3.4.2-3.fc44
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-04f13ba6d8
2026-03-13 00:15:54.963716+00:00
--------------------------------------------------------------------------------
Name : task
Product : Fedora 44
Version : 3.4.2
Release : 3.fc44
URL : https://taskwarrior.org
Summary : Taskwarrior - a command-line TODO list manager
Description :
Taskwarrior is a command-line TODO list manager. It is flexible, fast,
efficient, unobtrusive, does its job then gets out of your way.
Taskwarrior scales to fit your workflow. Use it as a simple app that captures
tasks, shows you the list, and removes tasks from that list. Leverage its
capabilities though, and it becomes a sophisticated data query tool that can
help you stay organized, and get through your work.
--------------------------------------------------------------------------------
Update Information:
Update to new release, includes updated dependencies that fix for a number of
CVEs
--------------------------------------------------------------------------------
ChangeLog:
* Wed Mar 4 2026 Ankur Sinha (Ankur Sinha Gmail) [sanjay.ankur@gmail.com] - 3.4.2-3
- fix: remove Cargo.lock (fixes rh#2438090, rh#2438156 rh#2444169,
rh#2444179, rh#2444189)
* Wed Mar 4 2026 Ankur Sinha (Ankur Sinha Gmail) [sanjay.ankur@gmail.com] - 3.4.2-2
- fix: regenerate with updated vendored crates (fixes rh#2438090,
rh#2438156 rh#2444169, rh#2444179, rh#2444189)
* Wed Mar 4 2026 Ankur Sinha (Ankur Sinha Gmail) [sanjay.ankur@gmail.com] - 3.4.2-1
- feat: update to 3.4.2 (fixes rh#2405583)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2438090 - CVE-2026-25727 task: time affected by a stack exhaustion denial of service attack [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2438090
[ 2 ] Bug #2438156 - CVE-2026-25727 task: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438156
[ 3 ] Bug #2444169 - CVE-2026-3338 task: AWS-LC: Signature bypass due to improper validation in PKCS7_verify() [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2444169
[ 4 ] Bug #2444179 - CVE-2026-3337 task: AWS-LC: Information disclosure via timing discrepancy in AES-CCM decryption [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2444179
[ 5 ] Bug #2444189 - CVE-2026-3336 task: aws-lc: Certificate validation bypass via improper handling of PKCS7 objects [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2444189
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-04f13ba6d8' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 44 Update: strongswan-6.0.4-2.fc44
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-a1bc6c7e62
2026-03-13 00:15:54.963764+00:00
--------------------------------------------------------------------------------
Name : strongswan
Product : Fedora 44
Version : 6.0.4
Release : 2.fc44
URL : https://www.strongswan.org/
Summary : An OpenSource IPsec-based VPN and TNC solution
Description :
The strongSwan IPsec implementation supports both the IKEv1 and IKEv2 key
exchange protocols in conjunction with the native NETKEY IPsec stack of the
Linux kernel.
--------------------------------------------------------------------------------
Update Information:
Update to 6.0.4
Update to address CVE-2025-9615 and CVE-2025-62291
--------------------------------------------------------------------------------
ChangeLog:
* Wed Mar 4 2026 Petr Men????k [pemensik@redhat.com] - 6.0.4-2
- Fix subpackages dependencies
* Wed Mar 4 2026 Paul Wouters [paul.wouters@aiven.io] - 6.0.4-1
- Update to 6.0.4 for CVE-2025-9615 and CVE-2025-62291
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2312429 - strongswan-6.0.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2312429
[ 2 ] Bug #2406574 - strongswan-6.0.4 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2406574
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-a1bc6c7e62' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
[SECURITY] Fedora 44 Update: easyrpg-player-0.8.1.1-5.fc44
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-f96e9bd006
2026-03-13 00:15:54.963710+00:00
--------------------------------------------------------------------------------
Name : easyrpg-player
Product : Fedora 44
Version : 0.8.1.1
Release : 5.fc44
URL : https://easyrpg.org
Summary : Game interpreter for RPG Maker 2000/2003 and EasyRPG games
Description :
EasyRPG Player is a game interpreter for RPG Maker 2000/2003 and EasyRPG games.
To play a game, run the "easyrpg-player" executable inside
a RPG Maker 2000/2003 game project folder (same place as RPG_RT.exe).
--------------------------------------------------------------------------------
Update Information:
Rebuilt with updated dr_wav to fix CVE-2026-29022
--------------------------------------------------------------------------------
ChangeLog:
* Wed Mar 4 2026 Benjamin A. Beasley [code@musicinmybrain.net] - 0.8.1.1-5
- Rebuilt with updated dr_wav to fix CVE-2026-29022
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-f96e9bd006' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 44 Update: python3.12-3.12.13-1.fc44
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-05d833765a
2026-03-13 00:15:54.963676+00:00
--------------------------------------------------------------------------------
Name : python3.12
Product : Fedora 44
Version : 3.12.13
Release : 1.fc44
URL : https://www.python.org/
Summary : Version 3.12 of the Python interpreter
Description :
Python 3.12 is an accessible, high-level, dynamically typed, interpreted
programming language, designed with an emphasis on code readability.
It includes an extensive standard library, and has a vast ecosystem of
third-party libraries.
The python3.12 package provides the "python3.12" executable: the reference
interpreter for the Python language, version 3.
The majority of its standard library is provided in the python3.12-libs package,
which should be installed automatically along with python3.12.
The remaining parts of the Python standard library are broken out into the
python3.12-tkinter and python3.12-test packages, which may need to be installed
separately.
Documentation for Python is provided in the python3.12-docs package.
Packages containing additional libraries for Python are generally named with
the "python3.12-" prefix.
--------------------------------------------------------------------------------
Update Information:
Update to 3.12.13
Security fixes for CVE-2026-1299, CVE-2026-0865, CVE-2025-15366 and
CVE-2025-15367
--------------------------------------------------------------------------------
ChangeLog:
* Tue Mar 3 2026 Tom???? Hrn??iar [thrnciar@redhat.com] - 3.12.13-1
- Update to 3.12.13
* Fri Feb 6 2026 Tom???? Hrn??iar [thrnciar@redhat.com] - 3.12.12-4
- Security fixes for CVE-2026-0865, CVE-2025-15366 and CVE-2025-15367
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-05d833765a' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
[SECURITY] Fedora 44 Update: udisks2-2.11.1-1.fc44
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-b8847e1e2c
2026-03-13 00:15:54.963665+00:00
--------------------------------------------------------------------------------
Name : udisks2
Product : Fedora 44
Version : 2.11.1
Release : 1.fc44
URL : https://github.com/storaged-project/udisks
Summary : Disk Manager
Description :
The Udisks project provides a daemon, tools and libraries to access and
manipulate disks, storage devices and technologies.
--------------------------------------------------------------------------------
Update Information:
Rebase to latest upstream release
--------------------------------------------------------------------------------
ChangeLog:
* Wed Feb 25 2026 Tomas Bzatek [tbzatek@redhat.com] - 2.11.1-1
- Version 2.11.1 (#2442584,#2442588)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2442584 - CVE-2026-26103 udisks2: Missing Authorization Check Allows Unprivileged Users to Restore LUKS Headers via udisks D-Bus API [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2442584
[ 2 ] Bug #2442588 - CVE-2026-26104 udisks2: Missing Authorization Check Allows Unprivileged Users to Back Up LUKS Headers via udisks D-Bus API [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2442588
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-b8847e1e2c' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 44 Update: libmaxminddb-1.13.1-1.fc44
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-814fe58971
2026-03-13 00:15:54.963620+00:00
--------------------------------------------------------------------------------
Name : libmaxminddb
Product : Fedora 44
Version : 1.13.1
Release : 1.fc44
URL : https://maxmind.github.io/libmaxminddb/
Summary : C library for reading MaxMind DB files
Description :
The libmaxminddb library provides a C library for reading MaxMind DB
files, including the GeoIP2 databases from MaxMind. This is a custom
binary format designed to facilitate fast lookups of IP addresses
while allowing for great flexibility in the type of data associated
with an address.
The MaxMind DB format is an open file format. The specification is
available at https://maxmind.github.io/MaxMind-DB/ and licensed under
the Creative Commons Attribution-ShareAlike 3.0 Unported License.
--------------------------------------------------------------------------------
Update Information:
libmaxminddb 1.13.1
Re-release for Ubuntu PPA, no code changes.
libmaxminddb 1.13.0
MMDB_get_entry_data_list() now validates that the claimed array/map size is
plausible given the remaining bytes in the data section. A crafted database
could previously claim millions of array elements while only having a few
bytes of data, causing disproportionate memory allocation (memory
amplification DoS).
Fixed integer overflow in MMDB_read_node() and find_ipv4_start_node()
pointer arithmetic. The node_number * record_length multiplication was
performed in uint32_t, which could overflow for very large databases. Now
cast to uint64_t before multiplying, matching the pattern already used in
find_address_in_search_tree().
Fixed printf format specifier mismatches in mmdblookup's metadata dump. %i
was used for unsigned types and %llu for uint64_t, which is technically
undefined behavior. Now uses the portable PRIu32, PRIu16, and PRIu64
macros from .
Fixed an integer overflow in the search tree bounds check in
find_address_in_search_tree(). The addition of node_count and
data_section_size was performed in uint32_t arithmetic, which could wrap
on very large databases, causing valid lookups to be incorrectly rejected as
corrupt.
Fixed a NULL pointer dereference in mmdblookup when displaying metadata for
a database with an out-of-range build_epoch. The gmtime() return value is
now checked before passing to strftime().
MMDB_close() now NULLs the file_content, data_section, and
metadata_section pointers and zeroes file_size, data_section_size, and
metadata_section_size after unmapping. Previously, calling MMDB_close()
twice on the same struct (or calling it after a failed MMDB_open() that
succeeded at mapping) would double-munmap the file content, which is undefined
behavior.
Fixed a stack buffer overflow in print_indentation() when
MMDB_dump_entry_data_list() was called with a negative indent value. The
negative integer was cast to size_t, producing a massive value passed to
memset(). Negative indent values are now clamped to 0.
MMDB_lookup_string() now sets *mmdb_error to MMDB_SUCCESS when
getaddrinfo fails (non-zero *gai_error). Previously, *mmdb_error was
left uninitialized in this case, which could cause callers to read an
indeterminate value.
Added a recursion depth limit to skip_map_or_array(), matching the existing
MAXIMUM_DATA_STRUCTURE_DEPTH (512) limit already used by
get_entry_data_list(). A crafted MMDB file with deeply nested maps or arrays
could previously cause a stack overflow via unbounded recursion in the
MMDB_aget_value / MMDB_get_value code path.
Fixed an off-by-one error in MMDB_read_node() that allowed reading one node
past the end of the search tree when called with node_number == node_count.
This caused the function to read from the data section separator and return an
invalid record with an underflowed data offset. The check now correctly
rejects node_number >= node_count.
The handling of float and double types was rewritten to fix compiler errors
and to eliminate the use of volatile.
Improved endian preprocessor check if MMDB_LITTLE_ENDIAN is not set.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Feb 25 2026 Robert Scheck [robert@fedoraproject.org] 1.13.1-1
- Upgrade to 1.13.1 (#2442507)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2442507 - libmaxminddb-1.13.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2442507
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-814fe58971' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
