Fedora 42 Update: perl-HarfBuzz-Shaper-0.033-1.fc42
Fedora 43 Update: python-tinycss2-1.5.1-1.fc43
Fedora 43 Update: weasyprint-68.0-1.fc43
Fedora 43 Update: perl-HarfBuzz-Shaper-0.033-2.fc43
[SECURITY] Fedora 42 Update: perl-HarfBuzz-Shaper-0.033-1.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-2a6cbb84d6
2026-01-29 01:10:22.447721+00:00
--------------------------------------------------------------------------------
Name : perl-HarfBuzz-Shaper
Product : Fedora 42
Version : 0.033
Release : 1.fc42
URL : https://metacpan.org/release/HarfBuzz-Shaper
Summary : Access to a small subset of the native HarfBuzz library
Description :
HarfBuzz::Shaper is a perl module that provides access to a small
subset of the native HarfBuzz library.
The subset is suitable for typesetting programs that need to deal with
complex languages like Devanagari.
This module is intended to be used with module L.
--------------------------------------------------------------------------------
Update Information:
Upgrade to upstream. Eliminates distributing harfbuzz sources.
Upgrade to upstream 0.032.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jan 20 2026 Johan Vromans [jvromans@squirrel.nl] - 0.033-1
- Upgrade to upstream. Eliminates distributing harfbuzz sources.
* Sat Jan 17 2026 Fedora Release Engineering [releng@fedoraproject.org] - 0.032-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
* Wed Jan 14 2026 Johan Vromans [jvromans@squirrel.nl] - 0.032-1
- Upgrade to upstream 0.032. Upgrade embedded harfbuzz to 12.3.0 to fix
CVE-2026-22693.
* Fri Jul 25 2025 Fedora Release Engineering [releng@fedoraproject.org] - 0.028-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
* Mon Jul 7 2025 Jitka Plesnikova [jplesnik@redhat.com] - 0.028-2
- Perl 5.42 rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2342927 - perl-HarfBuzz-Shaper-0.033 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2342927
[ 2 ] Bug #2429296 - CVE-2026-22693 perl-HarfBuzz-Shaper: Null Pointer Dereference in harfbuzz [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2429296
[ 3 ] Bug #2430874 - CVE-2026-0943 perl-HarfBuzz-Shaper: HarfBuzz::Shaper null pointer dereference vulnerability [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2430874
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-2a6cbb84d6' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 43 Update: python-tinycss2-1.5.1-1.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-f59e87ad88
2026-01-29 00:55:04.138850+00:00
--------------------------------------------------------------------------------
Name : python-tinycss2
Product : Fedora 43
Version : 1.5.1
Release : 1.fc43
URL : https://www.courtbouillon.org/tinycss2/
Summary : Low-level CSS parser for Python
Description :
tinycss2 is a modern, low-level CSS parser for Python. tinycss2 is a rewrite of
tinycss with a simpler API, based on the more recent CSS Syntax Level 3
specification.
--------------------------------------------------------------------------------
Update Information:
update to new upstream version including a fix for CVE-2025-68616
--------------------------------------------------------------------------------
ChangeLog:
* Sun Nov 23 2025 Felix Schwarz [fschwarz@fedoraproject.org] - 1.5.1-1
- update to 1.5.1
* Wed Nov 19 2025 Felix Schwarz [fschwarz@fedoraproject.org] - 1.5.0-1
- update to 1.5.0
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2416619 - python-tinycss2-1.5.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2416619
[ 2 ] Bug #2430927 - CVE-2025-68616 weasyprint: WeasyPrint Server-Side Request Forgery (SSRF) [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2430927
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-f59e87ad88' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 43 Update: weasyprint-68.0-1.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-f59e87ad88
2026-01-29 00:55:04.138850+00:00
--------------------------------------------------------------------------------
Name : weasyprint
Product : Fedora 43
Version : 68.0
Release : 1.fc43
URL : https://weasyprint.org
Summary : Utility to render HTML and CSS to PDF
Description :
WeasyPrint can render HTML and CSS to PDF. It aims to support web standards
for printing.
--------------------------------------------------------------------------------
Update Information:
update to new upstream version including a fix for CVE-2025-68616
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jan 20 2026 Felix Schwarz [fschwarz@fedoraproject.org] - 68.0-1
- update to 68.0
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2416619 - python-tinycss2-1.5.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2416619
[ 2 ] Bug #2430927 - CVE-2025-68616 weasyprint: WeasyPrint Server-Side Request Forgery (SSRF) [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2430927
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-f59e87ad88' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 43 Update: perl-HarfBuzz-Shaper-0.033-2.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-2b5249b4b6
2026-01-29 00:55:04.138829+00:00
--------------------------------------------------------------------------------
Name : perl-HarfBuzz-Shaper
Product : Fedora 43
Version : 0.033
Release : 2.fc43
URL : https://metacpan.org/release/HarfBuzz-Shaper
Summary : Access to a small subset of the native HarfBuzz library
Description :
HarfBuzz::Shaper is a perl module that provides access to a small
subset of the native HarfBuzz library.
The subset is suitable for typesetting programs that need to deal with
complex languages like Devanagari.
This module is intended to be used with module L.
--------------------------------------------------------------------------------
Update Information:
Merge branch 'rawhide' into f43
Upgrade to upstream 0.032 to fix CVE-2026-22693.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jan 20 2026 Johan Vromans [jvromans@squirrel.nl] - 0.033-1
- Upgrade to upstream. Eliminates distributing harfbuzz sources.
* Sat Jan 17 2026 Fedora Release Engineering [releng@fedoraproject.org] - 0.032-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
* Wed Jan 14 2026 Johan Vromans [jvromans@squirrel.nl] - 0.032-1
- Upgrade to upstream 0.032. Upgrade embedded harfbuzz to 12.3.0 to fix
CVE-2026-22693.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2342927 - perl-HarfBuzz-Shaper-0.033 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2342927
[ 2 ] Bug #2429296 - CVE-2026-22693 perl-HarfBuzz-Shaper: Null Pointer Dereference in harfbuzz [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2429296
[ 3 ] Bug #2430874 - CVE-2026-0943 perl-HarfBuzz-Shaper: HarfBuzz::Shaper null pointer dereference vulnerability [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2430874
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-2b5249b4b6' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
