Fedora 43 Update: tbtools-0.7.0-2.fc43
Fedora 43 Update: rust-wiremix-0.7.0-3.fc43
Fedora 43 Update: rust-speakersafetyd-1.0.2-6.fc43
Fedora 43 Update: rust-sequoia-octopus-librnp-1.11.1-5.fc43
Fedora 43 Update: rust-resctl-demo-2.2.5-9.fc43
Fedora 43 Update: rust-redlib-0.35.1-10.fc43
Fedora 43 Update: rust-rd-agent-2.2.5-14.fc43
Fedora 43 Update: rust-pore-0.1.17-11.fc43
Fedora 43 Update: rust-pleaser-0.5.6-6.fc43
Fedora 43 Update: rust-procs-0.14.10-7.fc43
Fedora 43 Update: rust-nu-0.99.1-16.fc43
Fedora 43 Update: rust-monitord-0.12.1-6.fc43
Fedora 43 Update: rust-jsonwebtoken-9.3.1-4.fc43
Fedora 43 Update: rust-gst-plugin-reqwest-0.14.3-3.fc43
Fedora 43 Update: rust-crypto-auditing-agent-0.2.4-3.fc43
Fedora 43 Update: tuigreet-0.9.1-7.fc43
Fedora 43 Update: sad-0.4.32-4.fc43
Fedora 43 Update: rust-weezl-0.1.12-3.fc43
Fedora 43 Update: rust-ambient-id-0.0.8-1.fc43
Fedora 43 Update: uv-0.9.30-2.fc43
Fedora 43 Update: rust-time-macros-0.2.27-1.fc43
Fedora 43 Update: maturin-1.9.6-4.fc43
Fedora 43 Update: rustup-1.28.2-8.fc43
Fedora 43 Update: rust-time-0.3.47-2.fc43
Fedora 43 Update: rust-bat-0.25.0-9.fc43
Fedora 43 Update: rust-ybaas-0.0.19-6.fc43
Fedora 43 Update: mirrorlist-server-3.0.8-3.fc43
Fedora 43 Update: rust-tokei-14.0.0-4.fc43
Fedora 43 Update: helix-25.07.1-7.fc43
Fedora 43 Update: rust-time-core-0.1.8-1.fc43
Fedora 43 Update: greetd-0.10.3-6.fc43
Fedora 43 Update: rust-tealdeer-1.7.2-4.fc43
Fedora 43 Update: atuin-18.6.1-10.fc43
Fedora 43 Update: rust-snpguest-0.9.2-4.fc43
Fedora 43 Update: rust-shadow-rs-0.8.1-14.fc43
Fedora 43 Update: rust-sigul-pesign-bridge-0.5.0-3.fc43
Fedora 43 Update: rust-sevctl-0.6.2-6.fc43
Fedora 43 Update: rust-sequoia-sq-1.3.1-10.fc43
Fedora 43 Update: rust-sequoia-chameleon-gnupg-0.13.1-9.fc43
Fedora 43 Update: rust-sequoia-keystore-server-0.2.0-6.fc43
Fedora 43 Update: rust-scx_rusty-0.5.4-7.fc43
Fedora 43 Update: rust-scx_rustland-0.0.3-7.fc43
Fedora 43 Update: rust-scx_layered-0.0.6-7.fc43
Fedora 43 Update: rust-sccache-0.13.0-3.fc43
Fedora 43 Update: rust-routinator-0.14.2-4.fc43
Fedora 43 Update: python3.6-3.6.15-52.fc43
Fedora 43 Update: rust-resctl-bench-2.2.5-10.fc43
Fedora 43 Update: rust-rd-hashd-2.2.5-10.fc43
Fedora 43 Update: rust-rbw-1.13.2-5.fc43
Fedora 43 Update: rust-num-conv-0.2.0-1.fc43
Fedora 43 Update: rust-rbspy-0.34.1-4.fc43
Fedora 43 Update: rust-pretty-git-prompt-0.2.2-9.fc43
Fedora 43 Update: rust-lsd-1.2.0-3.fc43
Fedora 43 Update: rust-monitord-exporter-0.4.1-8.fc43
Fedora 43 Update: rust-oo7-cli-0.4.3-4.fc43
Fedora 43 Update: rust-onefetch-2.26.1-7.fc43
Fedora 43 Update: rust-muvm-0.4.1-5.fc43
Fedora 43 Update: rust-ingredients-0.2.2-2.fc43
Fedora 43 Update: rust-git-interactive-rebase-tool-2.4.1-15.fc43
Fedora 43 Update: rust-heatseeker-1.7.3-4.fc43
Fedora 43 Update: rust-gst-plugin-dav1d-0.14.0-3.fc43
Fedora 43 Update: rust-git2-0.20.4-1.fc43
Fedora 43 Update: rust-git-delta-0.18.2-13.fc43
Fedora 43 Update: rust-eif_build-0.2.1-6.fc43
Fedora 43 Update: rust-dua-cli-2.32.2-3.fc43
Fedora 43 Update: rust-crypto-auditing-log-parser-0.2.4-2.fc43
Fedora 43 Update: rust-crypto-auditing-event-broker-0.2.4-2.fc43
Fedora 43 Update: rust-crypto-auditing-client-0.2.4-2.fc43
Fedora 43 Update: rust-cargo-c-0.10.18-3.fc43
Fedora 43 Update: rust-coreos-installer-0.25.0-4.fc43
Fedora 43 Update: rust-btrd-0.5.3-12.fc43
Fedora 43 Update: rust-cargo-deny-0.18.9-4.fc43
Fedora 43 Update: rust-bytes-1.11.1-1.fc43
Fedora 43 Update: rust-busd-0.3.1-6.fc43
Fedora 43 Update: rust-below-0.9.0-6.fc43
Fedora 43 Update: rust-add-determinism-0.6.0-3.fc43
Fedora 43 Update: ntpd-rs-1.6.2-3.fc43
Fedora 43 Update: envision-3.2.0-7.fc43
Fedora 43 Update: rust-app-store-connect-0.5.0-6.fc43
Fedora 43 Update: keylime-agent-rust-0.2.8-10.fc43
Fedora 43 Update: rust-afterburn-5.10.0-3.fc43
Fedora 43 Update: glycin-2.0.5-4.fc43
Fedora 43 Update: bustle-0.13.0-4.fc43
Fedora 43 Update: asciinema-3.0.0-5.fc43
Fedora 43 Update: cef-144.0.11^chromium144.0.7559.109-2.fc43
Fedora 42 Update: python3.6-3.6.15-52.fc42
Fedora 42 Update: cef-144.0.11^chromium144.0.7559.109-2.fc42
Fedora 42 Update: java-21-openjdk-21.0.10.0.7-2.fc42
Fedora 42 Update: java-25-openjdk-25.0.2.0.10-2.fc42
Fedora 42 Update: java-latest-openjdk-26.0.0.0.32-0.0.1.ea.fc42
[SECURITY] Fedora 43 Update: tbtools-0.7.0-2.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-f400579a21
2026-02-10 01:31:32.937525+00:00
--------------------------------------------------------------------------------
Name : tbtools
Product : Fedora 43
Version : 0.7.0
Release : 2.fc43
URL : https://github.com/intel/tbtools
Summary : Thunderbolt/USB4 debugging tools
Description :
This is a collection of tools for Linux Thunderbolt/USB4 development, debugging
and validation but may be useful to others as well.
--------------------------------------------------------------------------------
Update Information:
Update the time crate to version 0.3.47.
Update the time-macros crate to version 0.2.27.
Update the time-core crate to version 0.1.8.
Update the num-conv crate to version 0.2.0.
Update the git2 crate to version 0.20.4.
Update the bytes crate to version 1.11.1.
Additionally, this update contains rebuilds of applications affected by security
advisories:
bytes: RUSTSEC-2026-0007
git2: RUSTSEC-2026-0008
jsonwebtoken: CVE-2026-25537
time: RUSTSEC-2026-0009
All applications that statically link libgit2 via the git2 Rust bindings were
also rebuilt against the latest version of the git2 / libgit2-sys crates to pull
in fixes included in libgit2 between v1.8.1 and v1.9.2.
--------------------------------------------------------------------------------
ChangeLog:
* Sun Feb 8 2026 Alexander F. Lent [lx@xanderlent.com] - 0.7.0-2
- Rebuild for RUSTSEC-2026-0009 (dep on rust-time)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2437470 - CVE-2026-25537 rust-jsonwebtoken: jsonwebtoken has Type Confusion that leads to potential authorization bypass [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2437470
[ 2 ] Bug #2437472 - CVE-2026-25537 uv: jsonwebtoken has Type Confusion that leads to potential authorization bypass [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2437472
[ 3 ] Bug #2438104 - CVE-2026-25727 atuin: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438104
[ 4 ] Bug #2438135 - CVE-2026-25727 keylime-agent-rust: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438135
[ 5 ] Bug #2438138 - CVE-2026-25727 maturin: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438138
[ 6 ] Bug #2438149 - CVE-2026-25727 rustup: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438149
[ 7 ] Bug #2438158 - CVE-2026-25727 tbtools: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438158
[ 8 ] Bug #2438164 - CVE-2026-25727 tuigreet: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438164
[ 9 ] Bug #2438165 - CVE-2026-25727 uv: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438165
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-f400579a21' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 43 Update: rust-wiremix-0.7.0-3.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-f400579a21
2026-02-10 01:31:32.937525+00:00
--------------------------------------------------------------------------------
Name : rust-wiremix
Product : Fedora 43
Version : 0.7.0
Release : 3.fc43
URL : https://crates.io/crates/wiremix
Summary : TUI mixer for PipeWire
Description :
A TUI mixer for PipeWire.
--------------------------------------------------------------------------------
Update Information:
Update the time crate to version 0.3.47.
Update the time-macros crate to version 0.2.27.
Update the time-core crate to version 0.1.8.
Update the num-conv crate to version 0.2.0.
Update the git2 crate to version 0.20.4.
Update the bytes crate to version 1.11.1.
Additionally, this update contains rebuilds of applications affected by security
advisories:
bytes: RUSTSEC-2026-0007
git2: RUSTSEC-2026-0008
jsonwebtoken: CVE-2026-25537
time: RUSTSEC-2026-0009
All applications that statically link libgit2 via the git2 Rust bindings were
also rebuilt against the latest version of the git2 / libgit2-sys crates to pull
in fixes included in libgit2 between v1.8.1 and v1.9.2.
--------------------------------------------------------------------------------
ChangeLog:
* Sat Feb 7 2026 Fabio Valentini [decathorpe@gmail.com] - 0.7.0-3
- Rebuild for RUSTSEC-2026-{0007,0008,0009} and CVE-2026-25537
* Sat Jan 17 2026 Fedora Release Engineering [releng@fedoraproject.org] - 0.7.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2437470 - CVE-2026-25537 rust-jsonwebtoken: jsonwebtoken has Type Confusion that leads to potential authorization bypass [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2437470
[ 2 ] Bug #2437472 - CVE-2026-25537 uv: jsonwebtoken has Type Confusion that leads to potential authorization bypass [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2437472
[ 3 ] Bug #2438104 - CVE-2026-25727 atuin: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438104
[ 4 ] Bug #2438135 - CVE-2026-25727 keylime-agent-rust: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438135
[ 5 ] Bug #2438138 - CVE-2026-25727 maturin: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438138
[ 6 ] Bug #2438149 - CVE-2026-25727 rustup: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438149
[ 7 ] Bug #2438158 - CVE-2026-25727 tbtools: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438158
[ 8 ] Bug #2438164 - CVE-2026-25727 tuigreet: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438164
[ 9 ] Bug #2438165 - CVE-2026-25727 uv: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438165
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-f400579a21' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 43 Update: rust-speakersafetyd-1.0.2-6.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-f400579a21
2026-02-10 01:31:32.937525+00:00
--------------------------------------------------------------------------------
Name : rust-speakersafetyd
Product : Fedora 43
Version : 1.0.2
Release : 6.fc43
URL : https://crates.io/crates/speakersafetyd
Summary : Speaker protection daemon for embedded Linux systems
Description :
Speaker protection daemon for embedded Linux systems.
--------------------------------------------------------------------------------
Update Information:
Update the time crate to version 0.3.47.
Update the time-macros crate to version 0.2.27.
Update the time-core crate to version 0.1.8.
Update the num-conv crate to version 0.2.0.
Update the git2 crate to version 0.20.4.
Update the bytes crate to version 1.11.1.
Additionally, this update contains rebuilds of applications affected by security
advisories:
bytes: RUSTSEC-2026-0007
git2: RUSTSEC-2026-0008
jsonwebtoken: CVE-2026-25537
time: RUSTSEC-2026-0009
All applications that statically link libgit2 via the git2 Rust bindings were
also rebuilt against the latest version of the git2 / libgit2-sys crates to pull
in fixes included in libgit2 between v1.8.1 and v1.9.2.
--------------------------------------------------------------------------------
ChangeLog:
* Sat Feb 7 2026 Fabio Valentini [decathorpe@gmail.com] - 1.0.2-6
- Rebuild for RUSTSEC-2026-{0007,0008,0009} and CVE-2026-25537
* Sat Jan 17 2026 Fedora Release Engineering [releng@fedoraproject.org] - 1.0.2-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2437470 - CVE-2026-25537 rust-jsonwebtoken: jsonwebtoken has Type Confusion that leads to potential authorization bypass [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2437470
[ 2 ] Bug #2437472 - CVE-2026-25537 uv: jsonwebtoken has Type Confusion that leads to potential authorization bypass [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2437472
[ 3 ] Bug #2438104 - CVE-2026-25727 atuin: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438104
[ 4 ] Bug #2438135 - CVE-2026-25727 keylime-agent-rust: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438135
[ 5 ] Bug #2438138 - CVE-2026-25727 maturin: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438138
[ 6 ] Bug #2438149 - CVE-2026-25727 rustup: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438149
[ 7 ] Bug #2438158 - CVE-2026-25727 tbtools: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438158
[ 8 ] Bug #2438164 - CVE-2026-25727 tuigreet: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438164
[ 9 ] Bug #2438165 - CVE-2026-25727 uv: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438165
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-f400579a21' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 43 Update: rust-sequoia-octopus-librnp-1.11.1-5.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-f400579a21
2026-02-10 01:31:32.937525+00:00
--------------------------------------------------------------------------------
Name : rust-sequoia-octopus-librnp
Product : Fedora 43
Version : 1.11.1
Release : 5.fc43
URL : https://crates.io/crates/sequoia-octopus-librnp
Summary : Reimplementation of RNP's interface using Sequoia for use with Thunderbird
Description :
Reimplementation of RNP's interface using Sequoia for use with
Thunderbird.
--------------------------------------------------------------------------------
Update Information:
Update the time crate to version 0.3.47.
Update the time-macros crate to version 0.2.27.
Update the time-core crate to version 0.1.8.
Update the num-conv crate to version 0.2.0.
Update the git2 crate to version 0.20.4.
Update the bytes crate to version 1.11.1.
Additionally, this update contains rebuilds of applications affected by security
advisories:
bytes: RUSTSEC-2026-0007
git2: RUSTSEC-2026-0008
jsonwebtoken: CVE-2026-25537
time: RUSTSEC-2026-0009
All applications that statically link libgit2 via the git2 Rust bindings were
also rebuilt against the latest version of the git2 / libgit2-sys crates to pull
in fixes included in libgit2 between v1.8.1 and v1.9.2.
--------------------------------------------------------------------------------
ChangeLog:
* Sat Feb 7 2026 Fabio Valentini [decathorpe@gmail.com] - 1.11.1-5
- Rebuild for RUSTSEC-2026-{0007,0008,0009} and CVE-2026-25537
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2437470 - CVE-2026-25537 rust-jsonwebtoken: jsonwebtoken has Type Confusion that leads to potential authorization bypass [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2437470
[ 2 ] Bug #2437472 - CVE-2026-25537 uv: jsonwebtoken has Type Confusion that leads to potential authorization bypass [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2437472
[ 3 ] Bug #2438104 - CVE-2026-25727 atuin: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438104
[ 4 ] Bug #2438135 - CVE-2026-25727 keylime-agent-rust: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438135
[ 5 ] Bug #2438138 - CVE-2026-25727 maturin: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438138
[ 6 ] Bug #2438149 - CVE-2026-25727 rustup: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438149
[ 7 ] Bug #2438158 - CVE-2026-25727 tbtools: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438158
[ 8 ] Bug #2438164 - CVE-2026-25727 tuigreet: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438164
[ 9 ] Bug #2438165 - CVE-2026-25727 uv: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438165
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-f400579a21' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 43 Update: rust-resctl-demo-2.2.5-9.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-f400579a21
2026-02-10 01:31:32.937525+00:00
--------------------------------------------------------------------------------
Name : rust-resctl-demo
Product : Fedora 43
Version : 2.2.5
Release : 9.fc43
URL : https://crates.io/crates/resctl-demo
Summary : Guided tour of Linux resource control with live demos
Description :
resctl-demo demonstrates and documents various aspects of resource control
using self-contained workloads in guided scenarios.
--------------------------------------------------------------------------------
Update Information:
Update the time crate to version 0.3.47.
Update the time-macros crate to version 0.2.27.
Update the time-core crate to version 0.1.8.
Update the num-conv crate to version 0.2.0.
Update the git2 crate to version 0.20.4.
Update the bytes crate to version 1.11.1.
Additionally, this update contains rebuilds of applications affected by security
advisories:
bytes: RUSTSEC-2026-0007
git2: RUSTSEC-2026-0008
jsonwebtoken: CVE-2026-25537
time: RUSTSEC-2026-0009
All applications that statically link libgit2 via the git2 Rust bindings were
also rebuilt against the latest version of the git2 / libgit2-sys crates to pull
in fixes included in libgit2 between v1.8.1 and v1.9.2.
--------------------------------------------------------------------------------
ChangeLog:
* Sat Feb 7 2026 Fabio Valentini [decathorpe@gmail.com] - 2.2.5-9
- Rebuild for RUSTSEC-2026-{0007,0008,0009} and CVE-2026-25537
* Sat Jan 17 2026 Fedora Release Engineering [releng@fedoraproject.org] - 2.2.5-8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2437470 - CVE-2026-25537 rust-jsonwebtoken: jsonwebtoken has Type Confusion that leads to potential authorization bypass [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2437470
[ 2 ] Bug #2437472 - CVE-2026-25537 uv: jsonwebtoken has Type Confusion that leads to potential authorization bypass [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2437472
[ 3 ] Bug #2438104 - CVE-2026-25727 atuin: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438104
[ 4 ] Bug #2438135 - CVE-2026-25727 keylime-agent-rust: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438135
[ 5 ] Bug #2438138 - CVE-2026-25727 maturin: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438138
[ 6 ] Bug #2438149 - CVE-2026-25727 rustup: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438149
[ 7 ] Bug #2438158 - CVE-2026-25727 tbtools: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438158
[ 8 ] Bug #2438164 - CVE-2026-25727 tuigreet: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438164
[ 9 ] Bug #2438165 - CVE-2026-25727 uv: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438165
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-f400579a21' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 43 Update: rust-redlib-0.35.1-10.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-f400579a21
2026-02-10 01:31:32.937525+00:00
--------------------------------------------------------------------------------
Name : rust-redlib
Product : Fedora 43
Version : 0.35.1
Release : 10.fc43
URL : https://crates.io/crates/redlib
Summary : Alternative private front-end to Reddit
Description :
Redlib is alternative private front-end to Reddit, with its origins in
Libreddit. Redlib hopes to provide an easier way to browse Reddit, without the
ads, trackers, and bloat.
--------------------------------------------------------------------------------
Update Information:
Update the time crate to version 0.3.47.
Update the time-macros crate to version 0.2.27.
Update the time-core crate to version 0.1.8.
Update the num-conv crate to version 0.2.0.
Update the git2 crate to version 0.20.4.
Update the bytes crate to version 1.11.1.
Additionally, this update contains rebuilds of applications affected by security
advisories:
bytes: RUSTSEC-2026-0007
git2: RUSTSEC-2026-0008
jsonwebtoken: CVE-2026-25537
time: RUSTSEC-2026-0009
All applications that statically link libgit2 via the git2 Rust bindings were
also rebuilt against the latest version of the git2 / libgit2-sys crates to pull
in fixes included in libgit2 between v1.8.1 and v1.9.2.
--------------------------------------------------------------------------------
ChangeLog:
* Sat Feb 7 2026 Fabio Valentini [decathorpe@gmail.com] - 0.35.1-10
- Rebuild for RUSTSEC-2026-{0007,0008,0009} and CVE-2026-25537
* Sat Jan 17 2026 Fedora Release Engineering [releng@fedoraproject.org] - 0.35.1-9
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2437470 - CVE-2026-25537 rust-jsonwebtoken: jsonwebtoken has Type Confusion that leads to potential authorization bypass [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2437470
[ 2 ] Bug #2437472 - CVE-2026-25537 uv: jsonwebtoken has Type Confusion that leads to potential authorization bypass [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2437472
[ 3 ] Bug #2438104 - CVE-2026-25727 atuin: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438104
[ 4 ] Bug #2438135 - CVE-2026-25727 keylime-agent-rust: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438135
[ 5 ] Bug #2438138 - CVE-2026-25727 maturin: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438138
[ 6 ] Bug #2438149 - CVE-2026-25727 rustup: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438149
[ 7 ] Bug #2438158 - CVE-2026-25727 tbtools: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438158
[ 8 ] Bug #2438164 - CVE-2026-25727 tuigreet: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438164
[ 9 ] Bug #2438165 - CVE-2026-25727 uv: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438165
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-f400579a21' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 43 Update: rust-rd-agent-2.2.5-14.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-f400579a21
2026-02-10 01:31:32.937525+00:00
--------------------------------------------------------------------------------
Name : rust-rd-agent
Product : Fedora 43
Version : 2.2.5
Release : 14.fc43
URL : https://crates.io/crates/rd-agent
Summary : Management agent for resctl-demo
Description :
Management agent for resctl-demo.
--------------------------------------------------------------------------------
Update Information:
Update the time crate to version 0.3.47.
Update the time-macros crate to version 0.2.27.
Update the time-core crate to version 0.1.8.
Update the num-conv crate to version 0.2.0.
Update the git2 crate to version 0.20.4.
Update the bytes crate to version 1.11.1.
Additionally, this update contains rebuilds of applications affected by security
advisories:
bytes: RUSTSEC-2026-0007
git2: RUSTSEC-2026-0008
jsonwebtoken: CVE-2026-25537
time: RUSTSEC-2026-0009
All applications that statically link libgit2 via the git2 Rust bindings were
also rebuilt against the latest version of the git2 / libgit2-sys crates to pull
in fixes included in libgit2 between v1.8.1 and v1.9.2.
--------------------------------------------------------------------------------
ChangeLog:
* Sat Feb 7 2026 Fabio Valentini [decathorpe@gmail.com] - 2.2.5-14
- Rebuild for RUSTSEC-2026-{0007,0008,0009} and CVE-2026-25537
* Sat Jan 17 2026 Fedora Release Engineering [releng@fedoraproject.org] - 2.2.5-13
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2437470 - CVE-2026-25537 rust-jsonwebtoken: jsonwebtoken has Type Confusion that leads to potential authorization bypass [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2437470
[ 2 ] Bug #2437472 - CVE-2026-25537 uv: jsonwebtoken has Type Confusion that leads to potential authorization bypass [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2437472
[ 3 ] Bug #2438104 - CVE-2026-25727 atuin: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438104
[ 4 ] Bug #2438135 - CVE-2026-25727 keylime-agent-rust: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438135
[ 5 ] Bug #2438138 - CVE-2026-25727 maturin: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438138
[ 6 ] Bug #2438149 - CVE-2026-25727 rustup: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438149
[ 7 ] Bug #2438158 - CVE-2026-25727 tbtools: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438158
[ 8 ] Bug #2438164 - CVE-2026-25727 tuigreet: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438164
[ 9 ] Bug #2438165 - CVE-2026-25727 uv: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438165
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-f400579a21' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 43 Update: rust-pore-0.1.17-11.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-f400579a21
2026-02-10 01:31:32.937525+00:00
--------------------------------------------------------------------------------
Name : rust-pore
Product : Fedora 43
Version : 0.1.17
Release : 11.fc43
URL : https://crates.io/crates/pore
Summary : Performance oriented reimplementation of repo
Description :
A performance oriented reimplementation of repo.
--------------------------------------------------------------------------------
Update Information:
Update the time crate to version 0.3.47.
Update the time-macros crate to version 0.2.27.
Update the time-core crate to version 0.1.8.
Update the num-conv crate to version 0.2.0.
Update the git2 crate to version 0.20.4.
Update the bytes crate to version 1.11.1.
Additionally, this update contains rebuilds of applications affected by security
advisories:
bytes: RUSTSEC-2026-0007
git2: RUSTSEC-2026-0008
jsonwebtoken: CVE-2026-25537
time: RUSTSEC-2026-0009
All applications that statically link libgit2 via the git2 Rust bindings were
also rebuilt against the latest version of the git2 / libgit2-sys crates to pull
in fixes included in libgit2 between v1.8.1 and v1.9.2.
--------------------------------------------------------------------------------
ChangeLog:
* Sat Feb 7 2026 Fabio Valentini [decathorpe@gmail.com] - 0.1.17-11
- Rebuild for RUSTSEC-2026-{0007,0008,0009} and CVE-2026-25537
* Sat Feb 7 2026 Fabio Valentini [decathorpe@gmail.com] - 0.1.17-10
- Bump git2 dependency to v0.20
* Sat Jan 17 2026 Fedora Release Engineering [releng@fedoraproject.org] - 0.1.17-9
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2437470 - CVE-2026-25537 rust-jsonwebtoken: jsonwebtoken has Type Confusion that leads to potential authorization bypass [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2437470
[ 2 ] Bug #2437472 - CVE-2026-25537 uv: jsonwebtoken has Type Confusion that leads to potential authorization bypass [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2437472
[ 3 ] Bug #2438104 - CVE-2026-25727 atuin: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438104
[ 4 ] Bug #2438135 - CVE-2026-25727 keylime-agent-rust: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438135
[ 5 ] Bug #2438138 - CVE-2026-25727 maturin: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438138
[ 6 ] Bug #2438149 - CVE-2026-25727 rustup: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438149
[ 7 ] Bug #2438158 - CVE-2026-25727 tbtools: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438158
[ 8 ] Bug #2438164 - CVE-2026-25727 tuigreet: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438164
[ 9 ] Bug #2438165 - CVE-2026-25727 uv: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438165
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-f400579a21' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 43 Update: rust-pleaser-0.5.6-6.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-f400579a21
2026-02-10 01:31:32.937525+00:00
--------------------------------------------------------------------------------
Name : rust-pleaser
Product : Fedora 43
Version : 0.5.6
Release : 6.fc43
URL : https://crates.io/crates/pleaser
Summary : Please, a polite regex-first sudo alternative
Description :
Please, a polite regex-first sudo alternative.
--------------------------------------------------------------------------------
Update Information:
Update the time crate to version 0.3.47.
Update the time-macros crate to version 0.2.27.
Update the time-core crate to version 0.1.8.
Update the num-conv crate to version 0.2.0.
Update the git2 crate to version 0.20.4.
Update the bytes crate to version 1.11.1.
Additionally, this update contains rebuilds of applications affected by security
advisories:
bytes: RUSTSEC-2026-0007
git2: RUSTSEC-2026-0008
jsonwebtoken: CVE-2026-25537
time: RUSTSEC-2026-0009
All applications that statically link libgit2 via the git2 Rust bindings were
also rebuilt against the latest version of the git2 / libgit2-sys crates to pull
in fixes included in libgit2 between v1.8.1 and v1.9.2.
--------------------------------------------------------------------------------
ChangeLog:
* Sat Feb 7 2026 Fabio Valentini [decathorpe@gmail.com] - 0.5.6-6
- Rebuild for RUSTSEC-2026-{0007,0008,0009} and CVE-2026-25537
* Sat Jan 17 2026 Fedora Release Engineering [releng@fedoraproject.org] - 0.5.6-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2437470 - CVE-2026-25537 rust-jsonwebtoken: jsonwebtoken has Type Confusion that leads to potential authorization bypass [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2437470
[ 2 ] Bug #2437472 - CVE-2026-25537 uv: jsonwebtoken has Type Confusion that leads to potential authorization bypass [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2437472
[ 3 ] Bug #2438104 - CVE-2026-25727 atuin: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438104
[ 4 ] Bug #2438135 - CVE-2026-25727 keylime-agent-rust: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438135
[ 5 ] Bug #2438138 - CVE-2026-25727 maturin: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438138
[ 6 ] Bug #2438149 - CVE-2026-25727 rustup: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438149
[ 7 ] Bug #2438158 - CVE-2026-25727 tbtools: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438158
[ 8 ] Bug #2438164 - CVE-2026-25727 tuigreet: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438164
[ 9 ] Bug #2438165 - CVE-2026-25727 uv: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438165
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-f400579a21' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 43 Update: rust-procs-0.14.10-7.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-f400579a21
2026-02-10 01:31:32.937525+00:00
--------------------------------------------------------------------------------
Name : rust-procs
Product : Fedora 43
Version : 0.14.10
Release : 7.fc43
URL : https://crates.io/crates/procs
Summary : Modern replacement for ps
Description :
A modern replacement for ps.
--------------------------------------------------------------------------------
Update Information:
Update the time crate to version 0.3.47.
Update the time-macros crate to version 0.2.27.
Update the time-core crate to version 0.1.8.
Update the num-conv crate to version 0.2.0.
Update the git2 crate to version 0.20.4.
Update the bytes crate to version 1.11.1.
Additionally, this update contains rebuilds of applications affected by security
advisories:
bytes: RUSTSEC-2026-0007
git2: RUSTSEC-2026-0008
jsonwebtoken: CVE-2026-25537
time: RUSTSEC-2026-0009
All applications that statically link libgit2 via the git2 Rust bindings were
also rebuilt against the latest version of the git2 / libgit2-sys crates to pull
in fixes included in libgit2 between v1.8.1 and v1.9.2.
--------------------------------------------------------------------------------
ChangeLog:
* Sat Feb 7 2026 Fabio Valentini [decathorpe@gmail.com] - 0.14.10-7
- Rebuild for RUSTSEC-2026-{0007,0008,0009} and CVE-2026-25537
* Sat Jan 17 2026 Fedora Release Engineering [releng@fedoraproject.org] - 0.14.10-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2437470 - CVE-2026-25537 rust-jsonwebtoken: jsonwebtoken has Type Confusion that leads to potential authorization bypass [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2437470
[ 2 ] Bug #2437472 - CVE-2026-25537 uv: jsonwebtoken has Type Confusion that leads to potential authorization bypass [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2437472
[ 3 ] Bug #2438104 - CVE-2026-25727 atuin: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438104
[ 4 ] Bug #2438135 - CVE-2026-25727 keylime-agent-rust: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438135
[ 5 ] Bug #2438138 - CVE-2026-25727 maturin: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438138
[ 6 ] Bug #2438149 - CVE-2026-25727 rustup: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438149
[ 7 ] Bug #2438158 - CVE-2026-25727 tbtools: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438158
[ 8 ] Bug #2438164 - CVE-2026-25727 tuigreet: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438164
[ 9 ] Bug #2438165 - CVE-2026-25727 uv: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438165
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-f400579a21' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 43 Update: rust-nu-0.99.1-16.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-f400579a21
2026-02-10 01:31:32.937525+00:00
--------------------------------------------------------------------------------
Name : rust-nu
Product : Fedora 43
Version : 0.99.1
Release : 16.fc43
URL : https://crates.io/crates/nu
Summary : New type of shell
Description :
A new type of shell.
--------------------------------------------------------------------------------
Update Information:
Update the time crate to version 0.3.47.
Update the time-macros crate to version 0.2.27.
Update the time-core crate to version 0.1.8.
Update the num-conv crate to version 0.2.0.
Update the git2 crate to version 0.20.4.
Update the bytes crate to version 1.11.1.
Additionally, this update contains rebuilds of applications affected by security
advisories:
bytes: RUSTSEC-2026-0007
git2: RUSTSEC-2026-0008
jsonwebtoken: CVE-2026-25537
time: RUSTSEC-2026-0009
All applications that statically link libgit2 via the git2 Rust bindings were
also rebuilt against the latest version of the git2 / libgit2-sys crates to pull
in fixes included in libgit2 between v1.8.1 and v1.9.2.
--------------------------------------------------------------------------------
ChangeLog:
* Sat Feb 7 2026 Fabio Valentini [decathorpe@gmail.com] - 0.99.1-16
- Rebuild for RUSTSEC-2026-{0007,0008,0009} and CVE-2026-25537
* Sat Jan 17 2026 Fedora Release Engineering [releng@fedoraproject.org] - 0.99.1-15
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2437470 - CVE-2026-25537 rust-jsonwebtoken: jsonwebtoken has Type Confusion that leads to potential authorization bypass [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2437470
[ 2 ] Bug #2437472 - CVE-2026-25537 uv: jsonwebtoken has Type Confusion that leads to potential authorization bypass [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2437472
[ 3 ] Bug #2438104 - CVE-2026-25727 atuin: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438104
[ 4 ] Bug #2438135 - CVE-2026-25727 keylime-agent-rust: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438135
[ 5 ] Bug #2438138 - CVE-2026-25727 maturin: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438138
[ 6 ] Bug #2438149 - CVE-2026-25727 rustup: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438149
[ 7 ] Bug #2438158 - CVE-2026-25727 tbtools: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438158
[ 8 ] Bug #2438164 - CVE-2026-25727 tuigreet: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438164
[ 9 ] Bug #2438165 - CVE-2026-25727 uv: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438165
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-f400579a21' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 43 Update: rust-monitord-0.12.1-6.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-f400579a21
2026-02-10 01:31:32.937525+00:00
--------------------------------------------------------------------------------
Name : rust-monitord
Product : Fedora 43
Version : 0.12.1
Release : 6.fc43
URL : https://crates.io/crates/monitord
Summary : Know how happy your systemd is
Description :
monitord is a library and daemon to gather statistics about systemd.
--------------------------------------------------------------------------------
Update Information:
Update the time crate to version 0.3.47.
Update the time-macros crate to version 0.2.27.
Update the time-core crate to version 0.1.8.
Update the num-conv crate to version 0.2.0.
Update the git2 crate to version 0.20.4.
Update the bytes crate to version 1.11.1.
Additionally, this update contains rebuilds of applications affected by security
advisories:
bytes: RUSTSEC-2026-0007
git2: RUSTSEC-2026-0008
jsonwebtoken: CVE-2026-25537
time: RUSTSEC-2026-0009
All applications that statically link libgit2 via the git2 Rust bindings were
also rebuilt against the latest version of the git2 / libgit2-sys crates to pull
in fixes included in libgit2 between v1.8.1 and v1.9.2.
--------------------------------------------------------------------------------
ChangeLog:
* Sat Feb 7 2026 Fabio Valentini [decathorpe@gmail.com] - 0.12.1-6
- Rebuild for RUSTSEC-2026-{0007,0008,0009} and CVE-2026-25537
* Sat Jan 17 2026 Fedora Release Engineering [releng@fedoraproject.org] - 0.12.1-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2437470 - CVE-2026-25537 rust-jsonwebtoken: jsonwebtoken has Type Confusion that leads to potential authorization bypass [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2437470
[ 2 ] Bug #2437472 - CVE-2026-25537 uv: jsonwebtoken has Type Confusion that leads to potential authorization bypass [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2437472
[ 3 ] Bug #2438104 - CVE-2026-25727 atuin: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438104
[ 4 ] Bug #2438135 - CVE-2026-25727 keylime-agent-rust: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438135
[ 5 ] Bug #2438138 - CVE-2026-25727 maturin: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438138
[ 6 ] Bug #2438149 - CVE-2026-25727 rustup: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438149
[ 7 ] Bug #2438158 - CVE-2026-25727 tbtools: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438158
[ 8 ] Bug #2438164 - CVE-2026-25727 tuigreet: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438164
[ 9 ] Bug #2438165 - CVE-2026-25727 uv: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438165
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-f400579a21' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 43 Update: rust-jsonwebtoken-9.3.1-4.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-f400579a21
2026-02-10 01:31:32.937525+00:00
--------------------------------------------------------------------------------
Name : rust-jsonwebtoken
Product : Fedora 43
Version : 9.3.1
Release : 4.fc43
URL : https://crates.io/crates/jsonwebtoken
Summary : Create and decode JWTs in a strongly typed way
Description :
Create and decode JWTs in a strongly typed way.
--------------------------------------------------------------------------------
Update Information:
Update the time crate to version 0.3.47.
Update the time-macros crate to version 0.2.27.
Update the time-core crate to version 0.1.8.
Update the num-conv crate to version 0.2.0.
Update the git2 crate to version 0.20.4.
Update the bytes crate to version 1.11.1.
Additionally, this update contains rebuilds of applications affected by security
advisories:
bytes: RUSTSEC-2026-0007
git2: RUSTSEC-2026-0008
jsonwebtoken: CVE-2026-25537
time: RUSTSEC-2026-0009
All applications that statically link libgit2 via the git2 Rust bindings were
also rebuilt against the latest version of the git2 / libgit2-sys crates to pull
in fixes included in libgit2 between v1.8.1 and v1.9.2.
--------------------------------------------------------------------------------
ChangeLog:
* Sat Feb 7 2026 Benjamin A. Beasley [code@musicinmybrain.net] - 9.3.1-4
- Backport fix for CVE-2026-25537
- Fixes RHBZ#2437470; fixes RHBZ#2437465; fixes RHBZ#2437460
* Sat Jan 17 2026 Fedora Release Engineering [releng@fedoraproject.org] - 9.3.1-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2437470 - CVE-2026-25537 rust-jsonwebtoken: jsonwebtoken has Type Confusion that leads to potential authorization bypass [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2437470
[ 2 ] Bug #2437472 - CVE-2026-25537 uv: jsonwebtoken has Type Confusion that leads to potential authorization bypass [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2437472
[ 3 ] Bug #2438104 - CVE-2026-25727 atuin: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438104
[ 4 ] Bug #2438135 - CVE-2026-25727 keylime-agent-rust: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438135
[ 5 ] Bug #2438138 - CVE-2026-25727 maturin: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438138
[ 6 ] Bug #2438149 - CVE-2026-25727 rustup: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438149
[ 7 ] Bug #2438158 - CVE-2026-25727 tbtools: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438158
[ 8 ] Bug #2438164 - CVE-2026-25727 tuigreet: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438164
[ 9 ] Bug #2438165 - CVE-2026-25727 uv: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438165
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-f400579a21' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 43 Update: rust-gst-plugin-reqwest-0.14.3-3.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-f400579a21
2026-02-10 01:31:32.937525+00:00
--------------------------------------------------------------------------------
Name : rust-gst-plugin-reqwest
Product : Fedora 43
Version : 0.14.3
Release : 3.fc43
URL : https://crates.io/crates/gst-plugin-reqwest
Summary : GStreamer reqwest HTTP Source Plugin
Description :
GStreamer reqwest HTTP Source Plugin.
--------------------------------------------------------------------------------
Update Information:
Update the time crate to version 0.3.47.
Update the time-macros crate to version 0.2.27.
Update the time-core crate to version 0.1.8.
Update the num-conv crate to version 0.2.0.
Update the git2 crate to version 0.20.4.
Update the bytes crate to version 1.11.1.
Additionally, this update contains rebuilds of applications affected by security
advisories:
bytes: RUSTSEC-2026-0007
git2: RUSTSEC-2026-0008
jsonwebtoken: CVE-2026-25537
time: RUSTSEC-2026-0009
All applications that statically link libgit2 via the git2 Rust bindings were
also rebuilt against the latest version of the git2 / libgit2-sys crates to pull
in fixes included in libgit2 between v1.8.1 and v1.9.2.
--------------------------------------------------------------------------------
ChangeLog:
* Sat Feb 7 2026 Fabio Valentini [decathorpe@gmail.com] - 0.14.3-3
- Rebuild for RUSTSEC-2026-{0007,0008,0009} and CVE-2026-25537
* Sat Jan 17 2026 Fedora Release Engineering [releng@fedoraproject.org] - 0.14.3-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2437470 - CVE-2026-25537 rust-jsonwebtoken: jsonwebtoken has Type Confusion that leads to potential authorization bypass [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2437470
[ 2 ] Bug #2437472 - CVE-2026-25537 uv: jsonwebtoken has Type Confusion that leads to potential authorization bypass [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2437472
[ 3 ] Bug #2438104 - CVE-2026-25727 atuin: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438104
[ 4 ] Bug #2438135 - CVE-2026-25727 keylime-agent-rust: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438135
[ 5 ] Bug #2438138 - CVE-2026-25727 maturin: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438138
[ 6 ] Bug #2438149 - CVE-2026-25727 rustup: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438149
[ 7 ] Bug #2438158 - CVE-2026-25727 tbtools: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438158
[ 8 ] Bug #2438164 - CVE-2026-25727 tuigreet: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438164
[ 9 ] Bug #2438165 - CVE-2026-25727 uv: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438165
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-f400579a21' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 43 Update: rust-crypto-auditing-agent-0.2.4-3.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-f400579a21
2026-02-10 01:31:32.937525+00:00
--------------------------------------------------------------------------------
Name : rust-crypto-auditing-agent
Product : Fedora 43
Version : 0.2.4
Release : 3.fc43
URL : https://crates.io/crates/crypto-auditing-agent
Summary : Event collector agent for crypto-auditing project
Description :
Event collector agent for crypto-auditing project.
--------------------------------------------------------------------------------
Update Information:
Update the time crate to version 0.3.47.
Update the time-macros crate to version 0.2.27.
Update the time-core crate to version 0.1.8.
Update the num-conv crate to version 0.2.0.
Update the git2 crate to version 0.20.4.
Update the bytes crate to version 1.11.1.
Additionally, this update contains rebuilds of applications affected by security
advisories:
bytes: RUSTSEC-2026-0007
git2: RUSTSEC-2026-0008
jsonwebtoken: CVE-2026-25537
time: RUSTSEC-2026-0009
All applications that statically link libgit2 via the git2 Rust bindings were
also rebuilt against the latest version of the git2 / libgit2-sys crates to pull
in fixes included in libgit2 between v1.8.1 and v1.9.2.
--------------------------------------------------------------------------------
ChangeLog:
* Sat Feb 7 2026 Fabio Valentini [decathorpe@gmail.com] - 0.2.4-3
- Rebuild for RUSTSEC-2026-{0007,0008,0009} and CVE-2026-25537
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2437470 - CVE-2026-25537 rust-jsonwebtoken: jsonwebtoken has Type Confusion that leads to potential authorization bypass [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2437470
[ 2 ] Bug #2437472 - CVE-2026-25537 uv: jsonwebtoken has Type Confusion that leads to potential authorization bypass [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2437472
[ 3 ] Bug #2438104 - CVE-2026-25727 atuin: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438104
[ 4 ] Bug #2438135 - CVE-2026-25727 keylime-agent-rust: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438135
[ 5 ] Bug #2438138 - CVE-2026-25727 maturin: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438138
[ 6 ] Bug #2438149 - CVE-2026-25727 rustup: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438149
[ 7 ] Bug #2438158 - CVE-2026-25727 tbtools: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438158
[ 8 ] Bug #2438164 - CVE-2026-25727 tuigreet: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438164
[ 9 ] Bug #2438165 - CVE-2026-25727 uv: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438165
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-f400579a21' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 43 Update: tuigreet-0.9.1-7.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-f400579a21
2026-02-10 01:31:32.937525+00:00
--------------------------------------------------------------------------------
Name : tuigreet
Product : Fedora 43
Version : 0.9.1
Release : 7.fc43
URL : https://github.com/apognu/tuigreet
Summary : Graphical console greeter for greetd
Description :
Graphical console greeter for greetd.
--------------------------------------------------------------------------------
Update Information:
Update the time crate to version 0.3.47.
Update the time-macros crate to version 0.2.27.
Update the time-core crate to version 0.1.8.
Update the num-conv crate to version 0.2.0.
Update the git2 crate to version 0.20.4.
Update the bytes crate to version 1.11.1.
Additionally, this update contains rebuilds of applications affected by security
advisories:
bytes: RUSTSEC-2026-0007
git2: RUSTSEC-2026-0008
jsonwebtoken: CVE-2026-25537
time: RUSTSEC-2026-0009
All applications that statically link libgit2 via the git2 Rust bindings were
also rebuilt against the latest version of the git2 / libgit2-sys crates to pull
in fixes included in libgit2 between v1.8.1 and v1.9.2.
--------------------------------------------------------------------------------
ChangeLog:
* Sat Feb 7 2026 Fabio Valentini [decathorpe@gmail.com] - 0.9.1-7
- Rebuild for RUSTSEC-2026-{0007,0008,0009} and CVE-2026-25537
* Sat Jan 17 2026 Fedora Release Engineering [releng@fedoraproject.org] - 0.9.1-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2437470 - CVE-2026-25537 rust-jsonwebtoken: jsonwebtoken has Type Confusion that leads to potential authorization bypass [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2437470
[ 2 ] Bug #2437472 - CVE-2026-25537 uv: jsonwebtoken has Type Confusion that leads to potential authorization bypass [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2437472
[ 3 ] Bug #2438104 - CVE-2026-25727 atuin: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438104
[ 4 ] Bug #2438135 - CVE-2026-25727 keylime-agent-rust: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438135
[ 5 ] Bug #2438138 - CVE-2026-25727 maturin: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438138
[ 6 ] Bug #2438149 - CVE-2026-25727 rustup: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438149
[ 7 ] Bug #2438158 - CVE-2026-25727 tbtools: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438158
[ 8 ] Bug #2438164 - CVE-2026-25727 tuigreet: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438164
[ 9 ] Bug #2438165 - CVE-2026-25727 uv: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438165
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-f400579a21' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 43 Update: sad-0.4.32-4.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-f400579a21
2026-02-10 01:31:32.937525+00:00
--------------------------------------------------------------------------------
Name : sad
Product : Fedora 43
Version : 0.4.32
Release : 4.fc43
URL : https://github.com/ms-jpq/sad
Summary : CLI search and replace tool
Description :
Space Age seD - Batch File Edit tool. It will show you a really nice diff of
proposed changes before you commit them.
--------------------------------------------------------------------------------
Update Information:
Update the time crate to version 0.3.47.
Update the time-macros crate to version 0.2.27.
Update the time-core crate to version 0.1.8.
Update the num-conv crate to version 0.2.0.
Update the git2 crate to version 0.20.4.
Update the bytes crate to version 1.11.1.
Additionally, this update contains rebuilds of applications affected by security
advisories:
bytes: RUSTSEC-2026-0007
git2: RUSTSEC-2026-0008
jsonwebtoken: CVE-2026-25537
time: RUSTSEC-2026-0009
All applications that statically link libgit2 via the git2 Rust bindings were
also rebuilt against the latest version of the git2 / libgit2-sys crates to pull
in fixes included in libgit2 between v1.8.1 and v1.9.2.
--------------------------------------------------------------------------------
ChangeLog:
* Sat Feb 7 2026 Fabio Valentini [decathorpe@gmail.com] - 0.4.32-4
- Rebuild for RUSTSEC-2026-{0007,0008,0009} and CVE-2026-25537
* Sat Jan 17 2026 Fedora Release Engineering [releng@fedoraproject.org] - 0.4.32-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2437470 - CVE-2026-25537 rust-jsonwebtoken: jsonwebtoken has Type Confusion that leads to potential authorization bypass [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2437470
[ 2 ] Bug #2437472 - CVE-2026-25537 uv: jsonwebtoken has Type Confusion that leads to potential authorization bypass [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2437472
[ 3 ] Bug #2438104 - CVE-2026-25727 atuin: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438104
[ 4 ] Bug #2438135 - CVE-2026-25727 keylime-agent-rust: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438135
[ 5 ] Bug #2438138 - CVE-2026-25727 maturin: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438138
[ 6 ] Bug #2438149 - CVE-2026-25727 rustup: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438149
[ 7 ] Bug #2438158 - CVE-2026-25727 tbtools: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438158
[ 8 ] Bug #2438164 - CVE-2026-25727 tuigreet: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438164
[ 9 ] Bug #2438165 - CVE-2026-25727 uv: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438165
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-f400579a21' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 43 Update: rust-weezl-0.1.12-3.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-f400579a21
2026-02-10 01:31:32.937525+00:00
--------------------------------------------------------------------------------
Name : rust-weezl
Product : Fedora 43
Version : 0.1.12
Release : 3.fc43
URL : https://crates.io/crates/weezl
Summary : Fast LZW compression and decompression
Description :
Fast LZW compression and decompression.
--------------------------------------------------------------------------------
Update Information:
Update the time crate to version 0.3.47.
Update the time-macros crate to version 0.2.27.
Update the time-core crate to version 0.1.8.
Update the num-conv crate to version 0.2.0.
Update the git2 crate to version 0.20.4.
Update the bytes crate to version 1.11.1.
Additionally, this update contains rebuilds of applications affected by security
advisories:
bytes: RUSTSEC-2026-0007
git2: RUSTSEC-2026-0008
jsonwebtoken: CVE-2026-25537
time: RUSTSEC-2026-0009
All applications that statically link libgit2 via the git2 Rust bindings were
also rebuilt against the latest version of the git2 / libgit2-sys crates to pull
in fixes included in libgit2 between v1.8.1 and v1.9.2.
--------------------------------------------------------------------------------
ChangeLog:
* Sat Feb 7 2026 Fabio Valentini [decathorpe@gmail.com] - 0.1.12-3
- Rebuild for RUSTSEC-2026-{0007,0008,0009} and CVE-2026-25537
* Sat Jan 17 2026 Fedora Release Engineering [releng@fedoraproject.org] - 0.1.12-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2437470 - CVE-2026-25537 rust-jsonwebtoken: jsonwebtoken has Type Confusion that leads to potential authorization bypass [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2437470
[ 2 ] Bug #2437472 - CVE-2026-25537 uv: jsonwebtoken has Type Confusion that leads to potential authorization bypass [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2437472
[ 3 ] Bug #2438104 - CVE-2026-25727 atuin: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438104
[ 4 ] Bug #2438135 - CVE-2026-25727 keylime-agent-rust: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438135
[ 5 ] Bug #2438138 - CVE-2026-25727 maturin: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438138
[ 6 ] Bug #2438149 - CVE-2026-25727 rustup: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438149
[ 7 ] Bug #2438158 - CVE-2026-25727 tbtools: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438158
[ 8 ] Bug #2438164 - CVE-2026-25727 tuigreet: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438164
[ 9 ] Bug #2438165 - CVE-2026-25727 uv: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438165
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-f400579a21' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 43 Update: rust-ambient-id-0.0.8-1.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-f400579a21
2026-02-10 01:31:32.937525+00:00
--------------------------------------------------------------------------------
Name : rust-ambient-id
Product : Fedora 43
Version : 0.0.8
Release : 1.fc43
URL : https://crates.io/crates/ambient-id
Summary : Detects ambient OIDC credentials in a variety of environments
Description :
Detects ambient OIDC credentials in a variety of environments.
--------------------------------------------------------------------------------
Update Information:
Update the time crate to version 0.3.47.
Update the time-macros crate to version 0.2.27.
Update the time-core crate to version 0.1.8.
Update the num-conv crate to version 0.2.0.
Update the git2 crate to version 0.20.4.
Update the bytes crate to version 1.11.1.
Additionally, this update contains rebuilds of applications affected by security
advisories:
bytes: RUSTSEC-2026-0007
git2: RUSTSEC-2026-0008
jsonwebtoken: CVE-2026-25537
time: RUSTSEC-2026-0009
All applications that statically link libgit2 via the git2 Rust bindings were
also rebuilt against the latest version of the git2 / libgit2-sys crates to pull
in fixes included in libgit2 between v1.8.1 and v1.9.2.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Feb 3 2026 Benjamin A. Beasley [code@musicinmybrain.net] - 0.0.8-1
- Update to version 0.0.8
* Sat Jan 17 2026 Fedora Release Engineering [releng@fedoraproject.org] - 0.0.7-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2437470 - CVE-2026-25537 rust-jsonwebtoken: jsonwebtoken has Type Confusion that leads to potential authorization bypass [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2437470
[ 2 ] Bug #2437472 - CVE-2026-25537 uv: jsonwebtoken has Type Confusion that leads to potential authorization bypass [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2437472
[ 3 ] Bug #2438104 - CVE-2026-25727 atuin: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438104
[ 4 ] Bug #2438135 - CVE-2026-25727 keylime-agent-rust: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438135
[ 5 ] Bug #2438138 - CVE-2026-25727 maturin: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438138
[ 6 ] Bug #2438149 - CVE-2026-25727 rustup: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438149
[ 7 ] Bug #2438158 - CVE-2026-25727 tbtools: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438158
[ 8 ] Bug #2438164 - CVE-2026-25727 tuigreet: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438164
[ 9 ] Bug #2438165 - CVE-2026-25727 uv: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438165
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-f400579a21' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 43 Update: uv-0.9.30-2.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-f400579a21
2026-02-10 01:31:32.937525+00:00
--------------------------------------------------------------------------------
Name : uv
Product : Fedora 43
Version : 0.9.30
Release : 2.fc43
URL : https://github.com/astral-sh/uv
Summary : An extremely fast Python package installer and resolver, written in Rust
Description :
An extremely fast Python package and project manager, written in Rust.
Highlights:
??? A single tool to replace pip, pip-tools, pipx, poetry, pyenv, twine,
virtualenv, and more.
??? 10-100x faster than pip.
??? Provides comprehensive project management, with a universal lockfile.
??? Runs scripts, with support for inline dependency metadata.
??? Installs and manages Python versions.
??? Runs and installs tools published as Python packages.
??? Includes a pip-compatible interface for a performance boost with a familiar
CLI.
??? Supports Cargo-style workspaces for scalable projects.
??? Disk-space efficient, with a global cache for dependency deduplication.
--------------------------------------------------------------------------------
Update Information:
Update the time crate to version 0.3.47.
Update the time-macros crate to version 0.2.27.
Update the time-core crate to version 0.1.8.
Update the num-conv crate to version 0.2.0.
Update the git2 crate to version 0.20.4.
Update the bytes crate to version 1.11.1.
Additionally, this update contains rebuilds of applications affected by security
advisories:
bytes: RUSTSEC-2026-0007
git2: RUSTSEC-2026-0008
jsonwebtoken: CVE-2026-25537
time: RUSTSEC-2026-0009
All applications that statically link libgit2 via the git2 Rust bindings were
also rebuilt against the latest version of the git2 / libgit2-sys crates to pull
in fixes included in libgit2 between v1.8.1 and v1.9.2.
--------------------------------------------------------------------------------
ChangeLog:
* Sun Feb 8 2026 Benjamin A. Beasley [code@musicinmybrain.net] - 0.9.30-2
- Rebuilt with jsonwebtoken patched for CVE-2026-25537
- Fixes RHBZ#2437472; fixes RHBZ#2437467; fixes RHBZ#2437461
* Thu Feb 5 2026 Benjamin A. Beasley [code@musicinmybrain.net] - 0.9.30-1
- Update to 0.9.30 (close RHBZ#2437002)
* Wed Feb 4 2026 Benjamin A. Beasley [code@musicinmybrain.net] - 0.9.29-1
- Update to 0.9.29 (close RHBZ#2436550)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2437470 - CVE-2026-25537 rust-jsonwebtoken: jsonwebtoken has Type Confusion that leads to potential authorization bypass [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2437470
[ 2 ] Bug #2437472 - CVE-2026-25537 uv: jsonwebtoken has Type Confusion that leads to potential authorization bypass [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2437472
[ 3 ] Bug #2438104 - CVE-2026-25727 atuin: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438104
[ 4 ] Bug #2438135 - CVE-2026-25727 keylime-agent-rust: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438135
[ 5 ] Bug #2438138 - CVE-2026-25727 maturin: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438138
[ 6 ] Bug #2438149 - CVE-2026-25727 rustup: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438149
[ 7 ] Bug #2438158 - CVE-2026-25727 tbtools: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438158
[ 8 ] Bug #2438164 - CVE-2026-25727 tuigreet: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438164
[ 9 ] Bug #2438165 - CVE-2026-25727 uv: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438165
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-f400579a21' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
[SECURITY] Fedora 43 Update: rust-time-macros-0.2.27-1.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-f400579a21
2026-02-10 01:31:32.937525+00:00
--------------------------------------------------------------------------------
Name : rust-time-macros
Product : Fedora 43
Version : 0.2.27
Release : 1.fc43
URL : https://crates.io/crates/time-macros
Summary : Procedural macros for the time crate
Description :
Procedural macros for the time crate.
--------------------------------------------------------------------------------
Update Information:
Update the time crate to version 0.3.47.
Update the time-macros crate to version 0.2.27.
Update the time-core crate to version 0.1.8.
Update the num-conv crate to version 0.2.0.
Update the git2 crate to version 0.20.4.
Update the bytes crate to version 1.11.1.
Additionally, this update contains rebuilds of applications affected by security
advisories:
bytes: RUSTSEC-2026-0007
git2: RUSTSEC-2026-0008
jsonwebtoken: CVE-2026-25537
time: RUSTSEC-2026-0009
All applications that statically link libgit2 via the git2 Rust bindings were
also rebuilt against the latest version of the git2 / libgit2-sys crates to pull
in fixes included in libgit2 between v1.8.1 and v1.9.2.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Feb 6 2026 Fabio Valentini [decathorpe@gmail.com] - 0.2.27-1
- Update to version 0.2.27; Fixes RHBZ#2428876
* Sat Jan 17 2026 Fedora Release Engineering [releng@fedoraproject.org] - 0.2.24-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2437470 - CVE-2026-25537 rust-jsonwebtoken: jsonwebtoken has Type Confusion that leads to potential authorization bypass [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2437470
[ 2 ] Bug #2437472 - CVE-2026-25537 uv: jsonwebtoken has Type Confusion that leads to potential authorization bypass [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2437472
[ 3 ] Bug #2438104 - CVE-2026-25727 atuin: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438104
[ 4 ] Bug #2438135 - CVE-2026-25727 keylime-agent-rust: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438135
[ 5 ] Bug #2438138 - CVE-2026-25727 maturin: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438138
[ 6 ] Bug #2438149 - CVE-2026-25727 rustup: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438149
[ 7 ] Bug #2438158 - CVE-2026-25727 tbtools: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438158
[ 8 ] Bug #2438164 - CVE-2026-25727 tuigreet: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438164
[ 9 ] Bug #2438165 - CVE-2026-25727 uv: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438165
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-f400579a21' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 43 Update: maturin-1.9.6-4.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-f400579a21
2026-02-10 01:31:32.937525+00:00
--------------------------------------------------------------------------------
Name : maturin
Product : Fedora 43
Version : 1.9.6
Release : 4.fc43
URL : https://github.com/PyO3/maturin
Summary : Build and publish Rust crates as Python packages
Description :
Build and publish crates with pyo3, rust-cpython and cffi bindings as
well as rust binaries as python packages.
--------------------------------------------------------------------------------
Update Information:
Update the time crate to version 0.3.47.
Update the time-macros crate to version 0.2.27.
Update the time-core crate to version 0.1.8.
Update the num-conv crate to version 0.2.0.
Update the git2 crate to version 0.20.4.
Update the bytes crate to version 1.11.1.
Additionally, this update contains rebuilds of applications affected by security
advisories:
bytes: RUSTSEC-2026-0007
git2: RUSTSEC-2026-0008
jsonwebtoken: CVE-2026-25537
time: RUSTSEC-2026-0009
All applications that statically link libgit2 via the git2 Rust bindings were
also rebuilt against the latest version of the git2 / libgit2-sys crates to pull
in fixes included in libgit2 between v1.8.1 and v1.9.2.
--------------------------------------------------------------------------------
ChangeLog:
* Sat Feb 7 2026 Fabio Valentini [decathorpe@gmail.com] - 1.9.6-4
- Rebuild for RUSTSEC-2026-{0007,0008,0009} and CVE-2026-25537
* Fri Jan 16 2026 Fedora Release Engineering [releng@fedoraproject.org] - 1.9.6-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2437470 - CVE-2026-25537 rust-jsonwebtoken: jsonwebtoken has Type Confusion that leads to potential authorization bypass [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2437470
[ 2 ] Bug #2437472 - CVE-2026-25537 uv: jsonwebtoken has Type Confusion that leads to potential authorization bypass [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2437472
[ 3 ] Bug #2438104 - CVE-2026-25727 atuin: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438104
[ 4 ] Bug #2438135 - CVE-2026-25727 keylime-agent-rust: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438135
[ 5 ] Bug #2438138 - CVE-2026-25727 maturin: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438138
[ 6 ] Bug #2438149 - CVE-2026-25727 rustup: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438149
[ 7 ] Bug #2438158 - CVE-2026-25727 tbtools: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438158
[ 8 ] Bug #2438164 - CVE-2026-25727 tuigreet: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438164
[ 9 ] Bug #2438165 - CVE-2026-25727 uv: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438165
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-f400579a21' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 43 Update: rustup-1.28.2-8.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-f400579a21
2026-02-10 01:31:32.937525+00:00
--------------------------------------------------------------------------------
Name : rustup
Product : Fedora 43
Version : 1.28.2
Release : 8.fc43
URL : https://github.com/rust-lang/rustup
Summary : Manage multiple rust installations with ease
Description :
Manage multiple rust installations with ease.
--------------------------------------------------------------------------------
Update Information:
Update the time crate to version 0.3.47.
Update the time-macros crate to version 0.2.27.
Update the time-core crate to version 0.1.8.
Update the num-conv crate to version 0.2.0.
Update the git2 crate to version 0.20.4.
Update the bytes crate to version 1.11.1.
Additionally, this update contains rebuilds of applications affected by security
advisories:
bytes: RUSTSEC-2026-0007
git2: RUSTSEC-2026-0008
jsonwebtoken: CVE-2026-25537
time: RUSTSEC-2026-0009
All applications that statically link libgit2 via the git2 Rust bindings were
also rebuilt against the latest version of the git2 / libgit2-sys crates to pull
in fixes included in libgit2 between v1.8.1 and v1.9.2.
--------------------------------------------------------------------------------
ChangeLog:
* Sat Feb 7 2026 Fabio Valentini [decathorpe@gmail.com] - 1.28.2-8
- Rebuild for RUSTSEC-2026-{0007,0008,0009} and CVE-2026-25537
* Sat Jan 17 2026 Fedora Release Engineering [releng@fedoraproject.org] - 1.28.2-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2437470 - CVE-2026-25537 rust-jsonwebtoken: jsonwebtoken has Type Confusion that leads to potential authorization bypass [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2437470
[ 2 ] Bug #2437472 - CVE-2026-25537 uv: jsonwebtoken has Type Confusion that leads to potential authorization bypass [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2437472
[ 3 ] Bug #2438104 - CVE-2026-25727 atuin: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438104
[ 4 ] Bug #2438135 - CVE-2026-25727 keylime-agent-rust: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438135
[ 5 ] Bug #2438138 - CVE-2026-25727 maturin: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438138
[ 6 ] Bug #2438149 - CVE-2026-25727 rustup: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438149
[ 7 ] Bug #2438158 - CVE-2026-25727 tbtools: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438158
[ 8 ] Bug #2438164 - CVE-2026-25727 tuigreet: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438164
[ 9 ] Bug #2438165 - CVE-2026-25727 uv: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438165
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-f400579a21' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 43 Update: rust-time-0.3.47-2.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-f400579a21
2026-02-10 01:31:32.937525+00:00
--------------------------------------------------------------------------------
Name : rust-time
Product : Fedora 43
Version : 0.3.47
Release : 2.fc43
URL : https://crates.io/crates/time
Summary : Date and time library
Description :
Date and time library. Fully interoperable with the standard library.
Mostly compatible with #![no_std].
--------------------------------------------------------------------------------
Update Information:
Update the time crate to version 0.3.47.
Update the time-macros crate to version 0.2.27.
Update the time-core crate to version 0.1.8.
Update the num-conv crate to version 0.2.0.
Update the git2 crate to version 0.20.4.
Update the bytes crate to version 1.11.1.
Additionally, this update contains rebuilds of applications affected by security
advisories:
bytes: RUSTSEC-2026-0007
git2: RUSTSEC-2026-0008
jsonwebtoken: CVE-2026-25537
time: RUSTSEC-2026-0009
All applications that statically link libgit2 via the git2 Rust bindings were
also rebuilt against the latest version of the git2 / libgit2-sys crates to pull
in fixes included in libgit2 between v1.8.1 and v1.9.2.
--------------------------------------------------------------------------------
ChangeLog:
* Sat Feb 7 2026 Fabio Valentini [decathorpe@gmail.com] - 0.3.47-2
- Skip a test that encodes 64-bit memory layout assumptions
* Fri Feb 6 2026 Fabio Valentini [decathorpe@gmail.com] - 0.3.47-1
- Update to version 0.3.47; Fixes RHBZ#2428874
* Sat Jan 17 2026 Fedora Release Engineering [releng@fedoraproject.org] - 0.3.44-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2437470 - CVE-2026-25537 rust-jsonwebtoken: jsonwebtoken has Type Confusion that leads to potential authorization bypass [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2437470
[ 2 ] Bug #2437472 - CVE-2026-25537 uv: jsonwebtoken has Type Confusion that leads to potential authorization bypass [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2437472
[ 3 ] Bug #2438104 - CVE-2026-25727 atuin: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438104
[ 4 ] Bug #2438135 - CVE-2026-25727 keylime-agent-rust: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438135
[ 5 ] Bug #2438138 - CVE-2026-25727 maturin: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438138
[ 6 ] Bug #2438149 - CVE-2026-25727 rustup: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438149
[ 7 ] Bug #2438158 - CVE-2026-25727 tbtools: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438158
[ 8 ] Bug #2438164 - CVE-2026-25727 tuigreet: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438164
[ 9 ] Bug #2438165 - CVE-2026-25727 uv: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438165
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-f400579a21' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 43 Update: rust-bat-0.25.0-9.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-f400579a21
2026-02-10 01:31:32.937525+00:00
--------------------------------------------------------------------------------
Name : rust-bat
Product : Fedora 43
Version : 0.25.0
Release : 9.fc43
URL : https://crates.io/crates/bat
Summary : Cat(1) clone with wings
Description :
A cat(1) clone with wings.
--------------------------------------------------------------------------------
Update Information:
Update the time crate to version 0.3.47.
Update the time-macros crate to version 0.2.27.
Update the time-core crate to version 0.1.8.
Update the num-conv crate to version 0.2.0.
Update the git2 crate to version 0.20.4.
Update the bytes crate to version 1.11.1.
Additionally, this update contains rebuilds of applications affected by security
advisories:
bytes: RUSTSEC-2026-0007
git2: RUSTSEC-2026-0008
jsonwebtoken: CVE-2026-25537
time: RUSTSEC-2026-0009
All applications that statically link libgit2 via the git2 Rust bindings were
also rebuilt against the latest version of the git2 / libgit2-sys crates to pull
in fixes included in libgit2 between v1.8.1 and v1.9.2.
--------------------------------------------------------------------------------
ChangeLog:
* Sat Feb 7 2026 Fabio Valentini [decathorpe@gmail.com] - 0.25.0-9
- Rebuild for RUSTSEC-2026-{0007,0008,0009} and CVE-2026-25537
* Sat Feb 7 2026 Fabio Valentini [decathorpe@gmail.com] - 0.25.0-8
- Bump git2 dependency to v0.20
* Sat Jan 17 2026 Fedora Release Engineering [releng@fedoraproject.org] - 0.25.0-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2437470 - CVE-2026-25537 rust-jsonwebtoken: jsonwebtoken has Type Confusion that leads to potential authorization bypass [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2437470
[ 2 ] Bug #2437472 - CVE-2026-25537 uv: jsonwebtoken has Type Confusion that leads to potential authorization bypass [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2437472
[ 3 ] Bug #2438104 - CVE-2026-25727 atuin: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438104
[ 4 ] Bug #2438135 - CVE-2026-25727 keylime-agent-rust: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438135
[ 5 ] Bug #2438138 - CVE-2026-25727 maturin: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438138
[ 6 ] Bug #2438149 - CVE-2026-25727 rustup: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438149
[ 7 ] Bug #2438158 - CVE-2026-25727 tbtools: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438158
[ 8 ] Bug #2438164 - CVE-2026-25727 tuigreet: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438164
[ 9 ] Bug #2438165 - CVE-2026-25727 uv: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438165
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-f400579a21' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 43 Update: rust-ybaas-0.0.19-6.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-f400579a21
2026-02-10 01:31:32.937525+00:00
--------------------------------------------------------------------------------
Name : rust-ybaas
Product : Fedora 43
Version : 0.0.19
Release : 6.fc43
URL : https://crates.io/crates/ybaas
Summary : Yubibomb as a service
Description :
Don't you love when you accidentally tap your Yubikey when you have your
IRC client in focus and you send 987947 into Libera? Want to be able to
have that experience without having to reach all the way over to your
laptop's USB port? Don't want the complexity of installing and using the
yubibomb CLI tool? Now you can use yubibomb as a service!
--------------------------------------------------------------------------------
Update Information:
Update the time crate to version 0.3.47.
Update the time-macros crate to version 0.2.27.
Update the time-core crate to version 0.1.8.
Update the num-conv crate to version 0.2.0.
Update the git2 crate to version 0.20.4.
Update the bytes crate to version 1.11.1.
Additionally, this update contains rebuilds of applications affected by security
advisories:
bytes: RUSTSEC-2026-0007
git2: RUSTSEC-2026-0008
jsonwebtoken: CVE-2026-25537
time: RUSTSEC-2026-0009
All applications that statically link libgit2 via the git2 Rust bindings were
also rebuilt against the latest version of the git2 / libgit2-sys crates to pull
in fixes included in libgit2 between v1.8.1 and v1.9.2.
--------------------------------------------------------------------------------
ChangeLog:
* Sat Feb 7 2026 Fabio Valentini [decathorpe@gmail.com] - 0.0.19-6
- Rebuild for RUSTSEC-2026-{0007,0008,0009} and CVE-2026-25537
* Sat Jan 17 2026 Fedora Release Engineering [releng@fedoraproject.org] - 0.0.19-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2437470 - CVE-2026-25537 rust-jsonwebtoken: jsonwebtoken has Type Confusion that leads to potential authorization bypass [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2437470
[ 2 ] Bug #2437472 - CVE-2026-25537 uv: jsonwebtoken has Type Confusion that leads to potential authorization bypass [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2437472
[ 3 ] Bug #2438104 - CVE-2026-25727 atuin: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438104
[ 4 ] Bug #2438135 - CVE-2026-25727 keylime-agent-rust: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438135
[ 5 ] Bug #2438138 - CVE-2026-25727 maturin: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438138
[ 6 ] Bug #2438149 - CVE-2026-25727 rustup: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438149
[ 7 ] Bug #2438158 - CVE-2026-25727 tbtools: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438158
[ 8 ] Bug #2438164 - CVE-2026-25727 tuigreet: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438164
[ 9 ] Bug #2438165 - CVE-2026-25727 uv: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438165
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-f400579a21' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 43 Update: mirrorlist-server-3.0.8-3.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-f400579a21
2026-02-10 01:31:32.937525+00:00
--------------------------------------------------------------------------------
Name : mirrorlist-server
Product : Fedora 43
Version : 3.0.8
Release : 3.fc43
URL : https://github.com/adrianreber/mirrorlist-server
Summary : Mirrorlist Server
Description :
The mirrorlist-server uses the data created by MirrorManager2
( https://github.com/fedora-infra/mirrormanager2) to answer client request for
the "best" mirror.
This implementation of the mirrorlist-server is written in Rust. The original
version of the mirrorlist-server was part of the MirrorManager2 repository and
it is implemented using Python. While moving from Python2 to Python3 one of
the problems was that the data exchange format (Python Pickle) did not support
running the MirrorManager2 backend with Python2 and the mirrorlist frontend
with Python3. To have a Pickle independent data exchange format protobuf was
introduced. The first try to use protobuf in the python mirrorlist
implementation required a lot more memory than the Pickle based implementation
(3.5GB instead of 1.1GB). That is one of the reasons a new mirrorlist-server
implementation was needed.
Another reason to rewrite the mirrorlist-server is its architecture. The
Python based version requires the Apache HTTP server or something that can
run the included wsgi. The wsgi talks over a socket to the actual
mirrorlist-server. In Fedora's MirrorManager2 instance this runs in a container
which runs behind HAProxy. This implementation in Rust directly uses a HTTP
library to reduce the number of involved components.
In addition to being simpler this implementation also requires less memory
than the Python version.
--------------------------------------------------------------------------------
Update Information:
Update the time crate to version 0.3.47.
Update the time-macros crate to version 0.2.27.
Update the time-core crate to version 0.1.8.
Update the num-conv crate to version 0.2.0.
Update the git2 crate to version 0.20.4.
Update the bytes crate to version 1.11.1.
Additionally, this update contains rebuilds of applications affected by security
advisories:
bytes: RUSTSEC-2026-0007
git2: RUSTSEC-2026-0008
jsonwebtoken: CVE-2026-25537
time: RUSTSEC-2026-0009
All applications that statically link libgit2 via the git2 Rust bindings were
also rebuilt against the latest version of the git2 / libgit2-sys crates to pull
in fixes included in libgit2 between v1.8.1 and v1.9.2.
--------------------------------------------------------------------------------
ChangeLog:
* Sat Feb 7 2026 Fabio Valentini [decathorpe@gmail.com] - 3.0.8-3
- Rebuild for RUSTSEC-2026-{0007,0008,0009} and CVE-2026-25537
* Fri Jan 16 2026 Fedora Release Engineering [releng@fedoraproject.org] - 3.0.8-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2437470 - CVE-2026-25537 rust-jsonwebtoken: jsonwebtoken has Type Confusion that leads to potential authorization bypass [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2437470
[ 2 ] Bug #2437472 - CVE-2026-25537 uv: jsonwebtoken has Type Confusion that leads to potential authorization bypass [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2437472
[ 3 ] Bug #2438104 - CVE-2026-25727 atuin: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438104
[ 4 ] Bug #2438135 - CVE-2026-25727 keylime-agent-rust: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438135
[ 5 ] Bug #2438138 - CVE-2026-25727 maturin: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438138
[ 6 ] Bug #2438149 - CVE-2026-25727 rustup: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438149
[ 7 ] Bug #2438158 - CVE-2026-25727 tbtools: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438158
[ 8 ] Bug #2438164 - CVE-2026-25727 tuigreet: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438164
[ 9 ] Bug #2438165 - CVE-2026-25727 uv: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438165
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-f400579a21' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 43 Update: rust-tokei-14.0.0-4.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-f400579a21
2026-02-10 01:31:32.937525+00:00
--------------------------------------------------------------------------------
Name : rust-tokei
Product : Fedora 43
Version : 14.0.0
Release : 4.fc43
URL : https://crates.io/crates/tokei
Summary : Count your code, quickly
Description :
Count your code, quickly.
--------------------------------------------------------------------------------
Update Information:
Update the time crate to version 0.3.47.
Update the time-macros crate to version 0.2.27.
Update the time-core crate to version 0.1.8.
Update the num-conv crate to version 0.2.0.
Update the git2 crate to version 0.20.4.
Update the bytes crate to version 1.11.1.
Additionally, this update contains rebuilds of applications affected by security
advisories:
bytes: RUSTSEC-2026-0007
git2: RUSTSEC-2026-0008
jsonwebtoken: CVE-2026-25537
time: RUSTSEC-2026-0009
All applications that statically link libgit2 via the git2 Rust bindings were
also rebuilt against the latest version of the git2 / libgit2-sys crates to pull
in fixes included in libgit2 between v1.8.1 and v1.9.2.
--------------------------------------------------------------------------------
ChangeLog:
* Sat Feb 7 2026 Fabio Valentini [decathorpe@gmail.com] - 14.0.0-4
- Rebuild for RUSTSEC-2026-{0007,0008,0009} and CVE-2026-25537
* Sat Jan 17 2026 Fedora Release Engineering [releng@fedoraproject.org] - 14.0.0-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2437470 - CVE-2026-25537 rust-jsonwebtoken: jsonwebtoken has Type Confusion that leads to potential authorization bypass [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2437470
[ 2 ] Bug #2437472 - CVE-2026-25537 uv: jsonwebtoken has Type Confusion that leads to potential authorization bypass [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2437472
[ 3 ] Bug #2438104 - CVE-2026-25727 atuin: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438104
[ 4 ] Bug #2438135 - CVE-2026-25727 keylime-agent-rust: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438135
[ 5 ] Bug #2438138 - CVE-2026-25727 maturin: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438138
[ 6 ] Bug #2438149 - CVE-2026-25727 rustup: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438149
[ 7 ] Bug #2438158 - CVE-2026-25727 tbtools: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438158
[ 8 ] Bug #2438164 - CVE-2026-25727 tuigreet: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438164
[ 9 ] Bug #2438165 - CVE-2026-25727 uv: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438165
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-f400579a21' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 43 Update: helix-25.07.1-7.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-f400579a21
2026-02-10 01:31:32.937525+00:00
--------------------------------------------------------------------------------
Name : helix
Product : Fedora 43
Version : 25.07.1
Release : 7.fc43
URL : https://helix-editor.com/
Summary : A post-modern modal text editor written in Rust
Description :
A Kakoune / Neovim inspired editor, written in Rust.
--------------------------------------------------------------------------------
Update Information:
Update the time crate to version 0.3.47.
Update the time-macros crate to version 0.2.27.
Update the time-core crate to version 0.1.8.
Update the num-conv crate to version 0.2.0.
Update the git2 crate to version 0.20.4.
Update the bytes crate to version 1.11.1.
Additionally, this update contains rebuilds of applications affected by security
advisories:
bytes: RUSTSEC-2026-0007
git2: RUSTSEC-2026-0008
jsonwebtoken: CVE-2026-25537
time: RUSTSEC-2026-0009
All applications that statically link libgit2 via the git2 Rust bindings were
also rebuilt against the latest version of the git2 / libgit2-sys crates to pull
in fixes included in libgit2 between v1.8.1 and v1.9.2.
--------------------------------------------------------------------------------
ChangeLog:
* Sat Feb 7 2026 Fabio Valentini [decathorpe@gmail.com] - 25.07.1-7
- Rebuild for RUSTSEC-2026-{0007,0008,0009} and CVE-2026-25537
* Fri Jan 16 2026 Fedora Release Engineering [releng@fedoraproject.org] - 25.07.1-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2437470 - CVE-2026-25537 rust-jsonwebtoken: jsonwebtoken has Type Confusion that leads to potential authorization bypass [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2437470
[ 2 ] Bug #2437472 - CVE-2026-25537 uv: jsonwebtoken has Type Confusion that leads to potential authorization bypass [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2437472
[ 3 ] Bug #2438104 - CVE-2026-25727 atuin: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438104
[ 4 ] Bug #2438135 - CVE-2026-25727 keylime-agent-rust: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438135
[ 5 ] Bug #2438138 - CVE-2026-25727 maturin: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438138
[ 6 ] Bug #2438149 - CVE-2026-25727 rustup: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438149
[ 7 ] Bug #2438158 - CVE-2026-25727 tbtools: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438158
[ 8 ] Bug #2438164 - CVE-2026-25727 tuigreet: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438164
[ 9 ] Bug #2438165 - CVE-2026-25727 uv: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438165
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-f400579a21' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 43 Update: rust-time-core-0.1.8-1.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-f400579a21
2026-02-10 01:31:32.937525+00:00
--------------------------------------------------------------------------------
Name : rust-time-core
Product : Fedora 43
Version : 0.1.8
Release : 1.fc43
URL : https://crates.io/crates/time-core
Summary : Internal implementation details of the 'time' crate
Description :
Internal implementation details of the 'time' crate.
--------------------------------------------------------------------------------
Update Information:
Update the time crate to version 0.3.47.
Update the time-macros crate to version 0.2.27.
Update the time-core crate to version 0.1.8.
Update the num-conv crate to version 0.2.0.
Update the git2 crate to version 0.20.4.
Update the bytes crate to version 1.11.1.
Additionally, this update contains rebuilds of applications affected by security
advisories:
bytes: RUSTSEC-2026-0007
git2: RUSTSEC-2026-0008
jsonwebtoken: CVE-2026-25537
time: RUSTSEC-2026-0009
All applications that statically link libgit2 via the git2 Rust bindings were
also rebuilt against the latest version of the git2 / libgit2-sys crates to pull
in fixes included in libgit2 between v1.8.1 and v1.9.2.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Feb 6 2026 Fabio Valentini [decathorpe@gmail.com] - 0.1.8-1
- Update to version 0.1.8; Fixes RHBZ#2428875
* Sat Jan 17 2026 Fedora Release Engineering [releng@fedoraproject.org] - 0.1.6-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2437470 - CVE-2026-25537 rust-jsonwebtoken: jsonwebtoken has Type Confusion that leads to potential authorization bypass [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2437470
[ 2 ] Bug #2437472 - CVE-2026-25537 uv: jsonwebtoken has Type Confusion that leads to potential authorization bypass [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2437472
[ 3 ] Bug #2438104 - CVE-2026-25727 atuin: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438104
[ 4 ] Bug #2438135 - CVE-2026-25727 keylime-agent-rust: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438135
[ 5 ] Bug #2438138 - CVE-2026-25727 maturin: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438138
[ 6 ] Bug #2438149 - CVE-2026-25727 rustup: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438149
[ 7 ] Bug #2438158 - CVE-2026-25727 tbtools: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438158
[ 8 ] Bug #2438164 - CVE-2026-25727 tuigreet: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438164
[ 9 ] Bug #2438165 - CVE-2026-25727 uv: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438165
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-f400579a21' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 43 Update: greetd-0.10.3-6.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-f400579a21
2026-02-10 01:31:32.937525+00:00
--------------------------------------------------------------------------------
Name : greetd
Product : Fedora 43
Version : 0.10.3
Release : 6.fc43
URL : https://kl.wtf/projects/greetd
Summary : A generic greeter daemon
Description :
greetd is a minimal and flexible login manager daemon
that makes no assumptions about what you want to launch.
--------------------------------------------------------------------------------
Update Information:
Update the time crate to version 0.3.47.
Update the time-macros crate to version 0.2.27.
Update the time-core crate to version 0.1.8.
Update the num-conv crate to version 0.2.0.
Update the git2 crate to version 0.20.4.
Update the bytes crate to version 1.11.1.
Additionally, this update contains rebuilds of applications affected by security
advisories:
bytes: RUSTSEC-2026-0007
git2: RUSTSEC-2026-0008
jsonwebtoken: CVE-2026-25537
time: RUSTSEC-2026-0009
All applications that statically link libgit2 via the git2 Rust bindings were
also rebuilt against the latest version of the git2 / libgit2-sys crates to pull
in fixes included in libgit2 between v1.8.1 and v1.9.2.
--------------------------------------------------------------------------------
ChangeLog:
* Sat Feb 7 2026 Fabio Valentini [decathorpe@gmail.com] - 0.10.3-6
- Rebuild for RUSTSEC-2026-{0007,0008,0009} and CVE-2026-25537
* Fri Jan 16 2026 Fedora Release Engineering [releng@fedoraproject.org] - 0.10.3-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2437470 - CVE-2026-25537 rust-jsonwebtoken: jsonwebtoken has Type Confusion that leads to potential authorization bypass [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2437470
[ 2 ] Bug #2437472 - CVE-2026-25537 uv: jsonwebtoken has Type Confusion that leads to potential authorization bypass [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2437472
[ 3 ] Bug #2438104 - CVE-2026-25727 atuin: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438104
[ 4 ] Bug #2438135 - CVE-2026-25727 keylime-agent-rust: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438135
[ 5 ] Bug #2438138 - CVE-2026-25727 maturin: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438138
[ 6 ] Bug #2438149 - CVE-2026-25727 rustup: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438149
[ 7 ] Bug #2438158 - CVE-2026-25727 tbtools: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438158
[ 8 ] Bug #2438164 - CVE-2026-25727 tuigreet: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438164
[ 9 ] Bug #2438165 - CVE-2026-25727 uv: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438165
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-f400579a21' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 43 Update: rust-tealdeer-1.7.2-4.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-f400579a21
2026-02-10 01:31:32.937525+00:00
--------------------------------------------------------------------------------
Name : rust-tealdeer
Product : Fedora 43
Version : 1.7.2
Release : 4.fc43
URL : https://crates.io/crates/tealdeer
Summary : Fetch and show tldr help pages for many CLI commands
Description :
Fetch and show tldr help pages for many CLI commands. Full featured
offline client with caching support.
--------------------------------------------------------------------------------
Update Information:
Update the time crate to version 0.3.47.
Update the time-macros crate to version 0.2.27.
Update the time-core crate to version 0.1.8.
Update the num-conv crate to version 0.2.0.
Update the git2 crate to version 0.20.4.
Update the bytes crate to version 1.11.1.
Additionally, this update contains rebuilds of applications affected by security
advisories:
bytes: RUSTSEC-2026-0007
git2: RUSTSEC-2026-0008
jsonwebtoken: CVE-2026-25537
time: RUSTSEC-2026-0009
All applications that statically link libgit2 via the git2 Rust bindings were
also rebuilt against the latest version of the git2 / libgit2-sys crates to pull
in fixes included in libgit2 between v1.8.1 and v1.9.2.
--------------------------------------------------------------------------------
ChangeLog:
* Sat Feb 7 2026 Fabio Valentini [decathorpe@gmail.com] - 1.7.2-4
- Rebuild for RUSTSEC-2026-{0007,0008,0009} and CVE-2026-25537
* Sat Jan 17 2026 Fedora Release Engineering [releng@fedoraproject.org] - 1.7.2-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2437470 - CVE-2026-25537 rust-jsonwebtoken: jsonwebtoken has Type Confusion that leads to potential authorization bypass [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2437470
[ 2 ] Bug #2437472 - CVE-2026-25537 uv: jsonwebtoken has Type Confusion that leads to potential authorization bypass [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2437472
[ 3 ] Bug #2438104 - CVE-2026-25727 atuin: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438104
[ 4 ] Bug #2438135 - CVE-2026-25727 keylime-agent-rust: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438135
[ 5 ] Bug #2438138 - CVE-2026-25727 maturin: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438138
[ 6 ] Bug #2438149 - CVE-2026-25727 rustup: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438149
[ 7 ] Bug #2438158 - CVE-2026-25727 tbtools: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438158
[ 8 ] Bug #2438164 - CVE-2026-25727 tuigreet: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438164
[ 9 ] Bug #2438165 - CVE-2026-25727 uv: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438165
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-f400579a21' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 43 Update: atuin-18.6.1-10.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-f400579a21
2026-02-10 01:31:32.937525+00:00
--------------------------------------------------------------------------------
Name : atuin
Product : Fedora 43
Version : 18.6.1
Release : 10.fc43
URL : https://atuin.sh
Summary : Magical shell history
Description :
Atuin replaces your existing shell history with a SQLite database, and records
additional context for your commands. Additionally, it provides optional and
fully encrypted synchronization of your history between machines, via an Atuin
server.
--------------------------------------------------------------------------------
Update Information:
Update the time crate to version 0.3.47.
Update the time-macros crate to version 0.2.27.
Update the time-core crate to version 0.1.8.
Update the num-conv crate to version 0.2.0.
Update the git2 crate to version 0.20.4.
Update the bytes crate to version 1.11.1.
Additionally, this update contains rebuilds of applications affected by security
advisories:
bytes: RUSTSEC-2026-0007
git2: RUSTSEC-2026-0008
jsonwebtoken: CVE-2026-25537
time: RUSTSEC-2026-0009
All applications that statically link libgit2 via the git2 Rust bindings were
also rebuilt against the latest version of the git2 / libgit2-sys crates to pull
in fixes included in libgit2 between v1.8.1 and v1.9.2.
--------------------------------------------------------------------------------
ChangeLog:
* Sun Feb 8 2026 Benjamin A. Beasley [code@musicinmybrain.net] - 18.6.1-10
- Rebuild for RUSTSEC-2026-{0007,0008,0009} and CVE-2026-25537
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2437470 - CVE-2026-25537 rust-jsonwebtoken: jsonwebtoken has Type Confusion that leads to potential authorization bypass [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2437470
[ 2 ] Bug #2437472 - CVE-2026-25537 uv: jsonwebtoken has Type Confusion that leads to potential authorization bypass [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2437472
[ 3 ] Bug #2438104 - CVE-2026-25727 atuin: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438104
[ 4 ] Bug #2438135 - CVE-2026-25727 keylime-agent-rust: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438135
[ 5 ] Bug #2438138 - CVE-2026-25727 maturin: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438138
[ 6 ] Bug #2438149 - CVE-2026-25727 rustup: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438149
[ 7 ] Bug #2438158 - CVE-2026-25727 tbtools: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438158
[ 8 ] Bug #2438164 - CVE-2026-25727 tuigreet: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438164
[ 9 ] Bug #2438165 - CVE-2026-25727 uv: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438165
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-f400579a21' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 43 Update: rust-snpguest-0.9.2-4.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-f400579a21
2026-02-10 01:31:32.937525+00:00
--------------------------------------------------------------------------------
Name : rust-snpguest
Product : Fedora 43
Version : 0.9.2
Release : 4.fc43
URL : https://crates.io/crates/snpguest
Summary : AMD SEV-SNP guest utility tool
Description :
Navigation utility for AMD SEV-SNP guest environment.
--------------------------------------------------------------------------------
Update Information:
Update the time crate to version 0.3.47.
Update the time-macros crate to version 0.2.27.
Update the time-core crate to version 0.1.8.
Update the num-conv crate to version 0.2.0.
Update the git2 crate to version 0.20.4.
Update the bytes crate to version 1.11.1.
Additionally, this update contains rebuilds of applications affected by security
advisories:
bytes: RUSTSEC-2026-0007
git2: RUSTSEC-2026-0008
jsonwebtoken: CVE-2026-25537
time: RUSTSEC-2026-0009
All applications that statically link libgit2 via the git2 Rust bindings were
also rebuilt against the latest version of the git2 / libgit2-sys crates to pull
in fixes included in libgit2 between v1.8.1 and v1.9.2.
--------------------------------------------------------------------------------
ChangeLog:
* Sat Feb 7 2026 Fabio Valentini [decathorpe@gmail.com] - 0.9.2-4
- Rebuild for RUSTSEC-2026-{0007,0008,0009} and CVE-2026-25537
* Fri Jan 30 2026 Fabio Valentini [decathorpe@gmail.com] - 0.9.2-3
- Drop unused nix dependency
* Sat Jan 17 2026 Fedora Release Engineering [releng@fedoraproject.org] - 0.9.2-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2437470 - CVE-2026-25537 rust-jsonwebtoken: jsonwebtoken has Type Confusion that leads to potential authorization bypass [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2437470
[ 2 ] Bug #2437472 - CVE-2026-25537 uv: jsonwebtoken has Type Confusion that leads to potential authorization bypass [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2437472
[ 3 ] Bug #2438104 - CVE-2026-25727 atuin: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438104
[ 4 ] Bug #2438135 - CVE-2026-25727 keylime-agent-rust: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438135
[ 5 ] Bug #2438138 - CVE-2026-25727 maturin: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438138
[ 6 ] Bug #2438149 - CVE-2026-25727 rustup: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438149
[ 7 ] Bug #2438158 - CVE-2026-25727 tbtools: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438158
[ 8 ] Bug #2438164 - CVE-2026-25727 tuigreet: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438164
[ 9 ] Bug #2438165 - CVE-2026-25727 uv: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438165
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-f400579a21' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 43 Update: rust-shadow-rs-0.8.1-14.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-f400579a21
2026-02-10 01:31:32.937525+00:00
--------------------------------------------------------------------------------
Name : rust-shadow-rs
Product : Fedora 43
Version : 0.8.1
Release : 14.fc43
URL : https://crates.io/crates/shadow-rs
Summary : Build-time information stored in your rust project
Description :
A build-time information stored in your rust project.
--------------------------------------------------------------------------------
Update Information:
Update the time crate to version 0.3.47.
Update the time-macros crate to version 0.2.27.
Update the time-core crate to version 0.1.8.
Update the num-conv crate to version 0.2.0.
Update the git2 crate to version 0.20.4.
Update the bytes crate to version 1.11.1.
Additionally, this update contains rebuilds of applications affected by security
advisories:
bytes: RUSTSEC-2026-0007
git2: RUSTSEC-2026-0008
jsonwebtoken: CVE-2026-25537
time: RUSTSEC-2026-0009
All applications that statically link libgit2 via the git2 Rust bindings were
also rebuilt against the latest version of the git2 / libgit2-sys crates to pull
in fixes included in libgit2 between v1.8.1 and v1.9.2.
--------------------------------------------------------------------------------
ChangeLog:
* Sat Feb 7 2026 Fabio Valentini [decathorpe@gmail.com] - 0.8.1-14
- Bump git2 dependency to v0.20
* Sat Jan 17 2026 Fedora Release Engineering [releng@fedoraproject.org] - 0.8.1-13
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2437470 - CVE-2026-25537 rust-jsonwebtoken: jsonwebtoken has Type Confusion that leads to potential authorization bypass [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2437470
[ 2 ] Bug #2437472 - CVE-2026-25537 uv: jsonwebtoken has Type Confusion that leads to potential authorization bypass [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2437472
[ 3 ] Bug #2438104 - CVE-2026-25727 atuin: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438104
[ 4 ] Bug #2438135 - CVE-2026-25727 keylime-agent-rust: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438135
[ 5 ] Bug #2438138 - CVE-2026-25727 maturin: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438138
[ 6 ] Bug #2438149 - CVE-2026-25727 rustup: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438149
[ 7 ] Bug #2438158 - CVE-2026-25727 tbtools: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438158
[ 8 ] Bug #2438164 - CVE-2026-25727 tuigreet: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438164
[ 9 ] Bug #2438165 - CVE-2026-25727 uv: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438165
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-f400579a21' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 43 Update: rust-sigul-pesign-bridge-0.5.0-3.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-f400579a21
2026-02-10 01:31:32.937525+00:00
--------------------------------------------------------------------------------
Name : rust-sigul-pesign-bridge
Product : Fedora 43
Version : 0.5.0
Release : 3.fc43
URL : https://crates.io/crates/sigul-pesign-bridge
Summary : Bridge pesign-client requests to a Sigul signing server
Description :
Drop-in replacement for pesign's daemon that bridges pesign-client
requests to a Sigul server.
--------------------------------------------------------------------------------
Update Information:
Update the time crate to version 0.3.47.
Update the time-macros crate to version 0.2.27.
Update the time-core crate to version 0.1.8.
Update the num-conv crate to version 0.2.0.
Update the git2 crate to version 0.20.4.
Update the bytes crate to version 1.11.1.
Additionally, this update contains rebuilds of applications affected by security
advisories:
bytes: RUSTSEC-2026-0007
git2: RUSTSEC-2026-0008
jsonwebtoken: CVE-2026-25537
time: RUSTSEC-2026-0009
All applications that statically link libgit2 via the git2 Rust bindings were
also rebuilt against the latest version of the git2 / libgit2-sys crates to pull
in fixes included in libgit2 between v1.8.1 and v1.9.2.
--------------------------------------------------------------------------------
ChangeLog:
* Sat Feb 7 2026 Fabio Valentini [decathorpe@gmail.com] - 0.5.0-3
- Rebuild for RUSTSEC-2026-{0007,0008,0009} and CVE-2026-25537
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2437470 - CVE-2026-25537 rust-jsonwebtoken: jsonwebtoken has Type Confusion that leads to potential authorization bypass [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2437470
[ 2 ] Bug #2437472 - CVE-2026-25537 uv: jsonwebtoken has Type Confusion that leads to potential authorization bypass [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2437472
[ 3 ] Bug #2438104 - CVE-2026-25727 atuin: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438104
[ 4 ] Bug #2438135 - CVE-2026-25727 keylime-agent-rust: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438135
[ 5 ] Bug #2438138 - CVE-2026-25727 maturin: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438138
[ 6 ] Bug #2438149 - CVE-2026-25727 rustup: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438149
[ 7 ] Bug #2438158 - CVE-2026-25727 tbtools: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438158
[ 8 ] Bug #2438164 - CVE-2026-25727 tuigreet: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438164
[ 9 ] Bug #2438165 - CVE-2026-25727 uv: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438165
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-f400579a21' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 43 Update: rust-sevctl-0.6.2-6.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-f400579a21
2026-02-10 01:31:32.937525+00:00
--------------------------------------------------------------------------------
Name : rust-sevctl
Product : Fedora 43
Version : 0.6.2
Release : 6.fc43
URL : https://crates.io/crates/sevctl
Summary : Administrative utility for AMD SEV
Description :
Administrative utility for AMD SEV.
--------------------------------------------------------------------------------
Update Information:
Update the time crate to version 0.3.47.
Update the time-macros crate to version 0.2.27.
Update the time-core crate to version 0.1.8.
Update the num-conv crate to version 0.2.0.
Update the git2 crate to version 0.20.4.
Update the bytes crate to version 1.11.1.
Additionally, this update contains rebuilds of applications affected by security
advisories:
bytes: RUSTSEC-2026-0007
git2: RUSTSEC-2026-0008
jsonwebtoken: CVE-2026-25537
time: RUSTSEC-2026-0009
All applications that statically link libgit2 via the git2 Rust bindings were
also rebuilt against the latest version of the git2 / libgit2-sys crates to pull
in fixes included in libgit2 between v1.8.1 and v1.9.2.
--------------------------------------------------------------------------------
ChangeLog:
* Sat Feb 7 2026 Fabio Valentini [decathorpe@gmail.com] - 0.6.2-6
- Rebuild for RUSTSEC-2026-{0007,0008,0009} and CVE-2026-25537
* Sat Jan 17 2026 Fedora Release Engineering [releng@fedoraproject.org] - 0.6.2-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2437470 - CVE-2026-25537 rust-jsonwebtoken: jsonwebtoken has Type Confusion that leads to potential authorization bypass [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2437470
[ 2 ] Bug #2437472 - CVE-2026-25537 uv: jsonwebtoken has Type Confusion that leads to potential authorization bypass [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2437472
[ 3 ] Bug #2438104 - CVE-2026-25727 atuin: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438104
[ 4 ] Bug #2438135 - CVE-2026-25727 keylime-agent-rust: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438135
[ 5 ] Bug #2438138 - CVE-2026-25727 maturin: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438138
[ 6 ] Bug #2438149 - CVE-2026-25727 rustup: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438149
[ 7 ] Bug #2438158 - CVE-2026-25727 tbtools: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438158
[ 8 ] Bug #2438164 - CVE-2026-25727 tuigreet: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438164
[ 9 ] Bug #2438165 - CVE-2026-25727 uv: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438165
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-f400579a21' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 43 Update: rust-sequoia-sq-1.3.1-10.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-f400579a21
2026-02-10 01:31:32.937525+00:00
--------------------------------------------------------------------------------
Name : rust-sequoia-sq
Product : Fedora 43
Version : 1.3.1
Release : 10.fc43
URL : https://crates.io/crates/sequoia-sq
Summary : Command-line frontends for Sequoia
Description :
Command-line frontends for Sequoia.
--------------------------------------------------------------------------------
Update Information:
Update the time crate to version 0.3.47.
Update the time-macros crate to version 0.2.27.
Update the time-core crate to version 0.1.8.
Update the num-conv crate to version 0.2.0.
Update the git2 crate to version 0.20.4.
Update the bytes crate to version 1.11.1.
Additionally, this update contains rebuilds of applications affected by security
advisories:
bytes: RUSTSEC-2026-0007
git2: RUSTSEC-2026-0008
jsonwebtoken: CVE-2026-25537
time: RUSTSEC-2026-0009
All applications that statically link libgit2 via the git2 Rust bindings were
also rebuilt against the latest version of the git2 / libgit2-sys crates to pull
in fixes included in libgit2 between v1.8.1 and v1.9.2.
--------------------------------------------------------------------------------
ChangeLog:
* Sat Feb 7 2026 Fabio Valentini [decathorpe@gmail.com] - 1.3.1-10
- Rebuild for RUSTSEC-2026-{0007,0008,0009} and CVE-2026-25537
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2437470 - CVE-2026-25537 rust-jsonwebtoken: jsonwebtoken has Type Confusion that leads to potential authorization bypass [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2437470
[ 2 ] Bug #2437472 - CVE-2026-25537 uv: jsonwebtoken has Type Confusion that leads to potential authorization bypass [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2437472
[ 3 ] Bug #2438104 - CVE-2026-25727 atuin: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438104
[ 4 ] Bug #2438135 - CVE-2026-25727 keylime-agent-rust: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438135
[ 5 ] Bug #2438138 - CVE-2026-25727 maturin: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438138
[ 6 ] Bug #2438149 - CVE-2026-25727 rustup: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438149
[ 7 ] Bug #2438158 - CVE-2026-25727 tbtools: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438158
[ 8 ] Bug #2438164 - CVE-2026-25727 tuigreet: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438164
[ 9 ] Bug #2438165 - CVE-2026-25727 uv: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438165
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-f400579a21' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 43 Update: rust-sequoia-chameleon-gnupg-0.13.1-9.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-f400579a21
2026-02-10 01:31:32.937525+00:00
--------------------------------------------------------------------------------
Name : rust-sequoia-chameleon-gnupg
Product : Fedora 43
Version : 0.13.1
Release : 9.fc43
URL : https://crates.io/crates/sequoia-chameleon-gnupg
Summary : Sequoia's reimplementation of the GnuPG interface
Description :
Sequoia's reimplementation of the GnuPG interface.
--------------------------------------------------------------------------------
Update Information:
Update the time crate to version 0.3.47.
Update the time-macros crate to version 0.2.27.
Update the time-core crate to version 0.1.8.
Update the num-conv crate to version 0.2.0.
Update the git2 crate to version 0.20.4.
Update the bytes crate to version 1.11.1.
Additionally, this update contains rebuilds of applications affected by security
advisories:
bytes: RUSTSEC-2026-0007
git2: RUSTSEC-2026-0008
jsonwebtoken: CVE-2026-25537
time: RUSTSEC-2026-0009
All applications that statically link libgit2 via the git2 Rust bindings were
also rebuilt against the latest version of the git2 / libgit2-sys crates to pull
in fixes included in libgit2 between v1.8.1 and v1.9.2.
--------------------------------------------------------------------------------
ChangeLog:
* Sat Feb 7 2026 Fabio Valentini [decathorpe@gmail.com] - 0.13.1-9
- Rebuild for RUSTSEC-2026-{0007,0008,0009} and CVE-2026-25537
* Sat Jan 17 2026 Fedora Release Engineering [releng@fedoraproject.org] - 0.13.1-8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2437470 - CVE-2026-25537 rust-jsonwebtoken: jsonwebtoken has Type Confusion that leads to potential authorization bypass [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2437470
[ 2 ] Bug #2437472 - CVE-2026-25537 uv: jsonwebtoken has Type Confusion that leads to potential authorization bypass [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2437472
[ 3 ] Bug #2438104 - CVE-2026-25727 atuin: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438104
[ 4 ] Bug #2438135 - CVE-2026-25727 keylime-agent-rust: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438135
[ 5 ] Bug #2438138 - CVE-2026-25727 maturin: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438138
[ 6 ] Bug #2438149 - CVE-2026-25727 rustup: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438149
[ 7 ] Bug #2438158 - CVE-2026-25727 tbtools: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438158
[ 8 ] Bug #2438164 - CVE-2026-25727 tuigreet: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438164
[ 9 ] Bug #2438165 - CVE-2026-25727 uv: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438165
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-f400579a21' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 43 Update: rust-sequoia-keystore-server-0.2.0-6.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-f400579a21
2026-02-10 01:31:32.937525+00:00
--------------------------------------------------------------------------------
Name : rust-sequoia-keystore-server
Product : Fedora 43
Version : 0.2.0
Release : 6.fc43
URL : https://crates.io/crates/sequoia-keystore-server
Summary : Sequoia keystore daemon
Description :
Sequoia keystore daemon.
--------------------------------------------------------------------------------
Update Information:
Update the time crate to version 0.3.47.
Update the time-macros crate to version 0.2.27.
Update the time-core crate to version 0.1.8.
Update the num-conv crate to version 0.2.0.
Update the git2 crate to version 0.20.4.
Update the bytes crate to version 1.11.1.
Additionally, this update contains rebuilds of applications affected by security
advisories:
bytes: RUSTSEC-2026-0007
git2: RUSTSEC-2026-0008
jsonwebtoken: CVE-2026-25537
time: RUSTSEC-2026-0009
All applications that statically link libgit2 via the git2 Rust bindings were
also rebuilt against the latest version of the git2 / libgit2-sys crates to pull
in fixes included in libgit2 between v1.8.1 and v1.9.2.
--------------------------------------------------------------------------------
ChangeLog:
* Sat Feb 7 2026 Fabio Valentini [decathorpe@gmail.com] - 0.2.0-6
- Rebuild for RUSTSEC-2026-{0007,0008,0009} and CVE-2026-25537
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2437470 - CVE-2026-25537 rust-jsonwebtoken: jsonwebtoken has Type Confusion that leads to potential authorization bypass [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2437470
[ 2 ] Bug #2437472 - CVE-2026-25537 uv: jsonwebtoken has Type Confusion that leads to potential authorization bypass [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2437472
[ 3 ] Bug #2438104 - CVE-2026-25727 atuin: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438104
[ 4 ] Bug #2438135 - CVE-2026-25727 keylime-agent-rust: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438135
[ 5 ] Bug #2438138 - CVE-2026-25727 maturin: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438138
[ 6 ] Bug #2438149 - CVE-2026-25727 rustup: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438149
[ 7 ] Bug #2438158 - CVE-2026-25727 tbtools: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438158
[ 8 ] Bug #2438164 - CVE-2026-25727 tuigreet: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438164
[ 9 ] Bug #2438165 - CVE-2026-25727 uv: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438165
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-f400579a21' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 43 Update: rust-scx_rusty-0.5.4-7.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-f400579a21
2026-02-10 01:31:32.937525+00:00
--------------------------------------------------------------------------------
Name : rust-scx_rusty
Product : Fedora 43
Version : 0.5.4
Release : 7.fc43
URL : https://crates.io/crates/scx_rusty
Summary : A multi-domain, BPF / user space hybrid scheduler
Description :
A multi-domain, BPF / user space hybrid scheduler used within sched_ext,
which is a Linux kernel feature which enables implementing kernel thread
schedulers in BPF and dynamically loading them.
https://github.com/sched-ext/scx/tree/main
--------------------------------------------------------------------------------
Update Information:
Update the time crate to version 0.3.47.
Update the time-macros crate to version 0.2.27.
Update the time-core crate to version 0.1.8.
Update the num-conv crate to version 0.2.0.
Update the git2 crate to version 0.20.4.
Update the bytes crate to version 1.11.1.
Additionally, this update contains rebuilds of applications affected by security
advisories:
bytes: RUSTSEC-2026-0007
git2: RUSTSEC-2026-0008
jsonwebtoken: CVE-2026-25537
time: RUSTSEC-2026-0009
All applications that statically link libgit2 via the git2 Rust bindings were
also rebuilt against the latest version of the git2 / libgit2-sys crates to pull
in fixes included in libgit2 between v1.8.1 and v1.9.2.
--------------------------------------------------------------------------------
ChangeLog:
* Sat Feb 7 2026 Fabio Valentini [decathorpe@gmail.com] - 0.5.4-7
- Rebuild for RUSTSEC-2026-{0007,0008,0009} and CVE-2026-25537
* Sat Jan 17 2026 Fedora Release Engineering [releng@fedoraproject.org] - 0.5.4-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2437470 - CVE-2026-25537 rust-jsonwebtoken: jsonwebtoken has Type Confusion that leads to potential authorization bypass [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2437470
[ 2 ] Bug #2437472 - CVE-2026-25537 uv: jsonwebtoken has Type Confusion that leads to potential authorization bypass [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2437472
[ 3 ] Bug #2438104 - CVE-2026-25727 atuin: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438104
[ 4 ] Bug #2438135 - CVE-2026-25727 keylime-agent-rust: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438135
[ 5 ] Bug #2438138 - CVE-2026-25727 maturin: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438138
[ 6 ] Bug #2438149 - CVE-2026-25727 rustup: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438149
[ 7 ] Bug #2438158 - CVE-2026-25727 tbtools: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438158
[ 8 ] Bug #2438164 - CVE-2026-25727 tuigreet: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438164
[ 9 ] Bug #2438165 - CVE-2026-25727 uv: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438165
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-f400579a21' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 43 Update: rust-scx_rustland-0.0.3-7.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-f400579a21
2026-02-10 01:31:32.937525+00:00
--------------------------------------------------------------------------------
Name : rust-scx_rustland
Product : Fedora 43
Version : 0.0.3
Release : 7.fc43
URL : https://crates.io/crates/scx_rustland
Summary : A simple user-space scheduler written in Rust
Description :
A BPF component (dispatcher) that implements the low level
sched-ext functionalities and a user-space counterpart (scheduler),
written in Rust, that implements the actual scheduling policy.
This is used within sched_ext, which is a Linux kernel feature
which enables implementing kernel thread schedulers in BPF and
dynamically loading them.
https://github.com/sched-ext/scx/tree/main
--------------------------------------------------------------------------------
Update Information:
Update the time crate to version 0.3.47.
Update the time-macros crate to version 0.2.27.
Update the time-core crate to version 0.1.8.
Update the num-conv crate to version 0.2.0.
Update the git2 crate to version 0.20.4.
Update the bytes crate to version 1.11.1.
Additionally, this update contains rebuilds of applications affected by security
advisories:
bytes: RUSTSEC-2026-0007
git2: RUSTSEC-2026-0008
jsonwebtoken: CVE-2026-25537
time: RUSTSEC-2026-0009
All applications that statically link libgit2 via the git2 Rust bindings were
also rebuilt against the latest version of the git2 / libgit2-sys crates to pull
in fixes included in libgit2 between v1.8.1 and v1.9.2.
--------------------------------------------------------------------------------
ChangeLog:
* Sat Feb 7 2026 Fabio Valentini [decathorpe@gmail.com] - 0.0.3-7
- Rebuild for RUSTSEC-2026-{0007,0008,0009} and CVE-2026-25537
* Sat Jan 17 2026 Fedora Release Engineering [releng@fedoraproject.org] - 0.0.3-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2437470 - CVE-2026-25537 rust-jsonwebtoken: jsonwebtoken has Type Confusion that leads to potential authorization bypass [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2437470
[ 2 ] Bug #2437472 - CVE-2026-25537 uv: jsonwebtoken has Type Confusion that leads to potential authorization bypass [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2437472
[ 3 ] Bug #2438104 - CVE-2026-25727 atuin: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438104
[ 4 ] Bug #2438135 - CVE-2026-25727 keylime-agent-rust: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438135
[ 5 ] Bug #2438138 - CVE-2026-25727 maturin: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438138
[ 6 ] Bug #2438149 - CVE-2026-25727 rustup: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438149
[ 7 ] Bug #2438158 - CVE-2026-25727 tbtools: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438158
[ 8 ] Bug #2438164 - CVE-2026-25727 tuigreet: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438164
[ 9 ] Bug #2438165 - CVE-2026-25727 uv: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438165
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-f400579a21' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 43 Update: rust-scx_layered-0.0.6-7.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-f400579a21
2026-02-10 01:31:32.937525+00:00
--------------------------------------------------------------------------------
Name : rust-scx_layered
Product : Fedora 43
Version : 0.0.6
Release : 7.fc43
URL : https://crates.io/crates/scx_layered
Summary : Configurable multi-layer BPF / user space hybrid scheduler
Description :
A highly configurable multi-layer BPF / user space hybrid scheduler
used within sched_ext, which is a Linux kernel feature which enables
implementing kernel thread schedulers in BPF and dynamically loading
them. https://github.com/sched-ext/scx/tree/main
--------------------------------------------------------------------------------
Update Information:
Update the time crate to version 0.3.47.
Update the time-macros crate to version 0.2.27.
Update the time-core crate to version 0.1.8.
Update the num-conv crate to version 0.2.0.
Update the git2 crate to version 0.20.4.
Update the bytes crate to version 1.11.1.
Additionally, this update contains rebuilds of applications affected by security
advisories:
bytes: RUSTSEC-2026-0007
git2: RUSTSEC-2026-0008
jsonwebtoken: CVE-2026-25537
time: RUSTSEC-2026-0009
All applications that statically link libgit2 via the git2 Rust bindings were
also rebuilt against the latest version of the git2 / libgit2-sys crates to pull
in fixes included in libgit2 between v1.8.1 and v1.9.2.
--------------------------------------------------------------------------------
ChangeLog:
* Sat Feb 7 2026 Fabio Valentini [decathorpe@gmail.com] - 0.0.6-7
- Rebuild for RUSTSEC-2026-{0007,0008,0009} and CVE-2026-25537
* Sat Jan 17 2026 Fedora Release Engineering [releng@fedoraproject.org] - 0.0.6-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2437470 - CVE-2026-25537 rust-jsonwebtoken: jsonwebtoken has Type Confusion that leads to potential authorization bypass [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2437470
[ 2 ] Bug #2437472 - CVE-2026-25537 uv: jsonwebtoken has Type Confusion that leads to potential authorization bypass [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2437472
[ 3 ] Bug #2438104 - CVE-2026-25727 atuin: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438104
[ 4 ] Bug #2438135 - CVE-2026-25727 keylime-agent-rust: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438135
[ 5 ] Bug #2438138 - CVE-2026-25727 maturin: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438138
[ 6 ] Bug #2438149 - CVE-2026-25727 rustup: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438149
[ 7 ] Bug #2438158 - CVE-2026-25727 tbtools: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438158
[ 8 ] Bug #2438164 - CVE-2026-25727 tuigreet: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438164
[ 9 ] Bug #2438165 - CVE-2026-25727 uv: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438165
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-f400579a21' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 43 Update: rust-sccache-0.13.0-3.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-f400579a21
2026-02-10 01:31:32.937525+00:00
--------------------------------------------------------------------------------
Name : rust-sccache
Product : Fedora 43
Version : 0.13.0
Release : 3.fc43
URL : https://crates.io/crates/sccache
Summary : Sccache is a ccache-like tool
Description :
Sccache is a ccache-like tool. It is used as a compiler wrapper and
avoids compilation when possible. Sccache has the capability to utilize
caching in remote storage environments, including various cloud storage
options, or alternatively, in local storage.
--------------------------------------------------------------------------------
Update Information:
Update the time crate to version 0.3.47.
Update the time-macros crate to version 0.2.27.
Update the time-core crate to version 0.1.8.
Update the num-conv crate to version 0.2.0.
Update the git2 crate to version 0.20.4.
Update the bytes crate to version 1.11.1.
Additionally, this update contains rebuilds of applications affected by security
advisories:
bytes: RUSTSEC-2026-0007
git2: RUSTSEC-2026-0008
jsonwebtoken: CVE-2026-25537
time: RUSTSEC-2026-0009
All applications that statically link libgit2 via the git2 Rust bindings were
also rebuilt against the latest version of the git2 / libgit2-sys crates to pull
in fixes included in libgit2 between v1.8.1 and v1.9.2.
--------------------------------------------------------------------------------
ChangeLog:
* Sat Feb 7 2026 Fabio Valentini [decathorpe@gmail.com] - 0.13.0-3
- Rebuild for RUSTSEC-2026-{0007,0008,0009} and CVE-2026-25537
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2437470 - CVE-2026-25537 rust-jsonwebtoken: jsonwebtoken has Type Confusion that leads to potential authorization bypass [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2437470
[ 2 ] Bug #2437472 - CVE-2026-25537 uv: jsonwebtoken has Type Confusion that leads to potential authorization bypass [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2437472
[ 3 ] Bug #2438104 - CVE-2026-25727 atuin: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438104
[ 4 ] Bug #2438135 - CVE-2026-25727 keylime-agent-rust: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438135
[ 5 ] Bug #2438138 - CVE-2026-25727 maturin: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438138
[ 6 ] Bug #2438149 - CVE-2026-25727 rustup: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438149
[ 7 ] Bug #2438158 - CVE-2026-25727 tbtools: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438158
[ 8 ] Bug #2438164 - CVE-2026-25727 tuigreet: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438164
[ 9 ] Bug #2438165 - CVE-2026-25727 uv: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438165
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-f400579a21' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 43 Update: rust-routinator-0.14.2-4.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-f400579a21
2026-02-10 01:31:32.937525+00:00
--------------------------------------------------------------------------------
Name : rust-routinator
Product : Fedora 43
Version : 0.14.2
Release : 4.fc43
URL : https://crates.io/crates/routinator
Summary : RPKI relying party software
Description :
An RPKI relying party software.
--------------------------------------------------------------------------------
Update Information:
Update the time crate to version 0.3.47.
Update the time-macros crate to version 0.2.27.
Update the time-core crate to version 0.1.8.
Update the num-conv crate to version 0.2.0.
Update the git2 crate to version 0.20.4.
Update the bytes crate to version 1.11.1.
Additionally, this update contains rebuilds of applications affected by security
advisories:
bytes: RUSTSEC-2026-0007
git2: RUSTSEC-2026-0008
jsonwebtoken: CVE-2026-25537
time: RUSTSEC-2026-0009
All applications that statically link libgit2 via the git2 Rust bindings were
also rebuilt against the latest version of the git2 / libgit2-sys crates to pull
in fixes included in libgit2 between v1.8.1 and v1.9.2.
--------------------------------------------------------------------------------
ChangeLog:
* Sat Feb 7 2026 Fabio Valentini [decathorpe@gmail.com] - 0.14.2-4
- Rebuild for RUSTSEC-2026-{0007,0008,0009} and CVE-2026-25537
* Sat Jan 17 2026 Fedora Release Engineering [releng@fedoraproject.org] - 0.14.2-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2437470 - CVE-2026-25537 rust-jsonwebtoken: jsonwebtoken has Type Confusion that leads to potential authorization bypass [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2437470
[ 2 ] Bug #2437472 - CVE-2026-25537 uv: jsonwebtoken has Type Confusion that leads to potential authorization bypass [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2437472
[ 3 ] Bug #2438104 - CVE-2026-25727 atuin: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438104
[ 4 ] Bug #2438135 - CVE-2026-25727 keylime-agent-rust: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438135
[ 5 ] Bug #2438138 - CVE-2026-25727 maturin: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438138
[ 6 ] Bug #2438149 - CVE-2026-25727 rustup: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438149
[ 7 ] Bug #2438158 - CVE-2026-25727 tbtools: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438158
[ 8 ] Bug #2438164 - CVE-2026-25727 tuigreet: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438164
[ 9 ] Bug #2438165 - CVE-2026-25727 uv: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438165
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-f400579a21' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 43 Update: python3.6-3.6.15-52.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-d68ca022b1
2026-02-10 01:31:32.937514+00:00
--------------------------------------------------------------------------------
Name : python3.6
Product : Fedora 43
Version : 3.6.15
Release : 52.fc43
URL : https://www.python.org/
Summary : Version 3.6 of the Python interpreter
Description :
Python 3.6 package for developers.
This package exists to allow developers to test their code against an older
version of Python. This is not a full Python stack and if you wish to run
your applications with Python 3.6, see other distributions
that support it, such as CentOS or RHEL with Software Collections
or older Fedora releases.
--------------------------------------------------------------------------------
Update Information:
Security fixes for CVE-2026-0865, CVE-2025-15366, CVE-2025-15367, CVE-2026-1299
--------------------------------------------------------------------------------
ChangeLog:
* Thu Jan 29 2026 Lum??r Balhar [lbalhar@redhat.com] - 3.6.15-52
- Security fixes for CVE-2026-0865, CVE-2025-15366, CVE-2025-15367, CVE-2026-1299
* Sat Jan 17 2026 Fedora Release Engineering [releng@fedoraproject.org] - 3.6.15-51
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
* Thu Nov 6 2025 Miro Hron??ok [mhroncok@redhat.com] - 3.6.15-50
- On Fedora 44+, split this package into multiple subpackages
- This mimics newer Python versions
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2431631 - CVE-2025-15366 python3.6: IMAP command injection in user-controlled commands [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2431631
[ 2 ] Bug #2431655 - CVE-2025-15367 python3.6: POP3 command injection in user-controlled commands [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2431655
[ 3 ] Bug #2431845 - CVE-2026-0865 python3.6: wsgiref.headers.Headers allows header newline injection in Python [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2431845
[ 4 ] Bug #2433831 - CVE-2026-1299 python3.6: email header injection due to unquoted newlines [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2433831
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-d68ca022b1' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
[SECURITY] Fedora 43 Update: rust-resctl-bench-2.2.5-10.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-f400579a21
2026-02-10 01:31:32.937525+00:00
--------------------------------------------------------------------------------
Name : rust-resctl-bench
Product : Fedora 43
Version : 2.2.5
Release : 10.fc43
URL : https://crates.io/crates/resctl-bench
Summary : Whole system resource control benchmarks with realistic scenarios
Description :
resctl-bench is a collection of whole-system benchmarks to evaluate resource
control and hardware behaviors using realistic simulated workloads.
Comprehensive resource control involves the whole system. Furthermore, testing
resource control end-to-end requires scenarios involving realistic workloads
and monitoring their interactions. The combination makes benchmarking resource
control challenging and error-prone. It's easy to slip up on a configuration
and testing with real workloads can be tedious and unreliable.
resctl-bench encapsulates the whole process so that resource control benchmarks
can be performed easily and reliably. It verifies and updates system
configurations, reproduces resource contention scenarios with a realistic
latency-sensitive workload simulator and other secondary workloads, analyzes
the resulting system and workload behaviors, and generates easily
understandable reports.
--------------------------------------------------------------------------------
Update Information:
Update the time crate to version 0.3.47.
Update the time-macros crate to version 0.2.27.
Update the time-core crate to version 0.1.8.
Update the num-conv crate to version 0.2.0.
Update the git2 crate to version 0.20.4.
Update the bytes crate to version 1.11.1.
Additionally, this update contains rebuilds of applications affected by security
advisories:
bytes: RUSTSEC-2026-0007
git2: RUSTSEC-2026-0008
jsonwebtoken: CVE-2026-25537
time: RUSTSEC-2026-0009
All applications that statically link libgit2 via the git2 Rust bindings were
also rebuilt against the latest version of the git2 / libgit2-sys crates to pull
in fixes included in libgit2 between v1.8.1 and v1.9.2.
--------------------------------------------------------------------------------
ChangeLog:
* Sat Feb 7 2026 Fabio Valentini [decathorpe@gmail.com] - 2.2.5-10
- Rebuild for RUSTSEC-2026-{0007,0008,0009} and CVE-2026-25537
* Sat Jan 17 2026 Fedora Release Engineering [releng@fedoraproject.org] - 2.2.5-9
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2437470 - CVE-2026-25537 rust-jsonwebtoken: jsonwebtoken has Type Confusion that leads to potential authorization bypass [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2437470
[ 2 ] Bug #2437472 - CVE-2026-25537 uv: jsonwebtoken has Type Confusion that leads to potential authorization bypass [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2437472
[ 3 ] Bug #2438104 - CVE-2026-25727 atuin: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438104
[ 4 ] Bug #2438135 - CVE-2026-25727 keylime-agent-rust: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438135
[ 5 ] Bug #2438138 - CVE-2026-25727 maturin: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438138
[ 6 ] Bug #2438149 - CVE-2026-25727 rustup: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438149
[ 7 ] Bug #2438158 - CVE-2026-25727 tbtools: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438158
[ 8 ] Bug #2438164 - CVE-2026-25727 tuigreet: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438164
[ 9 ] Bug #2438165 - CVE-2026-25727 uv: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438165
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-f400579a21' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 43 Update: rust-rd-hashd-2.2.5-10.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-f400579a21
2026-02-10 01:31:32.937525+00:00
--------------------------------------------------------------------------------
Name : rust-rd-hashd
Product : Fedora 43
Version : 2.2.5
Release : 10.fc43
URL : https://crates.io/crates/rd-hashd
Summary : Latency-sensitive pseudo workload for resctl-demo
Description :
Latency-sensitive pseudo workload for resctl-demo.
--------------------------------------------------------------------------------
Update Information:
Update the time crate to version 0.3.47.
Update the time-macros crate to version 0.2.27.
Update the time-core crate to version 0.1.8.
Update the num-conv crate to version 0.2.0.
Update the git2 crate to version 0.20.4.
Update the bytes crate to version 1.11.1.
Additionally, this update contains rebuilds of applications affected by security
advisories:
bytes: RUSTSEC-2026-0007
git2: RUSTSEC-2026-0008
jsonwebtoken: CVE-2026-25537
time: RUSTSEC-2026-0009
All applications that statically link libgit2 via the git2 Rust bindings were
also rebuilt against the latest version of the git2 / libgit2-sys crates to pull
in fixes included in libgit2 between v1.8.1 and v1.9.2.
--------------------------------------------------------------------------------
ChangeLog:
* Sat Feb 7 2026 Fabio Valentini [decathorpe@gmail.com] - 2.2.5-10
- Rebuild for RUSTSEC-2026-{0007,0008,0009} and CVE-2026-25537
* Sat Jan 17 2026 Fedora Release Engineering [releng@fedoraproject.org] - 2.2.5-9
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2437470 - CVE-2026-25537 rust-jsonwebtoken: jsonwebtoken has Type Confusion that leads to potential authorization bypass [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2437470
[ 2 ] Bug #2437472 - CVE-2026-25537 uv: jsonwebtoken has Type Confusion that leads to potential authorization bypass [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2437472
[ 3 ] Bug #2438104 - CVE-2026-25727 atuin: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438104
[ 4 ] Bug #2438135 - CVE-2026-25727 keylime-agent-rust: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438135
[ 5 ] Bug #2438138 - CVE-2026-25727 maturin: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438138
[ 6 ] Bug #2438149 - CVE-2026-25727 rustup: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438149
[ 7 ] Bug #2438158 - CVE-2026-25727 tbtools: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438158
[ 8 ] Bug #2438164 - CVE-2026-25727 tuigreet: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438164
[ 9 ] Bug #2438165 - CVE-2026-25727 uv: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438165
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-f400579a21' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 43 Update: rust-rbw-1.13.2-5.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-f400579a21
2026-02-10 01:31:32.937525+00:00
--------------------------------------------------------------------------------
Name : rust-rbw
Product : Fedora 43
Version : 1.13.2
Release : 5.fc43
URL : https://crates.io/crates/rbw
Summary : Unofficial Bitwarden CLI
Description :
Unofficial Bitwarden CLI.
--------------------------------------------------------------------------------
Update Information:
Update the time crate to version 0.3.47.
Update the time-macros crate to version 0.2.27.
Update the time-core crate to version 0.1.8.
Update the num-conv crate to version 0.2.0.
Update the git2 crate to version 0.20.4.
Update the bytes crate to version 1.11.1.
Additionally, this update contains rebuilds of applications affected by security
advisories:
bytes: RUSTSEC-2026-0007
git2: RUSTSEC-2026-0008
jsonwebtoken: CVE-2026-25537
time: RUSTSEC-2026-0009
All applications that statically link libgit2 via the git2 Rust bindings were
also rebuilt against the latest version of the git2 / libgit2-sys crates to pull
in fixes included in libgit2 between v1.8.1 and v1.9.2.
--------------------------------------------------------------------------------
ChangeLog:
* Sat Feb 7 2026 Fabio Valentini [decathorpe@gmail.com] - 1.13.2-5
- Rebuild for RUSTSEC-2026-{0007,0008,0009} and CVE-2026-25537
* Sat Jan 17 2026 Fedora Release Engineering [releng@fedoraproject.org] - 1.13.2-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2437470 - CVE-2026-25537 rust-jsonwebtoken: jsonwebtoken has Type Confusion that leads to potential authorization bypass [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2437470
[ 2 ] Bug #2437472 - CVE-2026-25537 uv: jsonwebtoken has Type Confusion that leads to potential authorization bypass [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2437472
[ 3 ] Bug #2438104 - CVE-2026-25727 atuin: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438104
[ 4 ] Bug #2438135 - CVE-2026-25727 keylime-agent-rust: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438135
[ 5 ] Bug #2438138 - CVE-2026-25727 maturin: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438138
[ 6 ] Bug #2438149 - CVE-2026-25727 rustup: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438149
[ 7 ] Bug #2438158 - CVE-2026-25727 tbtools: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438158
[ 8 ] Bug #2438164 - CVE-2026-25727 tuigreet: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438164
[ 9 ] Bug #2438165 - CVE-2026-25727 uv: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438165
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-f400579a21' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 43 Update: rust-num-conv-0.2.0-1.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-f400579a21
2026-02-10 01:31:32.937525+00:00
--------------------------------------------------------------------------------
Name : rust-num-conv
Product : Fedora 43
Version : 0.2.0
Release : 1.fc43
URL : https://crates.io/crates/num-conv
Summary : Num_conv is a crate to convert between integer types without using as casts
Description :
`num_conv` is a crate to convert between integer types without using
`as` casts. This provides better certainty when refactoring, makes the
exact behavior of code more explicit, and allows using turbofish syntax.
--------------------------------------------------------------------------------
Update Information:
Update the time crate to version 0.3.47.
Update the time-macros crate to version 0.2.27.
Update the time-core crate to version 0.1.8.
Update the num-conv crate to version 0.2.0.
Update the git2 crate to version 0.20.4.
Update the bytes crate to version 1.11.1.
Additionally, this update contains rebuilds of applications affected by security
advisories:
bytes: RUSTSEC-2026-0007
git2: RUSTSEC-2026-0008
jsonwebtoken: CVE-2026-25537
time: RUSTSEC-2026-0009
All applications that statically link libgit2 via the git2 Rust bindings were
also rebuilt against the latest version of the git2 / libgit2-sys crates to pull
in fixes included in libgit2 between v1.8.1 and v1.9.2.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Feb 6 2026 Fabio Valentini [decathorpe@gmail.com] - 0.2.0-1
- Update to version 0.2.0; Fixes RHBZ#2391411
* Sat Jan 17 2026 Fedora Release Engineering [releng@fedoraproject.org] - 0.1.0-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2437470 - CVE-2026-25537 rust-jsonwebtoken: jsonwebtoken has Type Confusion that leads to potential authorization bypass [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2437470
[ 2 ] Bug #2437472 - CVE-2026-25537 uv: jsonwebtoken has Type Confusion that leads to potential authorization bypass [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2437472
[ 3 ] Bug #2438104 - CVE-2026-25727 atuin: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438104
[ 4 ] Bug #2438135 - CVE-2026-25727 keylime-agent-rust: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438135
[ 5 ] Bug #2438138 - CVE-2026-25727 maturin: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438138
[ 6 ] Bug #2438149 - CVE-2026-25727 rustup: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438149
[ 7 ] Bug #2438158 - CVE-2026-25727 tbtools: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438158
[ 8 ] Bug #2438164 - CVE-2026-25727 tuigreet: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438164
[ 9 ] Bug #2438165 - CVE-2026-25727 uv: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438165
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-f400579a21' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 43 Update: rust-rbspy-0.34.1-4.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-f400579a21
2026-02-10 01:31:32.937525+00:00
--------------------------------------------------------------------------------
Name : rust-rbspy
Product : Fedora 43
Version : 0.34.1
Release : 4.fc43
URL : https://crates.io/crates/rbspy
Summary : Sampling CPU profiler for Ruby
Description :
Sampling CPU profiler for Ruby.
--------------------------------------------------------------------------------
Update Information:
Update the time crate to version 0.3.47.
Update the time-macros crate to version 0.2.27.
Update the time-core crate to version 0.1.8.
Update the num-conv crate to version 0.2.0.
Update the git2 crate to version 0.20.4.
Update the bytes crate to version 1.11.1.
Additionally, this update contains rebuilds of applications affected by security
advisories:
bytes: RUSTSEC-2026-0007
git2: RUSTSEC-2026-0008
jsonwebtoken: CVE-2026-25537
time: RUSTSEC-2026-0009
All applications that statically link libgit2 via the git2 Rust bindings were
also rebuilt against the latest version of the git2 / libgit2-sys crates to pull
in fixes included in libgit2 between v1.8.1 and v1.9.2.
--------------------------------------------------------------------------------
ChangeLog:
* Sat Feb 7 2026 Fabio Valentini [decathorpe@gmail.com] - 0.34.1-4
- Rebuild for RUSTSEC-2026-{0007,0008,0009} and CVE-2026-25537
* Sat Jan 17 2026 Fedora Release Engineering [releng@fedoraproject.org] - 0.34.1-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2437470 - CVE-2026-25537 rust-jsonwebtoken: jsonwebtoken has Type Confusion that leads to potential authorization bypass [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2437470
[ 2 ] Bug #2437472 - CVE-2026-25537 uv: jsonwebtoken has Type Confusion that leads to potential authorization bypass [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2437472
[ 3 ] Bug #2438104 - CVE-2026-25727 atuin: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438104
[ 4 ] Bug #2438135 - CVE-2026-25727 keylime-agent-rust: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438135
[ 5 ] Bug #2438138 - CVE-2026-25727 maturin: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438138
[ 6 ] Bug #2438149 - CVE-2026-25727 rustup: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438149
[ 7 ] Bug #2438158 - CVE-2026-25727 tbtools: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438158
[ 8 ] Bug #2438164 - CVE-2026-25727 tuigreet: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438164
[ 9 ] Bug #2438165 - CVE-2026-25727 uv: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438165
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-f400579a21' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 43 Update: rust-pretty-git-prompt-0.2.2-9.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-f400579a21
2026-02-10 01:31:32.937525+00:00
--------------------------------------------------------------------------------
Name : rust-pretty-git-prompt
Product : Fedora 43
Version : 0.2.2
Release : 9.fc43
URL : https://crates.io/crates/pretty-git-prompt
Summary : Your current git repository information inside a beautiful shell prompt
Description :
Your current git repository information inside a beautiful shell prompt.
--------------------------------------------------------------------------------
Update Information:
Update the time crate to version 0.3.47.
Update the time-macros crate to version 0.2.27.
Update the time-core crate to version 0.1.8.
Update the num-conv crate to version 0.2.0.
Update the git2 crate to version 0.20.4.
Update the bytes crate to version 1.11.1.
Additionally, this update contains rebuilds of applications affected by security
advisories:
bytes: RUSTSEC-2026-0007
git2: RUSTSEC-2026-0008
jsonwebtoken: CVE-2026-25537
time: RUSTSEC-2026-0009
All applications that statically link libgit2 via the git2 Rust bindings were
also rebuilt against the latest version of the git2 / libgit2-sys crates to pull
in fixes included in libgit2 between v1.8.1 and v1.9.2.
--------------------------------------------------------------------------------
ChangeLog:
* Sat Feb 7 2026 Fabio Valentini [decathorpe@gmail.com] - 0.2.2-9
- Rebuild for RUSTSEC-2026-{0007,0008,0009} and CVE-2026-25537
* Sat Feb 7 2026 Fabio Valentini [decathorpe@gmail.com] - 0.2.2-8
- Bump git2 dependency to v0.20
* Sat Jan 17 2026 Fedora Release Engineering [releng@fedoraproject.org] - 0.2.2-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2437470 - CVE-2026-25537 rust-jsonwebtoken: jsonwebtoken has Type Confusion that leads to potential authorization bypass [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2437470
[ 2 ] Bug #2437472 - CVE-2026-25537 uv: jsonwebtoken has Type Confusion that leads to potential authorization bypass [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2437472
[ 3 ] Bug #2438104 - CVE-2026-25727 atuin: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438104
[ 4 ] Bug #2438135 - CVE-2026-25727 keylime-agent-rust: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438135
[ 5 ] Bug #2438138 - CVE-2026-25727 maturin: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438138
[ 6 ] Bug #2438149 - CVE-2026-25727 rustup: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438149
[ 7 ] Bug #2438158 - CVE-2026-25727 tbtools: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438158
[ 8 ] Bug #2438164 - CVE-2026-25727 tuigreet: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438164
[ 9 ] Bug #2438165 - CVE-2026-25727 uv: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438165
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-f400579a21' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 43 Update: rust-lsd-1.2.0-3.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-f400579a21
2026-02-10 01:31:32.937525+00:00
--------------------------------------------------------------------------------
Name : rust-lsd
Product : Fedora 43
Version : 1.2.0
Release : 3.fc43
URL : https://crates.io/crates/lsd
Summary : Ls command with a lot of pretty colors and some other stuff
Description :
An ls command with a lot of pretty colors and some other stuff.
--------------------------------------------------------------------------------
Update Information:
Update the time crate to version 0.3.47.
Update the time-macros crate to version 0.2.27.
Update the time-core crate to version 0.1.8.
Update the num-conv crate to version 0.2.0.
Update the git2 crate to version 0.20.4.
Update the bytes crate to version 1.11.1.
Additionally, this update contains rebuilds of applications affected by security
advisories:
bytes: RUSTSEC-2026-0007
git2: RUSTSEC-2026-0008
jsonwebtoken: CVE-2026-25537
time: RUSTSEC-2026-0009
All applications that statically link libgit2 via the git2 Rust bindings were
also rebuilt against the latest version of the git2 / libgit2-sys crates to pull
in fixes included in libgit2 between v1.8.1 and v1.9.2.
--------------------------------------------------------------------------------
ChangeLog:
* Sat Feb 7 2026 Fabio Valentini [decathorpe@gmail.com] - 1.2.0-3
- Rebuild for RUSTSEC-2026-{0007,0008,0009} and CVE-2026-25537
* Sat Jan 17 2026 Fedora Release Engineering [releng@fedoraproject.org] - 1.2.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2437470 - CVE-2026-25537 rust-jsonwebtoken: jsonwebtoken has Type Confusion that leads to potential authorization bypass [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2437470
[ 2 ] Bug #2437472 - CVE-2026-25537 uv: jsonwebtoken has Type Confusion that leads to potential authorization bypass [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2437472
[ 3 ] Bug #2438104 - CVE-2026-25727 atuin: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438104
[ 4 ] Bug #2438135 - CVE-2026-25727 keylime-agent-rust: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438135
[ 5 ] Bug #2438138 - CVE-2026-25727 maturin: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438138
[ 6 ] Bug #2438149 - CVE-2026-25727 rustup: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438149
[ 7 ] Bug #2438158 - CVE-2026-25727 tbtools: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438158
[ 8 ] Bug #2438164 - CVE-2026-25727 tuigreet: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438164
[ 9 ] Bug #2438165 - CVE-2026-25727 uv: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438165
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-f400579a21' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 43 Update: rust-monitord-exporter-0.4.1-8.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-f400579a21
2026-02-10 01:31:32.937525+00:00
--------------------------------------------------------------------------------
Name : rust-monitord-exporter
Product : Fedora 43
Version : 0.4.1
Release : 8.fc43
URL : https://crates.io/crates/monitord-exporter
Summary : Let Prometheus know how happy your systemd is
Description :
monitord-exporter is a Prometheus exporter using monitord to export statistic to Prometheus collectors.
--------------------------------------------------------------------------------
Update Information:
Update the time crate to version 0.3.47.
Update the time-macros crate to version 0.2.27.
Update the time-core crate to version 0.1.8.
Update the num-conv crate to version 0.2.0.
Update the git2 crate to version 0.20.4.
Update the bytes crate to version 1.11.1.
Additionally, this update contains rebuilds of applications affected by security
advisories:
bytes: RUSTSEC-2026-0007
git2: RUSTSEC-2026-0008
jsonwebtoken: CVE-2026-25537
time: RUSTSEC-2026-0009
All applications that statically link libgit2 via the git2 Rust bindings were
also rebuilt against the latest version of the git2 / libgit2-sys crates to pull
in fixes included in libgit2 between v1.8.1 and v1.9.2.
--------------------------------------------------------------------------------
ChangeLog:
* Sat Feb 7 2026 Fabio Valentini [decathorpe@gmail.com] - 0.4.1-8
- Rebuild for RUSTSEC-2026-{0007,0008,0009} and CVE-2026-25537
* Sat Jan 17 2026 Fedora Release Engineering [releng@fedoraproject.org] - 0.4.1-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2437470 - CVE-2026-25537 rust-jsonwebtoken: jsonwebtoken has Type Confusion that leads to potential authorization bypass [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2437470
[ 2 ] Bug #2437472 - CVE-2026-25537 uv: jsonwebtoken has Type Confusion that leads to potential authorization bypass [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2437472
[ 3 ] Bug #2438104 - CVE-2026-25727 atuin: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438104
[ 4 ] Bug #2438135 - CVE-2026-25727 keylime-agent-rust: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438135
[ 5 ] Bug #2438138 - CVE-2026-25727 maturin: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438138
[ 6 ] Bug #2438149 - CVE-2026-25727 rustup: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438149
[ 7 ] Bug #2438158 - CVE-2026-25727 tbtools: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438158
[ 8 ] Bug #2438164 - CVE-2026-25727 tuigreet: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438164
[ 9 ] Bug #2438165 - CVE-2026-25727 uv: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438165
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-f400579a21' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 43 Update: rust-oo7-cli-0.4.3-4.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-f400579a21
2026-02-10 01:31:32.937525+00:00
--------------------------------------------------------------------------------
Name : rust-oo7-cli
Product : Fedora 43
Version : 0.4.3
Release : 4.fc43
URL : https://crates.io/crates/oo7-cli
Summary : System keyring access from the terminal
Description :
System keyring access from the terminal.
--------------------------------------------------------------------------------
Update Information:
Update the time crate to version 0.3.47.
Update the time-macros crate to version 0.2.27.
Update the time-core crate to version 0.1.8.
Update the num-conv crate to version 0.2.0.
Update the git2 crate to version 0.20.4.
Update the bytes crate to version 1.11.1.
Additionally, this update contains rebuilds of applications affected by security
advisories:
bytes: RUSTSEC-2026-0007
git2: RUSTSEC-2026-0008
jsonwebtoken: CVE-2026-25537
time: RUSTSEC-2026-0009
All applications that statically link libgit2 via the git2 Rust bindings were
also rebuilt against the latest version of the git2 / libgit2-sys crates to pull
in fixes included in libgit2 between v1.8.1 and v1.9.2.
--------------------------------------------------------------------------------
ChangeLog:
* Sat Feb 7 2026 Fabio Valentini [decathorpe@gmail.com] - 0.4.3-4
- Rebuild for RUSTSEC-2026-{0007,0008,0009} and CVE-2026-25537
* Sat Jan 17 2026 Fedora Release Engineering [releng@fedoraproject.org] - 0.4.3-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2437470 - CVE-2026-25537 rust-jsonwebtoken: jsonwebtoken has Type Confusion that leads to potential authorization bypass [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2437470
[ 2 ] Bug #2437472 - CVE-2026-25537 uv: jsonwebtoken has Type Confusion that leads to potential authorization bypass [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2437472
[ 3 ] Bug #2438104 - CVE-2026-25727 atuin: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438104
[ 4 ] Bug #2438135 - CVE-2026-25727 keylime-agent-rust: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438135
[ 5 ] Bug #2438138 - CVE-2026-25727 maturin: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438138
[ 6 ] Bug #2438149 - CVE-2026-25727 rustup: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438149
[ 7 ] Bug #2438158 - CVE-2026-25727 tbtools: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438158
[ 8 ] Bug #2438164 - CVE-2026-25727 tuigreet: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438164
[ 9 ] Bug #2438165 - CVE-2026-25727 uv: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438165
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-f400579a21' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 43 Update: rust-onefetch-2.26.1-7.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-f400579a21
2026-02-10 01:31:32.937525+00:00
--------------------------------------------------------------------------------
Name : rust-onefetch
Product : Fedora 43
Version : 2.26.1
Release : 7.fc43
URL : https://crates.io/crates/onefetch
Summary : Command-line Git information tool
Description :
Command-line Git information tool.
--------------------------------------------------------------------------------
Update Information:
Update the time crate to version 0.3.47.
Update the time-macros crate to version 0.2.27.
Update the time-core crate to version 0.1.8.
Update the num-conv crate to version 0.2.0.
Update the git2 crate to version 0.20.4.
Update the bytes crate to version 1.11.1.
Additionally, this update contains rebuilds of applications affected by security
advisories:
bytes: RUSTSEC-2026-0007
git2: RUSTSEC-2026-0008
jsonwebtoken: CVE-2026-25537
time: RUSTSEC-2026-0009
All applications that statically link libgit2 via the git2 Rust bindings were
also rebuilt against the latest version of the git2 / libgit2-sys crates to pull
in fixes included in libgit2 between v1.8.1 and v1.9.2.
--------------------------------------------------------------------------------
ChangeLog:
* Sat Feb 7 2026 Fabio Valentini [decathorpe@gmail.com] - 2.26.1-7
- Rebuild for RUSTSEC-2026-{0007,0008,0009} and CVE-2026-25537
* Sat Jan 17 2026 Fedora Release Engineering [releng@fedoraproject.org] - 2.26.1-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2437470 - CVE-2026-25537 rust-jsonwebtoken: jsonwebtoken has Type Confusion that leads to potential authorization bypass [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2437470
[ 2 ] Bug #2437472 - CVE-2026-25537 uv: jsonwebtoken has Type Confusion that leads to potential authorization bypass [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2437472
[ 3 ] Bug #2438104 - CVE-2026-25727 atuin: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438104
[ 4 ] Bug #2438135 - CVE-2026-25727 keylime-agent-rust: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438135
[ 5 ] Bug #2438138 - CVE-2026-25727 maturin: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438138
[ 6 ] Bug #2438149 - CVE-2026-25727 rustup: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438149
[ 7 ] Bug #2438158 - CVE-2026-25727 tbtools: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438158
[ 8 ] Bug #2438164 - CVE-2026-25727 tuigreet: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438164
[ 9 ] Bug #2438165 - CVE-2026-25727 uv: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438165
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-f400579a21' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 43 Update: rust-muvm-0.4.1-5.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-f400579a21
2026-02-10 01:31:32.937525+00:00
--------------------------------------------------------------------------------
Name : rust-muvm
Product : Fedora 43
Version : 0.4.1
Release : 5.fc43
URL : https://crates.io/crates/muvm
Summary : Run programs from your system in a microVM
Description :
Run programs from your system in a microVM.
--------------------------------------------------------------------------------
Update Information:
Update the time crate to version 0.3.47.
Update the time-macros crate to version 0.2.27.
Update the time-core crate to version 0.1.8.
Update the num-conv crate to version 0.2.0.
Update the git2 crate to version 0.20.4.
Update the bytes crate to version 1.11.1.
Additionally, this update contains rebuilds of applications affected by security
advisories:
bytes: RUSTSEC-2026-0007
git2: RUSTSEC-2026-0008
jsonwebtoken: CVE-2026-25537
time: RUSTSEC-2026-0009
All applications that statically link libgit2 via the git2 Rust bindings were
also rebuilt against the latest version of the git2 / libgit2-sys crates to pull
in fixes included in libgit2 between v1.8.1 and v1.9.2.
--------------------------------------------------------------------------------
ChangeLog:
* Sat Feb 7 2026 Fabio Valentini [decathorpe@gmail.com] - 0.4.1-5
- Rebuild for RUSTSEC-2026-{0007,0008,0009} and CVE-2026-25537
* Sat Jan 17 2026 Fedora Release Engineering [releng@fedoraproject.org] - 0.4.1-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2437470 - CVE-2026-25537 rust-jsonwebtoken: jsonwebtoken has Type Confusion that leads to potential authorization bypass [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2437470
[ 2 ] Bug #2437472 - CVE-2026-25537 uv: jsonwebtoken has Type Confusion that leads to potential authorization bypass [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2437472
[ 3 ] Bug #2438104 - CVE-2026-25727 atuin: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438104
[ 4 ] Bug #2438135 - CVE-2026-25727 keylime-agent-rust: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438135
[ 5 ] Bug #2438138 - CVE-2026-25727 maturin: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438138
[ 6 ] Bug #2438149 - CVE-2026-25727 rustup: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438149
[ 7 ] Bug #2438158 - CVE-2026-25727 tbtools: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438158
[ 8 ] Bug #2438164 - CVE-2026-25727 tuigreet: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438164
[ 9 ] Bug #2438165 - CVE-2026-25727 uv: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438165
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-f400579a21' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 43 Update: rust-ingredients-0.2.2-2.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-f400579a21
2026-02-10 01:31:32.937525+00:00
--------------------------------------------------------------------------------
Name : rust-ingredients
Product : Fedora 43
Version : 0.2.2
Release : 2.fc43
URL : https://crates.io/crates/ingredients
Summary : Check ingredients of published Rust crates
Description :
Check ingredients of published Rust crates.
--------------------------------------------------------------------------------
Update Information:
Update the time crate to version 0.3.47.
Update the time-macros crate to version 0.2.27.
Update the time-core crate to version 0.1.8.
Update the num-conv crate to version 0.2.0.
Update the git2 crate to version 0.20.4.
Update the bytes crate to version 1.11.1.
Additionally, this update contains rebuilds of applications affected by security
advisories:
bytes: RUSTSEC-2026-0007
git2: RUSTSEC-2026-0008
jsonwebtoken: CVE-2026-25537
time: RUSTSEC-2026-0009
All applications that statically link libgit2 via the git2 Rust bindings were
also rebuilt against the latest version of the git2 / libgit2-sys crates to pull
in fixes included in libgit2 between v1.8.1 and v1.9.2.
--------------------------------------------------------------------------------
ChangeLog:
* Sat Feb 7 2026 Fabio Valentini [decathorpe@gmail.com] - 0.2.2-2
- Rebuild for RUSTSEC-2026-{0007,0008,0009} and CVE-2026-25537
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2437470 - CVE-2026-25537 rust-jsonwebtoken: jsonwebtoken has Type Confusion that leads to potential authorization bypass [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2437470
[ 2 ] Bug #2437472 - CVE-2026-25537 uv: jsonwebtoken has Type Confusion that leads to potential authorization bypass [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2437472
[ 3 ] Bug #2438104 - CVE-2026-25727 atuin: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438104
[ 4 ] Bug #2438135 - CVE-2026-25727 keylime-agent-rust: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438135
[ 5 ] Bug #2438138 - CVE-2026-25727 maturin: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438138
[ 6 ] Bug #2438149 - CVE-2026-25727 rustup: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438149
[ 7 ] Bug #2438158 - CVE-2026-25727 tbtools: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438158
[ 8 ] Bug #2438164 - CVE-2026-25727 tuigreet: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438164
[ 9 ] Bug #2438165 - CVE-2026-25727 uv: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438165
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-f400579a21' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 43 Update: rust-git-interactive-rebase-tool-2.4.1-15.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-f400579a21
2026-02-10 01:31:32.937525+00:00
--------------------------------------------------------------------------------
Name : rust-git-interactive-rebase-tool
Product : Fedora 43
Version : 2.4.1
Release : 15.fc43
URL : https://crates.io/crates/git-interactive-rebase-tool
Summary : Full-featured terminal-based sequence editor for Git interactive rebase
Description :
Full-featured terminal-based sequence editor for Git interactive rebase.
--------------------------------------------------------------------------------
Update Information:
Update the time crate to version 0.3.47.
Update the time-macros crate to version 0.2.27.
Update the time-core crate to version 0.1.8.
Update the num-conv crate to version 0.2.0.
Update the git2 crate to version 0.20.4.
Update the bytes crate to version 1.11.1.
Additionally, this update contains rebuilds of applications affected by security
advisories:
bytes: RUSTSEC-2026-0007
git2: RUSTSEC-2026-0008
jsonwebtoken: CVE-2026-25537
time: RUSTSEC-2026-0009
All applications that statically link libgit2 via the git2 Rust bindings were
also rebuilt against the latest version of the git2 / libgit2-sys crates to pull
in fixes included in libgit2 between v1.8.1 and v1.9.2.
--------------------------------------------------------------------------------
ChangeLog:
* Sat Feb 7 2026 Fabio Valentini [decathorpe@gmail.com] - 2.4.1-15
- Rebuild for RUSTSEC-2026-{0007,0008,0009} and CVE-2026-25537
* Sat Feb 7 2026 Fabio Valentini [decathorpe@gmail.com] - 2.4.1-14
- Bump git2 dependency to v0.20
* Sat Jan 17 2026 Fedora Release Engineering [releng@fedoraproject.org] - 2.4.1-13
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2437470 - CVE-2026-25537 rust-jsonwebtoken: jsonwebtoken has Type Confusion that leads to potential authorization bypass [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2437470
[ 2 ] Bug #2437472 - CVE-2026-25537 uv: jsonwebtoken has Type Confusion that leads to potential authorization bypass [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2437472
[ 3 ] Bug #2438104 - CVE-2026-25727 atuin: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438104
[ 4 ] Bug #2438135 - CVE-2026-25727 keylime-agent-rust: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438135
[ 5 ] Bug #2438138 - CVE-2026-25727 maturin: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438138
[ 6 ] Bug #2438149 - CVE-2026-25727 rustup: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438149
[ 7 ] Bug #2438158 - CVE-2026-25727 tbtools: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438158
[ 8 ] Bug #2438164 - CVE-2026-25727 tuigreet: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438164
[ 9 ] Bug #2438165 - CVE-2026-25727 uv: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438165
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-f400579a21' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 43 Update: rust-heatseeker-1.7.3-4.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-f400579a21
2026-02-10 01:31:32.937525+00:00
--------------------------------------------------------------------------------
Name : rust-heatseeker
Product : Fedora 43
Version : 1.7.3
Release : 4.fc43
URL : https://crates.io/crates/heatseeker
Summary : Fast, robust, and portable fuzzy finder
Description :
A fast, robust, and portable fuzzy finder.
--------------------------------------------------------------------------------
Update Information:
Update the time crate to version 0.3.47.
Update the time-macros crate to version 0.2.27.
Update the time-core crate to version 0.1.8.
Update the num-conv crate to version 0.2.0.
Update the git2 crate to version 0.20.4.
Update the bytes crate to version 1.11.1.
Additionally, this update contains rebuilds of applications affected by security
advisories:
bytes: RUSTSEC-2026-0007
git2: RUSTSEC-2026-0008
jsonwebtoken: CVE-2026-25537
time: RUSTSEC-2026-0009
All applications that statically link libgit2 via the git2 Rust bindings were
also rebuilt against the latest version of the git2 / libgit2-sys crates to pull
in fixes included in libgit2 between v1.8.1 and v1.9.2.
--------------------------------------------------------------------------------
ChangeLog:
* Sat Feb 7 2026 Fabio Valentini [decathorpe@gmail.com] - 1.7.3-4
- Rebuild for RUSTSEC-2026-{0007,0008,0009} and CVE-2026-25537
* Sat Jan 17 2026 Fedora Release Engineering [releng@fedoraproject.org] - 1.7.3-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2437470 - CVE-2026-25537 rust-jsonwebtoken: jsonwebtoken has Type Confusion that leads to potential authorization bypass [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2437470
[ 2 ] Bug #2437472 - CVE-2026-25537 uv: jsonwebtoken has Type Confusion that leads to potential authorization bypass [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2437472
[ 3 ] Bug #2438104 - CVE-2026-25727 atuin: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438104
[ 4 ] Bug #2438135 - CVE-2026-25727 keylime-agent-rust: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438135
[ 5 ] Bug #2438138 - CVE-2026-25727 maturin: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438138
[ 6 ] Bug #2438149 - CVE-2026-25727 rustup: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438149
[ 7 ] Bug #2438158 - CVE-2026-25727 tbtools: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438158
[ 8 ] Bug #2438164 - CVE-2026-25727 tuigreet: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438164
[ 9 ] Bug #2438165 - CVE-2026-25727 uv: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438165
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-f400579a21' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 43 Update: rust-gst-plugin-dav1d-0.14.0-3.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-f400579a21
2026-02-10 01:31:32.937525+00:00
--------------------------------------------------------------------------------
Name : rust-gst-plugin-dav1d
Product : Fedora 43
Version : 0.14.0
Release : 3.fc43
URL : https://crates.io/crates/gst-plugin-dav1d
Summary : GStreamer dav1d AV1 decoder Plugin
Description :
GStreamer dav1d AV1 decoder Plugin.
--------------------------------------------------------------------------------
Update Information:
Update the time crate to version 0.3.47.
Update the time-macros crate to version 0.2.27.
Update the time-core crate to version 0.1.8.
Update the num-conv crate to version 0.2.0.
Update the git2 crate to version 0.20.4.
Update the bytes crate to version 1.11.1.
Additionally, this update contains rebuilds of applications affected by security
advisories:
bytes: RUSTSEC-2026-0007
git2: RUSTSEC-2026-0008
jsonwebtoken: CVE-2026-25537
time: RUSTSEC-2026-0009
All applications that statically link libgit2 via the git2 Rust bindings were
also rebuilt against the latest version of the git2 / libgit2-sys crates to pull
in fixes included in libgit2 between v1.8.1 and v1.9.2.
--------------------------------------------------------------------------------
ChangeLog:
* Sat Feb 7 2026 Fabio Valentini [decathorpe@gmail.com] - 0.14.0-3
- Rebuild for RUSTSEC-2026-{0007,0008,0009} and CVE-2026-25537
* Sat Jan 17 2026 Fedora Release Engineering [releng@fedoraproject.org] - 0.14.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2437470 - CVE-2026-25537 rust-jsonwebtoken: jsonwebtoken has Type Confusion that leads to potential authorization bypass [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2437470
[ 2 ] Bug #2437472 - CVE-2026-25537 uv: jsonwebtoken has Type Confusion that leads to potential authorization bypass [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2437472
[ 3 ] Bug #2438104 - CVE-2026-25727 atuin: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438104
[ 4 ] Bug #2438135 - CVE-2026-25727 keylime-agent-rust: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438135
[ 5 ] Bug #2438138 - CVE-2026-25727 maturin: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438138
[ 6 ] Bug #2438149 - CVE-2026-25727 rustup: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438149
[ 7 ] Bug #2438158 - CVE-2026-25727 tbtools: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438158
[ 8 ] Bug #2438164 - CVE-2026-25727 tuigreet: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438164
[ 9 ] Bug #2438165 - CVE-2026-25727 uv: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438165
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-f400579a21' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 43 Update: rust-git2-0.20.4-1.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-f400579a21
2026-02-10 01:31:32.937525+00:00
--------------------------------------------------------------------------------
Name : rust-git2
Product : Fedora 43
Version : 0.20.4
Release : 1.fc43
URL : https://crates.io/crates/git2
Summary : Bindings to libgit2 for interoperating with git repositories
Description :
Bindings to libgit2 for interoperating with git repositories. This
library is both threadsafe and memory safe and allows both reading and
writing git repositories.
--------------------------------------------------------------------------------
Update Information:
Update the time crate to version 0.3.47.
Update the time-macros crate to version 0.2.27.
Update the time-core crate to version 0.1.8.
Update the num-conv crate to version 0.2.0.
Update the git2 crate to version 0.20.4.
Update the bytes crate to version 1.11.1.
Additionally, this update contains rebuilds of applications affected by security
advisories:
bytes: RUSTSEC-2026-0007
git2: RUSTSEC-2026-0008
jsonwebtoken: CVE-2026-25537
time: RUSTSEC-2026-0009
All applications that statically link libgit2 via the git2 Rust bindings were
also rebuilt against the latest version of the git2 / libgit2-sys crates to pull
in fixes included in libgit2 between v1.8.1 and v1.9.2.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Feb 6 2026 Fabio Valentini [decathorpe@gmail.com] - 0.20.4-1
- Update to version 0.20.4; Fixes RHBZ#2436014
* Sat Jan 17 2026 Fedora Release Engineering [releng@fedoraproject.org] - 0.20.3-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2437470 - CVE-2026-25537 rust-jsonwebtoken: jsonwebtoken has Type Confusion that leads to potential authorization bypass [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2437470
[ 2 ] Bug #2437472 - CVE-2026-25537 uv: jsonwebtoken has Type Confusion that leads to potential authorization bypass [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2437472
[ 3 ] Bug #2438104 - CVE-2026-25727 atuin: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438104
[ 4 ] Bug #2438135 - CVE-2026-25727 keylime-agent-rust: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438135
[ 5 ] Bug #2438138 - CVE-2026-25727 maturin: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438138
[ 6 ] Bug #2438149 - CVE-2026-25727 rustup: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438149
[ 7 ] Bug #2438158 - CVE-2026-25727 tbtools: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438158
[ 8 ] Bug #2438164 - CVE-2026-25727 tuigreet: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438164
[ 9 ] Bug #2438165 - CVE-2026-25727 uv: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438165
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-f400579a21' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 43 Update: rust-git-delta-0.18.2-13.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-f400579a21
2026-02-10 01:31:32.937525+00:00
--------------------------------------------------------------------------------
Name : rust-git-delta
Product : Fedora 43
Version : 0.18.2
Release : 13.fc43
URL : https://crates.io/crates/git-delta
Summary : Syntax-highlighting pager for git
Description :
A syntax-highlighting pager for git.
--------------------------------------------------------------------------------
Update Information:
Update the time crate to version 0.3.47.
Update the time-macros crate to version 0.2.27.
Update the time-core crate to version 0.1.8.
Update the num-conv crate to version 0.2.0.
Update the git2 crate to version 0.20.4.
Update the bytes crate to version 1.11.1.
Additionally, this update contains rebuilds of applications affected by security
advisories:
bytes: RUSTSEC-2026-0007
git2: RUSTSEC-2026-0008
jsonwebtoken: CVE-2026-25537
time: RUSTSEC-2026-0009
All applications that statically link libgit2 via the git2 Rust bindings were
also rebuilt against the latest version of the git2 / libgit2-sys crates to pull
in fixes included in libgit2 between v1.8.1 and v1.9.2.
--------------------------------------------------------------------------------
ChangeLog:
* Sat Feb 7 2026 Fabio Valentini [decathorpe@gmail.com] - 0.18.2-13
- Rebuild for RUSTSEC-2026-{0007,0008,0009} and CVE-2026-25537
* Sat Feb 7 2026 Fabio Valentini [decathorpe@gmail.com] - 0.18.2-12
- Bump git2 dependency to v0.20
* Sat Jan 17 2026 Fedora Release Engineering [releng@fedoraproject.org] - 0.18.2-11
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2437470 - CVE-2026-25537 rust-jsonwebtoken: jsonwebtoken has Type Confusion that leads to potential authorization bypass [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2437470
[ 2 ] Bug #2437472 - CVE-2026-25537 uv: jsonwebtoken has Type Confusion that leads to potential authorization bypass [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2437472
[ 3 ] Bug #2438104 - CVE-2026-25727 atuin: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438104
[ 4 ] Bug #2438135 - CVE-2026-25727 keylime-agent-rust: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438135
[ 5 ] Bug #2438138 - CVE-2026-25727 maturin: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438138
[ 6 ] Bug #2438149 - CVE-2026-25727 rustup: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438149
[ 7 ] Bug #2438158 - CVE-2026-25727 tbtools: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438158
[ 8 ] Bug #2438164 - CVE-2026-25727 tuigreet: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438164
[ 9 ] Bug #2438165 - CVE-2026-25727 uv: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438165
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-f400579a21' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 43 Update: rust-eif_build-0.2.1-6.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-f400579a21
2026-02-10 01:31:32.937525+00:00
--------------------------------------------------------------------------------
Name : rust-eif_build
Product : Fedora 43
Version : 0.2.1
Release : 6.fc43
URL : https://crates.io/crates/eif_build
Summary : CLI tool to create EIF files for AWS Nitro Enclaves
Description :
This CLI tool provides a low level path to assemble an enclave image
format (EIF) file used in AWS Nitro Enclaves.
--------------------------------------------------------------------------------
Update Information:
Update the time crate to version 0.3.47.
Update the time-macros crate to version 0.2.27.
Update the time-core crate to version 0.1.8.
Update the num-conv crate to version 0.2.0.
Update the git2 crate to version 0.20.4.
Update the bytes crate to version 1.11.1.
Additionally, this update contains rebuilds of applications affected by security
advisories:
bytes: RUSTSEC-2026-0007
git2: RUSTSEC-2026-0008
jsonwebtoken: CVE-2026-25537
time: RUSTSEC-2026-0009
All applications that statically link libgit2 via the git2 Rust bindings were
also rebuilt against the latest version of the git2 / libgit2-sys crates to pull
in fixes included in libgit2 between v1.8.1 and v1.9.2.
--------------------------------------------------------------------------------
ChangeLog:
* Sat Feb 7 2026 Fabio Valentini [decathorpe@gmail.com] - 0.2.1-6
- Rebuild for RUSTSEC-2026-{0007,0008,0009} and CVE-2026-25537
* Sat Jan 17 2026 Fedora Release Engineering [releng@fedoraproject.org] - 0.2.1-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2437470 - CVE-2026-25537 rust-jsonwebtoken: jsonwebtoken has Type Confusion that leads to potential authorization bypass [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2437470
[ 2 ] Bug #2437472 - CVE-2026-25537 uv: jsonwebtoken has Type Confusion that leads to potential authorization bypass [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2437472
[ 3 ] Bug #2438104 - CVE-2026-25727 atuin: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438104
[ 4 ] Bug #2438135 - CVE-2026-25727 keylime-agent-rust: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438135
[ 5 ] Bug #2438138 - CVE-2026-25727 maturin: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438138
[ 6 ] Bug #2438149 - CVE-2026-25727 rustup: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438149
[ 7 ] Bug #2438158 - CVE-2026-25727 tbtools: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438158
[ 8 ] Bug #2438164 - CVE-2026-25727 tuigreet: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438164
[ 9 ] Bug #2438165 - CVE-2026-25727 uv: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438165
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-f400579a21' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 43 Update: rust-dua-cli-2.32.2-3.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-f400579a21
2026-02-10 01:31:32.937525+00:00
--------------------------------------------------------------------------------
Name : rust-dua-cli
Product : Fedora 43
Version : 2.32.2
Release : 3.fc43
URL : https://crates.io/crates/dua-cli
Summary : Tool to conveniently learn about the disk usage of directories
Description :
A tool to conveniently learn about the disk usage of directories, fast!.
--------------------------------------------------------------------------------
Update Information:
Update the time crate to version 0.3.47.
Update the time-macros crate to version 0.2.27.
Update the time-core crate to version 0.1.8.
Update the num-conv crate to version 0.2.0.
Update the git2 crate to version 0.20.4.
Update the bytes crate to version 1.11.1.
Additionally, this update contains rebuilds of applications affected by security
advisories:
bytes: RUSTSEC-2026-0007
git2: RUSTSEC-2026-0008
jsonwebtoken: CVE-2026-25537
time: RUSTSEC-2026-0009
All applications that statically link libgit2 via the git2 Rust bindings were
also rebuilt against the latest version of the git2 / libgit2-sys crates to pull
in fixes included in libgit2 between v1.8.1 and v1.9.2.
--------------------------------------------------------------------------------
ChangeLog:
* Sat Feb 7 2026 Fabio Valentini [decathorpe@gmail.com] - 2.32.2-3
- Rebuild for RUSTSEC-2026-{0007,0008,0009} and CVE-2026-25537
* Sat Jan 17 2026 Fedora Release Engineering [releng@fedoraproject.org] - 2.32.2-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2437470 - CVE-2026-25537 rust-jsonwebtoken: jsonwebtoken has Type Confusion that leads to potential authorization bypass [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2437470
[ 2 ] Bug #2437472 - CVE-2026-25537 uv: jsonwebtoken has Type Confusion that leads to potential authorization bypass [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2437472
[ 3 ] Bug #2438104 - CVE-2026-25727 atuin: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438104
[ 4 ] Bug #2438135 - CVE-2026-25727 keylime-agent-rust: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438135
[ 5 ] Bug #2438138 - CVE-2026-25727 maturin: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438138
[ 6 ] Bug #2438149 - CVE-2026-25727 rustup: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438149
[ 7 ] Bug #2438158 - CVE-2026-25727 tbtools: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438158
[ 8 ] Bug #2438164 - CVE-2026-25727 tuigreet: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438164
[ 9 ] Bug #2438165 - CVE-2026-25727 uv: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438165
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-f400579a21' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 43 Update: rust-crypto-auditing-log-parser-0.2.4-2.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-f400579a21
2026-02-10 01:31:32.937525+00:00
--------------------------------------------------------------------------------
Name : rust-crypto-auditing-log-parser
Product : Fedora 43
Version : 0.2.4
Release : 2.fc43
URL : https://crates.io/crates/crypto-auditing-log-parser
Summary : Event log parser for crypto-auditing project
Description :
Event log parser for crypto-auditing project.
--------------------------------------------------------------------------------
Update Information:
Update the time crate to version 0.3.47.
Update the time-macros crate to version 0.2.27.
Update the time-core crate to version 0.1.8.
Update the num-conv crate to version 0.2.0.
Update the git2 crate to version 0.20.4.
Update the bytes crate to version 1.11.1.
Additionally, this update contains rebuilds of applications affected by security
advisories:
bytes: RUSTSEC-2026-0007
git2: RUSTSEC-2026-0008
jsonwebtoken: CVE-2026-25537
time: RUSTSEC-2026-0009
All applications that statically link libgit2 via the git2 Rust bindings were
also rebuilt against the latest version of the git2 / libgit2-sys crates to pull
in fixes included in libgit2 between v1.8.1 and v1.9.2.
--------------------------------------------------------------------------------
ChangeLog:
* Sat Feb 7 2026 Fabio Valentini [decathorpe@gmail.com] - 0.2.4-2
- Rebuild for RUSTSEC-2026-{0007,0008,0009} and CVE-2026-25537
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2437470 - CVE-2026-25537 rust-jsonwebtoken: jsonwebtoken has Type Confusion that leads to potential authorization bypass [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2437470
[ 2 ] Bug #2437472 - CVE-2026-25537 uv: jsonwebtoken has Type Confusion that leads to potential authorization bypass [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2437472
[ 3 ] Bug #2438104 - CVE-2026-25727 atuin: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438104
[ 4 ] Bug #2438135 - CVE-2026-25727 keylime-agent-rust: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438135
[ 5 ] Bug #2438138 - CVE-2026-25727 maturin: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438138
[ 6 ] Bug #2438149 - CVE-2026-25727 rustup: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438149
[ 7 ] Bug #2438158 - CVE-2026-25727 tbtools: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438158
[ 8 ] Bug #2438164 - CVE-2026-25727 tuigreet: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438164
[ 9 ] Bug #2438165 - CVE-2026-25727 uv: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438165
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-f400579a21' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 43 Update: rust-crypto-auditing-event-broker-0.2.4-2.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-f400579a21
2026-02-10 01:31:32.937525+00:00
--------------------------------------------------------------------------------
Name : rust-crypto-auditing-event-broker
Product : Fedora 43
Version : 0.2.4
Release : 2.fc43
URL : https://crates.io/crates/crypto-auditing-event-broker
Summary : Event broker for crypto-auditing project
Description :
Event broker for crypto-auditing project.
--------------------------------------------------------------------------------
Update Information:
Update the time crate to version 0.3.47.
Update the time-macros crate to version 0.2.27.
Update the time-core crate to version 0.1.8.
Update the num-conv crate to version 0.2.0.
Update the git2 crate to version 0.20.4.
Update the bytes crate to version 1.11.1.
Additionally, this update contains rebuilds of applications affected by security
advisories:
bytes: RUSTSEC-2026-0007
git2: RUSTSEC-2026-0008
jsonwebtoken: CVE-2026-25537
time: RUSTSEC-2026-0009
All applications that statically link libgit2 via the git2 Rust bindings were
also rebuilt against the latest version of the git2 / libgit2-sys crates to pull
in fixes included in libgit2 between v1.8.1 and v1.9.2.
--------------------------------------------------------------------------------
ChangeLog:
* Sat Feb 7 2026 Fabio Valentini [decathorpe@gmail.com] - 0.2.4-2
- Rebuild for RUSTSEC-2026-{0007,0008,0009} and CVE-2026-25537
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2437470 - CVE-2026-25537 rust-jsonwebtoken: jsonwebtoken has Type Confusion that leads to potential authorization bypass [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2437470
[ 2 ] Bug #2437472 - CVE-2026-25537 uv: jsonwebtoken has Type Confusion that leads to potential authorization bypass [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2437472
[ 3 ] Bug #2438104 - CVE-2026-25727 atuin: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438104
[ 4 ] Bug #2438135 - CVE-2026-25727 keylime-agent-rust: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438135
[ 5 ] Bug #2438138 - CVE-2026-25727 maturin: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438138
[ 6 ] Bug #2438149 - CVE-2026-25727 rustup: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438149
[ 7 ] Bug #2438158 - CVE-2026-25727 tbtools: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438158
[ 8 ] Bug #2438164 - CVE-2026-25727 tuigreet: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438164
[ 9 ] Bug #2438165 - CVE-2026-25727 uv: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438165
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-f400579a21' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 43 Update: rust-crypto-auditing-client-0.2.4-2.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-f400579a21
2026-02-10 01:31:32.937525+00:00
--------------------------------------------------------------------------------
Name : rust-crypto-auditing-client
Product : Fedora 43
Version : 0.2.4
Release : 2.fc43
URL : https://crates.io/crates/crypto-auditing-client
Summary : Event broker client for crypto-auditing project
Description :
Event broker client for crypto-auditing project.
--------------------------------------------------------------------------------
Update Information:
Update the time crate to version 0.3.47.
Update the time-macros crate to version 0.2.27.
Update the time-core crate to version 0.1.8.
Update the num-conv crate to version 0.2.0.
Update the git2 crate to version 0.20.4.
Update the bytes crate to version 1.11.1.
Additionally, this update contains rebuilds of applications affected by security
advisories:
bytes: RUSTSEC-2026-0007
git2: RUSTSEC-2026-0008
jsonwebtoken: CVE-2026-25537
time: RUSTSEC-2026-0009
All applications that statically link libgit2 via the git2 Rust bindings were
also rebuilt against the latest version of the git2 / libgit2-sys crates to pull
in fixes included in libgit2 between v1.8.1 and v1.9.2.
--------------------------------------------------------------------------------
ChangeLog:
* Sat Feb 7 2026 Fabio Valentini [decathorpe@gmail.com] - 0.2.4-2
- Rebuild for RUSTSEC-2026-{0007,0008,0009} and CVE-2026-25537
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2437470 - CVE-2026-25537 rust-jsonwebtoken: jsonwebtoken has Type Confusion that leads to potential authorization bypass [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2437470
[ 2 ] Bug #2437472 - CVE-2026-25537 uv: jsonwebtoken has Type Confusion that leads to potential authorization bypass [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2437472
[ 3 ] Bug #2438104 - CVE-2026-25727 atuin: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438104
[ 4 ] Bug #2438135 - CVE-2026-25727 keylime-agent-rust: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438135
[ 5 ] Bug #2438138 - CVE-2026-25727 maturin: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438138
[ 6 ] Bug #2438149 - CVE-2026-25727 rustup: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438149
[ 7 ] Bug #2438158 - CVE-2026-25727 tbtools: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438158
[ 8 ] Bug #2438164 - CVE-2026-25727 tuigreet: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438164
[ 9 ] Bug #2438165 - CVE-2026-25727 uv: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438165
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-f400579a21' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 43 Update: rust-cargo-c-0.10.18-3.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-f400579a21
2026-02-10 01:31:32.937525+00:00
--------------------------------------------------------------------------------
Name : rust-cargo-c
Product : Fedora 43
Version : 0.10.18
Release : 3.fc43
URL : https://crates.io/crates/cargo-c
Summary : Helper program to build and install c-like libraries
Description :
Helper program to build and install c-like libraries.
--------------------------------------------------------------------------------
Update Information:
Update the time crate to version 0.3.47.
Update the time-macros crate to version 0.2.27.
Update the time-core crate to version 0.1.8.
Update the num-conv crate to version 0.2.0.
Update the git2 crate to version 0.20.4.
Update the bytes crate to version 1.11.1.
Additionally, this update contains rebuilds of applications affected by security
advisories:
bytes: RUSTSEC-2026-0007
git2: RUSTSEC-2026-0008
jsonwebtoken: CVE-2026-25537
time: RUSTSEC-2026-0009
All applications that statically link libgit2 via the git2 Rust bindings were
also rebuilt against the latest version of the git2 / libgit2-sys crates to pull
in fixes included in libgit2 between v1.8.1 and v1.9.2.
--------------------------------------------------------------------------------
ChangeLog:
* Sat Feb 7 2026 Fabio Valentini [decathorpe@gmail.com] - 0.10.18-3
- Rebuild for RUSTSEC-2026-{0007,0008,0009} and CVE-2026-25537
* Sat Jan 17 2026 Fedora Release Engineering [releng@fedoraproject.org] - 0.10.18-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2437470 - CVE-2026-25537 rust-jsonwebtoken: jsonwebtoken has Type Confusion that leads to potential authorization bypass [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2437470
[ 2 ] Bug #2437472 - CVE-2026-25537 uv: jsonwebtoken has Type Confusion that leads to potential authorization bypass [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2437472
[ 3 ] Bug #2438104 - CVE-2026-25727 atuin: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438104
[ 4 ] Bug #2438135 - CVE-2026-25727 keylime-agent-rust: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438135
[ 5 ] Bug #2438138 - CVE-2026-25727 maturin: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438138
[ 6 ] Bug #2438149 - CVE-2026-25727 rustup: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438149
[ 7 ] Bug #2438158 - CVE-2026-25727 tbtools: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438158
[ 8 ] Bug #2438164 - CVE-2026-25727 tuigreet: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438164
[ 9 ] Bug #2438165 - CVE-2026-25727 uv: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438165
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-f400579a21' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 43 Update: rust-coreos-installer-0.25.0-4.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-f400579a21
2026-02-10 01:31:32.937525+00:00
--------------------------------------------------------------------------------
Name : rust-coreos-installer
Product : Fedora 43
Version : 0.25.0
Release : 4.fc43
URL : https://crates.io/crates/coreos-installer
Summary : Installer for Fedora CoreOS and RHEL CoreOS
Description :
coreos-installer installs Fedora CoreOS or RHEL CoreOS to bare-metal
machines (or, occasionally, to virtual machines).
--------------------------------------------------------------------------------
Update Information:
Update the time crate to version 0.3.47.
Update the time-macros crate to version 0.2.27.
Update the time-core crate to version 0.1.8.
Update the num-conv crate to version 0.2.0.
Update the git2 crate to version 0.20.4.
Update the bytes crate to version 1.11.1.
Additionally, this update contains rebuilds of applications affected by security
advisories:
bytes: RUSTSEC-2026-0007
git2: RUSTSEC-2026-0008
jsonwebtoken: CVE-2026-25537
time: RUSTSEC-2026-0009
All applications that statically link libgit2 via the git2 Rust bindings were
also rebuilt against the latest version of the git2 / libgit2-sys crates to pull
in fixes included in libgit2 between v1.8.1 and v1.9.2.
--------------------------------------------------------------------------------
ChangeLog:
* Sat Feb 7 2026 Fabio Valentini [decathorpe@gmail.com] - 0.25.0-4
- Rebuild for RUSTSEC-2026-{0007,0008,0009} and CVE-2026-25537
* Sat Jan 17 2026 Fedora Release Engineering [releng@fedoraproject.org] - 0.25.0-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2437470 - CVE-2026-25537 rust-jsonwebtoken: jsonwebtoken has Type Confusion that leads to potential authorization bypass [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2437470
[ 2 ] Bug #2437472 - CVE-2026-25537 uv: jsonwebtoken has Type Confusion that leads to potential authorization bypass [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2437472
[ 3 ] Bug #2438104 - CVE-2026-25727 atuin: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438104
[ 4 ] Bug #2438135 - CVE-2026-25727 keylime-agent-rust: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438135
[ 5 ] Bug #2438138 - CVE-2026-25727 maturin: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438138
[ 6 ] Bug #2438149 - CVE-2026-25727 rustup: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438149
[ 7 ] Bug #2438158 - CVE-2026-25727 tbtools: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438158
[ 8 ] Bug #2438164 - CVE-2026-25727 tuigreet: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438164
[ 9 ] Bug #2438165 - CVE-2026-25727 uv: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438165
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-f400579a21' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 43 Update: rust-btrd-0.5.3-12.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-f400579a21
2026-02-10 01:31:32.937525+00:00
--------------------------------------------------------------------------------
Name : rust-btrd
Product : Fedora 43
Version : 0.5.3
Release : 12.fc43
URL : https://crates.io/crates/btrd
Summary : Btrfs debugger
Description :
The btrfs debugger.
--------------------------------------------------------------------------------
Update Information:
Update the time crate to version 0.3.47.
Update the time-macros crate to version 0.2.27.
Update the time-core crate to version 0.1.8.
Update the num-conv crate to version 0.2.0.
Update the git2 crate to version 0.20.4.
Update the bytes crate to version 1.11.1.
Additionally, this update contains rebuilds of applications affected by security
advisories:
bytes: RUSTSEC-2026-0007
git2: RUSTSEC-2026-0008
jsonwebtoken: CVE-2026-25537
time: RUSTSEC-2026-0009
All applications that statically link libgit2 via the git2 Rust bindings were
also rebuilt against the latest version of the git2 / libgit2-sys crates to pull
in fixes included in libgit2 between v1.8.1 and v1.9.2.
--------------------------------------------------------------------------------
ChangeLog:
* Sat Feb 7 2026 Fabio Valentini [decathorpe@gmail.com] - 0.5.3-12
- Rebuild for RUSTSEC-2026-{0007,0008,0009} and CVE-2026-25537
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2437470 - CVE-2026-25537 rust-jsonwebtoken: jsonwebtoken has Type Confusion that leads to potential authorization bypass [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2437470
[ 2 ] Bug #2437472 - CVE-2026-25537 uv: jsonwebtoken has Type Confusion that leads to potential authorization bypass [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2437472
[ 3 ] Bug #2438104 - CVE-2026-25727 atuin: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438104
[ 4 ] Bug #2438135 - CVE-2026-25727 keylime-agent-rust: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438135
[ 5 ] Bug #2438138 - CVE-2026-25727 maturin: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438138
[ 6 ] Bug #2438149 - CVE-2026-25727 rustup: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438149
[ 7 ] Bug #2438158 - CVE-2026-25727 tbtools: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438158
[ 8 ] Bug #2438164 - CVE-2026-25727 tuigreet: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438164
[ 9 ] Bug #2438165 - CVE-2026-25727 uv: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438165
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-f400579a21' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 43 Update: rust-cargo-deny-0.18.9-4.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-f400579a21
2026-02-10 01:31:32.937525+00:00
--------------------------------------------------------------------------------
Name : rust-cargo-deny
Product : Fedora 43
Version : 0.18.9
Release : 4.fc43
URL : https://crates.io/crates/cargo-deny
Summary : Cargo plugin to help you manage large dependency graphs
Description :
Cargo plugin to help you manage large dependency graphs.
--------------------------------------------------------------------------------
Update Information:
Update the time crate to version 0.3.47.
Update the time-macros crate to version 0.2.27.
Update the time-core crate to version 0.1.8.
Update the num-conv crate to version 0.2.0.
Update the git2 crate to version 0.20.4.
Update the bytes crate to version 1.11.1.
Additionally, this update contains rebuilds of applications affected by security
advisories:
bytes: RUSTSEC-2026-0007
git2: RUSTSEC-2026-0008
jsonwebtoken: CVE-2026-25537
time: RUSTSEC-2026-0009
All applications that statically link libgit2 via the git2 Rust bindings were
also rebuilt against the latest version of the git2 / libgit2-sys crates to pull
in fixes included in libgit2 between v1.8.1 and v1.9.2.
--------------------------------------------------------------------------------
ChangeLog:
* Sat Feb 7 2026 Fabio Valentini [decathorpe@gmail.com] - 0.18.9-4
- Rebuild for RUSTSEC-2026-{0007,0008,0009} and CVE-2026-25537
* Sat Jan 17 2026 Fedora Release Engineering [releng@fedoraproject.org] - 0.18.9-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2437470 - CVE-2026-25537 rust-jsonwebtoken: jsonwebtoken has Type Confusion that leads to potential authorization bypass [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2437470
[ 2 ] Bug #2437472 - CVE-2026-25537 uv: jsonwebtoken has Type Confusion that leads to potential authorization bypass [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2437472
[ 3 ] Bug #2438104 - CVE-2026-25727 atuin: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438104
[ 4 ] Bug #2438135 - CVE-2026-25727 keylime-agent-rust: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438135
[ 5 ] Bug #2438138 - CVE-2026-25727 maturin: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438138
[ 6 ] Bug #2438149 - CVE-2026-25727 rustup: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438149
[ 7 ] Bug #2438158 - CVE-2026-25727 tbtools: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438158
[ 8 ] Bug #2438164 - CVE-2026-25727 tuigreet: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438164
[ 9 ] Bug #2438165 - CVE-2026-25727 uv: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438165
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-f400579a21' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 43 Update: rust-bytes-1.11.1-1.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-f400579a21
2026-02-10 01:31:32.937525+00:00
--------------------------------------------------------------------------------
Name : rust-bytes
Product : Fedora 43
Version : 1.11.1
Release : 1.fc43
URL : https://crates.io/crates/bytes
Summary : Types and traits for working with bytes
Description :
Types and traits for working with bytes.
--------------------------------------------------------------------------------
Update Information:
Update the time crate to version 0.3.47.
Update the time-macros crate to version 0.2.27.
Update the time-core crate to version 0.1.8.
Update the num-conv crate to version 0.2.0.
Update the git2 crate to version 0.20.4.
Update the bytes crate to version 1.11.1.
Additionally, this update contains rebuilds of applications affected by security
advisories:
bytes: RUSTSEC-2026-0007
git2: RUSTSEC-2026-0008
jsonwebtoken: CVE-2026-25537
time: RUSTSEC-2026-0009
All applications that statically link libgit2 via the git2 Rust bindings were
also rebuilt against the latest version of the git2 / libgit2-sys crates to pull
in fixes included in libgit2 between v1.8.1 and v1.9.2.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Feb 6 2026 Fabio Valentini [decathorpe@gmail.com] - 1.11.1-1
- Update to version 1.11.1; Fixes RHBZ#2436335
* Sat Jan 17 2026 Fedora Release Engineering [releng@fedoraproject.org] - 1.11.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2437470 - CVE-2026-25537 rust-jsonwebtoken: jsonwebtoken has Type Confusion that leads to potential authorization bypass [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2437470
[ 2 ] Bug #2437472 - CVE-2026-25537 uv: jsonwebtoken has Type Confusion that leads to potential authorization bypass [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2437472
[ 3 ] Bug #2438104 - CVE-2026-25727 atuin: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438104
[ 4 ] Bug #2438135 - CVE-2026-25727 keylime-agent-rust: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438135
[ 5 ] Bug #2438138 - CVE-2026-25727 maturin: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438138
[ 6 ] Bug #2438149 - CVE-2026-25727 rustup: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438149
[ 7 ] Bug #2438158 - CVE-2026-25727 tbtools: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438158
[ 8 ] Bug #2438164 - CVE-2026-25727 tuigreet: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438164
[ 9 ] Bug #2438165 - CVE-2026-25727 uv: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438165
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-f400579a21' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 43 Update: rust-busd-0.3.1-6.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-f400579a21
2026-02-10 01:31:32.937525+00:00
--------------------------------------------------------------------------------
Name : rust-busd
Product : Fedora 43
Version : 0.3.1
Release : 6.fc43
URL : https://crates.io/crates/busd
Summary : D-Bus bus (broker) implementation
Description :
A D-Bus bus (broker) implementation.
--------------------------------------------------------------------------------
Update Information:
Update the time crate to version 0.3.47.
Update the time-macros crate to version 0.2.27.
Update the time-core crate to version 0.1.8.
Update the num-conv crate to version 0.2.0.
Update the git2 crate to version 0.20.4.
Update the bytes crate to version 1.11.1.
Additionally, this update contains rebuilds of applications affected by security
advisories:
bytes: RUSTSEC-2026-0007
git2: RUSTSEC-2026-0008
jsonwebtoken: CVE-2026-25537
time: RUSTSEC-2026-0009
All applications that statically link libgit2 via the git2 Rust bindings were
also rebuilt against the latest version of the git2 / libgit2-sys crates to pull
in fixes included in libgit2 between v1.8.1 and v1.9.2.
--------------------------------------------------------------------------------
ChangeLog:
* Sat Feb 7 2026 Fabio Valentini [decathorpe@gmail.com] - 0.3.1-6
- Rebuild for RUSTSEC-2026-{0007,0008,0009} and CVE-2026-25537
* Sat Jan 17 2026 Fedora Release Engineering [releng@fedoraproject.org] - 0.3.1-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2437470 - CVE-2026-25537 rust-jsonwebtoken: jsonwebtoken has Type Confusion that leads to potential authorization bypass [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2437470
[ 2 ] Bug #2437472 - CVE-2026-25537 uv: jsonwebtoken has Type Confusion that leads to potential authorization bypass [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2437472
[ 3 ] Bug #2438104 - CVE-2026-25727 atuin: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438104
[ 4 ] Bug #2438135 - CVE-2026-25727 keylime-agent-rust: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438135
[ 5 ] Bug #2438138 - CVE-2026-25727 maturin: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438138
[ 6 ] Bug #2438149 - CVE-2026-25727 rustup: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438149
[ 7 ] Bug #2438158 - CVE-2026-25727 tbtools: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438158
[ 8 ] Bug #2438164 - CVE-2026-25727 tuigreet: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438164
[ 9 ] Bug #2438165 - CVE-2026-25727 uv: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438165
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-f400579a21' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 43 Update: rust-below-0.9.0-6.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-f400579a21
2026-02-10 01:31:32.937525+00:00
--------------------------------------------------------------------------------
Name : rust-below
Product : Fedora 43
Version : 0.9.0
Release : 6.fc43
URL : https://crates.io/crates/below
Summary : Interactive tool to view and record historical system data
Description :
below is an interactive tool to view and record historical system data. It has
support for:
- information regarding hardware resource utilization
- viewing the cgroup hierarchy
- cgroup and process information
- pressure stall information (PSI)
- record mode to record system data
- replay mode to replay historical system data
- live mode to view live system data
- dump subcommand to report script-friendly information (e.g. JSON and CSV)
below does not have support for cgroup1.
The name "below" stems from the fact that the below developers rejected many of
atop's design and style decisions.
--------------------------------------------------------------------------------
Update Information:
Update the time crate to version 0.3.47.
Update the time-macros crate to version 0.2.27.
Update the time-core crate to version 0.1.8.
Update the num-conv crate to version 0.2.0.
Update the git2 crate to version 0.20.4.
Update the bytes crate to version 1.11.1.
Additionally, this update contains rebuilds of applications affected by security
advisories:
bytes: RUSTSEC-2026-0007
git2: RUSTSEC-2026-0008
jsonwebtoken: CVE-2026-25537
time: RUSTSEC-2026-0009
All applications that statically link libgit2 via the git2 Rust bindings were
also rebuilt against the latest version of the git2 / libgit2-sys crates to pull
in fixes included in libgit2 between v1.8.1 and v1.9.2.
--------------------------------------------------------------------------------
ChangeLog:
* Sat Feb 7 2026 Fabio Valentini [decathorpe@gmail.com] - 0.9.0-6
- Rebuild for RUSTSEC-2026-{0007,0008,0009} and CVE-2026-25537
* Sat Jan 17 2026 Fedora Release Engineering [releng@fedoraproject.org] - 0.9.0-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2437470 - CVE-2026-25537 rust-jsonwebtoken: jsonwebtoken has Type Confusion that leads to potential authorization bypass [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2437470
[ 2 ] Bug #2437472 - CVE-2026-25537 uv: jsonwebtoken has Type Confusion that leads to potential authorization bypass [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2437472
[ 3 ] Bug #2438104 - CVE-2026-25727 atuin: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438104
[ 4 ] Bug #2438135 - CVE-2026-25727 keylime-agent-rust: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438135
[ 5 ] Bug #2438138 - CVE-2026-25727 maturin: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438138
[ 6 ] Bug #2438149 - CVE-2026-25727 rustup: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438149
[ 7 ] Bug #2438158 - CVE-2026-25727 tbtools: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438158
[ 8 ] Bug #2438164 - CVE-2026-25727 tuigreet: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438164
[ 9 ] Bug #2438165 - CVE-2026-25727 uv: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438165
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-f400579a21' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 43 Update: rust-add-determinism-0.6.0-3.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-f400579a21
2026-02-10 01:31:32.937525+00:00
--------------------------------------------------------------------------------
Name : rust-add-determinism
Product : Fedora 43
Version : 0.6.0
Release : 3.fc43
URL : https://crates.io/crates/add-determinism
Summary : RPM buildroot helper to strip nondeterministic bits in files
Description :
RPM buildroot helper to strip nondeterministic bits in files.
--------------------------------------------------------------------------------
Update Information:
Update the time crate to version 0.3.47.
Update the time-macros crate to version 0.2.27.
Update the time-core crate to version 0.1.8.
Update the num-conv crate to version 0.2.0.
Update the git2 crate to version 0.20.4.
Update the bytes crate to version 1.11.1.
Additionally, this update contains rebuilds of applications affected by security
advisories:
bytes: RUSTSEC-2026-0007
git2: RUSTSEC-2026-0008
jsonwebtoken: CVE-2026-25537
time: RUSTSEC-2026-0009
All applications that statically link libgit2 via the git2 Rust bindings were
also rebuilt against the latest version of the git2 / libgit2-sys crates to pull
in fixes included in libgit2 between v1.8.1 and v1.9.2.
--------------------------------------------------------------------------------
ChangeLog:
* Sat Feb 7 2026 Fabio Valentini [decathorpe@gmail.com] - 0.6.0-3
- Rebuild for RUSTSEC-2026-{0007,0008,0009} and CVE-2026-25537
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2437470 - CVE-2026-25537 rust-jsonwebtoken: jsonwebtoken has Type Confusion that leads to potential authorization bypass [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2437470
[ 2 ] Bug #2437472 - CVE-2026-25537 uv: jsonwebtoken has Type Confusion that leads to potential authorization bypass [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2437472
[ 3 ] Bug #2438104 - CVE-2026-25727 atuin: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438104
[ 4 ] Bug #2438135 - CVE-2026-25727 keylime-agent-rust: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438135
[ 5 ] Bug #2438138 - CVE-2026-25727 maturin: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438138
[ 6 ] Bug #2438149 - CVE-2026-25727 rustup: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438149
[ 7 ] Bug #2438158 - CVE-2026-25727 tbtools: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438158
[ 8 ] Bug #2438164 - CVE-2026-25727 tuigreet: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438164
[ 9 ] Bug #2438165 - CVE-2026-25727 uv: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438165
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-f400579a21' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 43 Update: ntpd-rs-1.6.2-3.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-f400579a21
2026-02-10 01:31:32.937525+00:00
--------------------------------------------------------------------------------
Name : ntpd-rs
Product : Fedora 43
Version : 1.6.2
Release : 3.fc43
URL : https://github.com/pendulum-project/ntpd-rs
Summary : Full-featured implementation of NTP with NTS support
Description :
Full-featured implementation of NTP with NTS support.
--------------------------------------------------------------------------------
Update Information:
Update the time crate to version 0.3.47.
Update the time-macros crate to version 0.2.27.
Update the time-core crate to version 0.1.8.
Update the num-conv crate to version 0.2.0.
Update the git2 crate to version 0.20.4.
Update the bytes crate to version 1.11.1.
Additionally, this update contains rebuilds of applications affected by security
advisories:
bytes: RUSTSEC-2026-0007
git2: RUSTSEC-2026-0008
jsonwebtoken: CVE-2026-25537
time: RUSTSEC-2026-0009
All applications that statically link libgit2 via the git2 Rust bindings were
also rebuilt against the latest version of the git2 / libgit2-sys crates to pull
in fixes included in libgit2 between v1.8.1 and v1.9.2.
--------------------------------------------------------------------------------
ChangeLog:
* Sat Feb 7 2026 Fabio Valentini [decathorpe@gmail.com] - 1.6.2-3
- Rebuild for RUSTSEC-2026-{0007,0008,0009} and CVE-2026-25537
* Fri Jan 16 2026 Fedora Release Engineering [releng@fedoraproject.org] - 1.6.2-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2437470 - CVE-2026-25537 rust-jsonwebtoken: jsonwebtoken has Type Confusion that leads to potential authorization bypass [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2437470
[ 2 ] Bug #2437472 - CVE-2026-25537 uv: jsonwebtoken has Type Confusion that leads to potential authorization bypass [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2437472
[ 3 ] Bug #2438104 - CVE-2026-25727 atuin: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438104
[ 4 ] Bug #2438135 - CVE-2026-25727 keylime-agent-rust: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438135
[ 5 ] Bug #2438138 - CVE-2026-25727 maturin: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438138
[ 6 ] Bug #2438149 - CVE-2026-25727 rustup: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438149
[ 7 ] Bug #2438158 - CVE-2026-25727 tbtools: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438158
[ 8 ] Bug #2438164 - CVE-2026-25727 tuigreet: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438164
[ 9 ] Bug #2438165 - CVE-2026-25727 uv: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438165
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-f400579a21' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 43 Update: envision-3.2.0-7.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-f400579a21
2026-02-10 01:31:32.937525+00:00
--------------------------------------------------------------------------------
Name : envision
Product : Fedora 43
Version : 3.2.0
Release : 7.fc43
URL : https://gitlab.com/gabmus/envision
Summary : UI for building, configuring, and running Monado/WiVRn
Description :
UI for building, configuring, and running Monado, the open source
OpenXR runtime.
This is still highly experimental software, while it's unlikely that
anything bad will happen, it's still unstable and there is no guarantee
that it will work on your system, with your particular hardware. If you
encounter any problems while using the app, make sure to open an issue.
Also consider that due to the unstable nature of the app, it's possible
to encounter unexpected behavior that while in VR might cause motion
sickness or physical injury. Be very careful while in VR using this app!
--------------------------------------------------------------------------------
Update Information:
Update the time crate to version 0.3.47.
Update the time-macros crate to version 0.2.27.
Update the time-core crate to version 0.1.8.
Update the num-conv crate to version 0.2.0.
Update the git2 crate to version 0.20.4.
Update the bytes crate to version 1.11.1.
Additionally, this update contains rebuilds of applications affected by security
advisories:
bytes: RUSTSEC-2026-0007
git2: RUSTSEC-2026-0008
jsonwebtoken: CVE-2026-25537
time: RUSTSEC-2026-0009
All applications that statically link libgit2 via the git2 Rust bindings were
also rebuilt against the latest version of the git2 / libgit2-sys crates to pull
in fixes included in libgit2 between v1.8.1 and v1.9.2.
--------------------------------------------------------------------------------
ChangeLog:
* Sat Feb 7 2026 Jonathan Steffan [jsteffan@fedoraproject.org] - 3.2.0-7
- Update wivrn build Requires.
* Sat Feb 7 2026 Fabio Valentini [decathorpe@gmail.com] - 3.2.0-6
- Bump git2 dependency to 0.20 and simplify packaging
* Thu Jan 29 2026 Nicolas Chauvet [kwizart@gmail.com] - 3.2.0-5
- Add FTBFS for https://gitlab.com/gabmus/envision/-/issues/256
* Thu Jan 29 2026 Nicolas Chauvet [kwizart@gmail.com] - 3.2.0-4
- Rebuilt for OpenCV 4.13
* Fri Jan 16 2026 Fedora Release Engineering [releng@fedoraproject.org] - 3.2.0-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2437470 - CVE-2026-25537 rust-jsonwebtoken: jsonwebtoken has Type Confusion that leads to potential authorization bypass [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2437470
[ 2 ] Bug #2437472 - CVE-2026-25537 uv: jsonwebtoken has Type Confusion that leads to potential authorization bypass [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2437472
[ 3 ] Bug #2438104 - CVE-2026-25727 atuin: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438104
[ 4 ] Bug #2438135 - CVE-2026-25727 keylime-agent-rust: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438135
[ 5 ] Bug #2438138 - CVE-2026-25727 maturin: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438138
[ 6 ] Bug #2438149 - CVE-2026-25727 rustup: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438149
[ 7 ] Bug #2438158 - CVE-2026-25727 tbtools: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438158
[ 8 ] Bug #2438164 - CVE-2026-25727 tuigreet: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438164
[ 9 ] Bug #2438165 - CVE-2026-25727 uv: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438165
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-f400579a21' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 43 Update: rust-app-store-connect-0.5.0-6.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-f400579a21
2026-02-10 01:31:32.937525+00:00
--------------------------------------------------------------------------------
Name : rust-app-store-connect
Product : Fedora 43
Version : 0.5.0
Release : 6.fc43
URL : https://crates.io/crates/app-store-connect
Summary : Apple App Store Connect API and client
Description :
Apple App Store Connect API and client.
--------------------------------------------------------------------------------
Update Information:
Update the time crate to version 0.3.47.
Update the time-macros crate to version 0.2.27.
Update the time-core crate to version 0.1.8.
Update the num-conv crate to version 0.2.0.
Update the git2 crate to version 0.20.4.
Update the bytes crate to version 1.11.1.
Additionally, this update contains rebuilds of applications affected by security
advisories:
bytes: RUSTSEC-2026-0007
git2: RUSTSEC-2026-0008
jsonwebtoken: CVE-2026-25537
time: RUSTSEC-2026-0009
All applications that statically link libgit2 via the git2 Rust bindings were
also rebuilt against the latest version of the git2 / libgit2-sys crates to pull
in fixes included in libgit2 between v1.8.1 and v1.9.2.
--------------------------------------------------------------------------------
ChangeLog:
* Sun Feb 8 2026 Benjamin A. Beasley [code@musicinmybrain.net] - 0.5.0-6
- Rebuild for RUSTSEC-2026-{0007,0008,0009} and CVE-2026-25537
* Sat Jan 17 2026 Fedora Release Engineering [releng@fedoraproject.org] - 0.5.0-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2437470 - CVE-2026-25537 rust-jsonwebtoken: jsonwebtoken has Type Confusion that leads to potential authorization bypass [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2437470
[ 2 ] Bug #2437472 - CVE-2026-25537 uv: jsonwebtoken has Type Confusion that leads to potential authorization bypass [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2437472
[ 3 ] Bug #2438104 - CVE-2026-25727 atuin: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438104
[ 4 ] Bug #2438135 - CVE-2026-25727 keylime-agent-rust: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438135
[ 5 ] Bug #2438138 - CVE-2026-25727 maturin: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438138
[ 6 ] Bug #2438149 - CVE-2026-25727 rustup: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438149
[ 7 ] Bug #2438158 - CVE-2026-25727 tbtools: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438158
[ 8 ] Bug #2438164 - CVE-2026-25727 tuigreet: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438164
[ 9 ] Bug #2438165 - CVE-2026-25727 uv: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438165
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-f400579a21' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 43 Update: keylime-agent-rust-0.2.8-10.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-f400579a21
2026-02-10 01:31:32.937525+00:00
--------------------------------------------------------------------------------
Name : keylime-agent-rust
Product : Fedora 43
Version : 0.2.8
Release : 10.fc43
URL : https://github.com/keylime/rust-keylime/
Summary : The Keylime agent
Description :
The Keylime agent
--------------------------------------------------------------------------------
Update Information:
Update the time crate to version 0.3.47.
Update the time-macros crate to version 0.2.27.
Update the time-core crate to version 0.1.8.
Update the num-conv crate to version 0.2.0.
Update the git2 crate to version 0.20.4.
Update the bytes crate to version 1.11.1.
Additionally, this update contains rebuilds of applications affected by security
advisories:
bytes: RUSTSEC-2026-0007
git2: RUSTSEC-2026-0008
jsonwebtoken: CVE-2026-25537
time: RUSTSEC-2026-0009
All applications that statically link libgit2 via the git2 Rust bindings were
also rebuilt against the latest version of the git2 / libgit2-sys crates to pull
in fixes included in libgit2 between v1.8.1 and v1.9.2.
--------------------------------------------------------------------------------
ChangeLog:
* Sat Feb 7 2026 Fabio Valentini [decathorpe@gmail.com] - 0.2.8-10
- Rebuild for RUSTSEC-2026-{0007,0008,0009} and CVE-2026-25537
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2437470 - CVE-2026-25537 rust-jsonwebtoken: jsonwebtoken has Type Confusion that leads to potential authorization bypass [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2437470
[ 2 ] Bug #2437472 - CVE-2026-25537 uv: jsonwebtoken has Type Confusion that leads to potential authorization bypass [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2437472
[ 3 ] Bug #2438104 - CVE-2026-25727 atuin: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438104
[ 4 ] Bug #2438135 - CVE-2026-25727 keylime-agent-rust: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438135
[ 5 ] Bug #2438138 - CVE-2026-25727 maturin: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438138
[ 6 ] Bug #2438149 - CVE-2026-25727 rustup: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438149
[ 7 ] Bug #2438158 - CVE-2026-25727 tbtools: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438158
[ 8 ] Bug #2438164 - CVE-2026-25727 tuigreet: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438164
[ 9 ] Bug #2438165 - CVE-2026-25727 uv: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438165
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-f400579a21' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 43 Update: rust-afterburn-5.10.0-3.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-f400579a21
2026-02-10 01:31:32.937525+00:00
--------------------------------------------------------------------------------
Name : rust-afterburn
Product : Fedora 43
Version : 5.10.0
Release : 3.fc43
URL : https://crates.io/crates/afterburn
Summary : Simple cloud provider agent
Description :
A simple cloud provider agent.
--------------------------------------------------------------------------------
Update Information:
Update the time crate to version 0.3.47.
Update the time-macros crate to version 0.2.27.
Update the time-core crate to version 0.1.8.
Update the num-conv crate to version 0.2.0.
Update the git2 crate to version 0.20.4.
Update the bytes crate to version 1.11.1.
Additionally, this update contains rebuilds of applications affected by security
advisories:
bytes: RUSTSEC-2026-0007
git2: RUSTSEC-2026-0008
jsonwebtoken: CVE-2026-25537
time: RUSTSEC-2026-0009
All applications that statically link libgit2 via the git2 Rust bindings were
also rebuilt against the latest version of the git2 / libgit2-sys crates to pull
in fixes included in libgit2 between v1.8.1 and v1.9.2.
--------------------------------------------------------------------------------
ChangeLog:
* Sat Feb 7 2026 Fabio Valentini [decathorpe@gmail.com] - 5.10.0-3
- Rebuild for RUSTSEC-2026-{0007,0008,0009} and CVE-2026-25537
* Sat Jan 17 2026 Fedora Release Engineering [releng@fedoraproject.org] - 5.10.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2437470 - CVE-2026-25537 rust-jsonwebtoken: jsonwebtoken has Type Confusion that leads to potential authorization bypass [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2437470
[ 2 ] Bug #2437472 - CVE-2026-25537 uv: jsonwebtoken has Type Confusion that leads to potential authorization bypass [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2437472
[ 3 ] Bug #2438104 - CVE-2026-25727 atuin: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438104
[ 4 ] Bug #2438135 - CVE-2026-25727 keylime-agent-rust: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438135
[ 5 ] Bug #2438138 - CVE-2026-25727 maturin: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438138
[ 6 ] Bug #2438149 - CVE-2026-25727 rustup: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438149
[ 7 ] Bug #2438158 - CVE-2026-25727 tbtools: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438158
[ 8 ] Bug #2438164 - CVE-2026-25727 tuigreet: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438164
[ 9 ] Bug #2438165 - CVE-2026-25727 uv: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438165
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-f400579a21' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 43 Update: glycin-2.0.5-4.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-f400579a21
2026-02-10 01:31:32.937525+00:00
--------------------------------------------------------------------------------
Name : glycin
Product : Fedora 43
Version : 2.0.5
Release : 4.fc43
URL : https://gitlab.gnome.org/GNOME/glycin
Summary : Sandboxed image rendering
Description :
Sandboxed and extendable image decoding.
--------------------------------------------------------------------------------
Update Information:
Update the time crate to version 0.3.47.
Update the time-macros crate to version 0.2.27.
Update the time-core crate to version 0.1.8.
Update the num-conv crate to version 0.2.0.
Update the git2 crate to version 0.20.4.
Update the bytes crate to version 1.11.1.
Additionally, this update contains rebuilds of applications affected by security
advisories:
bytes: RUSTSEC-2026-0007
git2: RUSTSEC-2026-0008
jsonwebtoken: CVE-2026-25537
time: RUSTSEC-2026-0009
All applications that statically link libgit2 via the git2 Rust bindings were
also rebuilt against the latest version of the git2 / libgit2-sys crates to pull
in fixes included in libgit2 between v1.8.1 and v1.9.2.
--------------------------------------------------------------------------------
ChangeLog:
* Sat Feb 7 2026 Fabio Valentini [decathorpe@gmail.com] - 2.0.5-4
- Rebuild for RUSTSEC-2026-{0007,0008,0009} and CVE-2026-25537
* Fri Jan 16 2026 Fedora Release Engineering [releng@fedoraproject.org] - 2.0.5-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
* Tue Dec 23 2025 Yaakov Selkowitz [yselkowi@redhat.com] - 2.0.5-2
- Disable libheif on RHEL again
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2437470 - CVE-2026-25537 rust-jsonwebtoken: jsonwebtoken has Type Confusion that leads to potential authorization bypass [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2437470
[ 2 ] Bug #2437472 - CVE-2026-25537 uv: jsonwebtoken has Type Confusion that leads to potential authorization bypass [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2437472
[ 3 ] Bug #2438104 - CVE-2026-25727 atuin: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438104
[ 4 ] Bug #2438135 - CVE-2026-25727 keylime-agent-rust: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438135
[ 5 ] Bug #2438138 - CVE-2026-25727 maturin: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438138
[ 6 ] Bug #2438149 - CVE-2026-25727 rustup: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438149
[ 7 ] Bug #2438158 - CVE-2026-25727 tbtools: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438158
[ 8 ] Bug #2438164 - CVE-2026-25727 tuigreet: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438164
[ 9 ] Bug #2438165 - CVE-2026-25727 uv: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438165
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-f400579a21' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 43 Update: bustle-0.13.0-4.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-f400579a21
2026-02-10 01:31:32.937525+00:00
--------------------------------------------------------------------------------
Name : bustle
Product : Fedora 43
Version : 0.13.0
Release : 4.fc43
URL : https://gitlab.gnome.org/World/bustle
Summary : Visualize D-Bus activity
Description :
Bustle draws sequence diagrams of D-Bus activity, showing signal
emissions, method calls and their corresponding returns, with timestamps
for each individual event and the duration of each method call. This can
help you check for unwanted D-Bus traffic, and pinpoint why your
D-Bus-based application isn't performing as well as you like. It also
provides statistics like signal frequencies and average method call
times.
--------------------------------------------------------------------------------
Update Information:
Update the time crate to version 0.3.47.
Update the time-macros crate to version 0.2.27.
Update the time-core crate to version 0.1.8.
Update the num-conv crate to version 0.2.0.
Update the git2 crate to version 0.20.4.
Update the bytes crate to version 1.11.1.
Additionally, this update contains rebuilds of applications affected by security
advisories:
bytes: RUSTSEC-2026-0007
git2: RUSTSEC-2026-0008
jsonwebtoken: CVE-2026-25537
time: RUSTSEC-2026-0009
All applications that statically link libgit2 via the git2 Rust bindings were
also rebuilt against the latest version of the git2 / libgit2-sys crates to pull
in fixes included in libgit2 between v1.8.1 and v1.9.2.
--------------------------------------------------------------------------------
ChangeLog:
* Sat Feb 7 2026 Fabio Valentini [decathorpe@gmail.com] - 0.13.0-4
- Rebuild for RUSTSEC-2026-{0007,0008,0009} and CVE-2026-25537
* Fri Jan 16 2026 Fedora Release Engineering [releng@fedoraproject.org] - 0.13.0-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
* Fri Jan 16 2026 Fedora Release Engineering [releng@fedoraproject.org] - 0.13.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2437470 - CVE-2026-25537 rust-jsonwebtoken: jsonwebtoken has Type Confusion that leads to potential authorization bypass [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2437470
[ 2 ] Bug #2437472 - CVE-2026-25537 uv: jsonwebtoken has Type Confusion that leads to potential authorization bypass [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2437472
[ 3 ] Bug #2438104 - CVE-2026-25727 atuin: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438104
[ 4 ] Bug #2438135 - CVE-2026-25727 keylime-agent-rust: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438135
[ 5 ] Bug #2438138 - CVE-2026-25727 maturin: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438138
[ 6 ] Bug #2438149 - CVE-2026-25727 rustup: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438149
[ 7 ] Bug #2438158 - CVE-2026-25727 tbtools: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438158
[ 8 ] Bug #2438164 - CVE-2026-25727 tuigreet: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438164
[ 9 ] Bug #2438165 - CVE-2026-25727 uv: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438165
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-f400579a21' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 43 Update: asciinema-3.0.0-5.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-f400579a21
2026-02-10 01:31:32.937525+00:00
--------------------------------------------------------------------------------
Name : asciinema
Product : Fedora 43
Version : 3.0.0
Release : 5.fc43
URL : https://asciinema.org
Summary : Terminal session recorder, streamer and player
Description :
asciinema (aka asciinema CLI or asciinema recorder) is a command-line
tool for recording and live streaming terminal sessions.
--------------------------------------------------------------------------------
Update Information:
Update the time crate to version 0.3.47.
Update the time-macros crate to version 0.2.27.
Update the time-core crate to version 0.1.8.
Update the num-conv crate to version 0.2.0.
Update the git2 crate to version 0.20.4.
Update the bytes crate to version 1.11.1.
Additionally, this update contains rebuilds of applications affected by security
advisories:
bytes: RUSTSEC-2026-0007
git2: RUSTSEC-2026-0008
jsonwebtoken: CVE-2026-25537
time: RUSTSEC-2026-0009
All applications that statically link libgit2 via the git2 Rust bindings were
also rebuilt against the latest version of the git2 / libgit2-sys crates to pull
in fixes included in libgit2 between v1.8.1 and v1.9.2.
--------------------------------------------------------------------------------
ChangeLog:
* Sat Feb 7 2026 Fabio Valentini [decathorpe@gmail.com] - 3.0.0-5
- Rebuild for RUSTSEC-2026-{0007,0008,0009} and CVE-2026-25537
* Fri Jan 16 2026 Fedora Release Engineering [releng@fedoraproject.org] - 3.0.0-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
* Fri Jan 16 2026 Fedora Release Engineering [releng@fedoraproject.org] - 3.0.0-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2437470 - CVE-2026-25537 rust-jsonwebtoken: jsonwebtoken has Type Confusion that leads to potential authorization bypass [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2437470
[ 2 ] Bug #2437472 - CVE-2026-25537 uv: jsonwebtoken has Type Confusion that leads to potential authorization bypass [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2437472
[ 3 ] Bug #2438104 - CVE-2026-25727 atuin: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438104
[ 4 ] Bug #2438135 - CVE-2026-25727 keylime-agent-rust: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438135
[ 5 ] Bug #2438138 - CVE-2026-25727 maturin: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438138
[ 6 ] Bug #2438149 - CVE-2026-25727 rustup: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438149
[ 7 ] Bug #2438158 - CVE-2026-25727 tbtools: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438158
[ 8 ] Bug #2438164 - CVE-2026-25727 tuigreet: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438164
[ 9 ] Bug #2438165 - CVE-2026-25727 uv: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438165
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-f400579a21' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 43 Update: cef-144.0.11^chromium144.0.7559.109-2.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-792b1b7bbd
2026-02-10 01:31:32.937468+00:00
--------------------------------------------------------------------------------
Name : cef
Product : Fedora 43
Version : 144.0.11^chromium144.0.7559.109
Release : 2.fc43
URL : https://bitbucket.org/chromiumembedded/cef
Summary : Chromium Embedded Framework
Description :
CEF is an embeddable build of Chromium, powered by WebKit (Blink).
--------------------------------------------------------------------------------
Update Information:
Update to Chromium 144.0.7559.109
CVE-2026-1504: Inappropriate implementation in Background Fetch API
--------------------------------------------------------------------------------
ChangeLog:
* Sat Jan 31 2026 Jan Stan??k [jstanek@redhat.com] - 144.0.11^chromium144.0.7559.109-2
- Update BR for nodejs
* Sat Jan 31 2026 Than Ngo [than@redhat.com] - 144.0.11^chromium144.0.7559.109-1
- Update to 144.0.7559.109
- * CVE-2026-1504: Inappropriate implementation in Background Fetch API
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2435464 - cef-144.0.12 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2435464
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-792b1b7bbd' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
[SECURITY] Fedora 42 Update: python3.6-3.6.15-52.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-f5514402fd
2026-02-10 01:08:32.523437+00:00
--------------------------------------------------------------------------------
Name : python3.6
Product : Fedora 42
Version : 3.6.15
Release : 52.fc42
URL : https://www.python.org/
Summary : Version 3.6 of the Python interpreter
Description :
Python 3.6 package for developers.
This package exists to allow developers to test their code against an older
version of Python. This is not a full Python stack and if you wish to run
your applications with Python 3.6, see other distributions
that support it, such as CentOS or RHEL with Software Collections
or older Fedora releases.
--------------------------------------------------------------------------------
Update Information:
Security fixes for CVE-2026-0865, CVE-2025-15366, CVE-2025-15367, CVE-2026-1299
--------------------------------------------------------------------------------
ChangeLog:
* Thu Jan 29 2026 Lum??r Balhar [lbalhar@redhat.com] - 3.6.15-52
- Security fixes for CVE-2026-0865, CVE-2025-15366, CVE-2025-15367, CVE-2026-1299
* Sat Jan 17 2026 Fedora Release Engineering [releng@fedoraproject.org] - 3.6.15-51
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
* Thu Nov 6 2025 Miro Hron??ok [mhroncok@redhat.com] - 3.6.15-50
- On Fedora 44+, split this package into multiple subpackages
- This mimics newer Python versions
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2431621 - CVE-2025-15366 python3.6: IMAP command injection in user-controlled commands [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2431621
[ 2 ] Bug #2431645 - CVE-2025-15367 python3.6: POP3 command injection in user-controlled commands [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2431645
[ 3 ] Bug #2431805 - CVE-2026-0865 python3.6: wsgiref.headers.Headers allows header newline injection in Python [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2431805
[ 4 ] Bug #2433821 - CVE-2026-1299 python3.6: email header injection due to unquoted newlines [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2433821
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-f5514402fd' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
[SECURITY] Fedora 42 Update: cef-144.0.11^chromium144.0.7559.109-2.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-24ed079b30
2026-02-10 01:08:32.523402+00:00
--------------------------------------------------------------------------------
Name : cef
Product : Fedora 42
Version : 144.0.11^chromium144.0.7559.109
Release : 2.fc42
URL : https://bitbucket.org/chromiumembedded/cef
Summary : Chromium Embedded Framework
Description :
CEF is an embeddable build of Chromium, powered by WebKit (Blink).
--------------------------------------------------------------------------------
Update Information:
Update to Chromium 144.0.7559.109
CVE-2026-1504: Inappropriate implementation in Background Fetch API
--------------------------------------------------------------------------------
ChangeLog:
* Sat Jan 31 2026 Jan Stan??k [jstanek@redhat.com] - 144.0.11^chromium144.0.7559.109-2
- Update BR for nodejs
* Sat Jan 31 2026 Than Ngo [than@redhat.com] - 144.0.11^chromium144.0.7559.109-1
- Update to 144.0.7559.109
- * CVE-2026-1504: Inappropriate implementation in Background Fetch API
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2435464 - cef-144.0.12 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2435464
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-24ed079b30' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
[SECURITY] Fedora 42 Update: java-21-openjdk-21.0.10.0.7-2.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-1ad57632f2
2026-02-10 01:08:32.523381+00:00
--------------------------------------------------------------------------------
Name : java-21-openjdk
Product : Fedora 42
Version : 21.0.10.0.7
Release : 2.fc42
URL : http://openjdk.java.net/
Summary : OpenJDK 21 Runtime Environment
Description :
The OpenJDK 21 runtime environment.
--------------------------------------------------------------------------------
Update Information:
January 2026 annual updates
January 2026 security update
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jan 27 2026 Jiri Vanek [jvanek@redhat.com] - 1:21.0.10.0.7-2
- Adjusted bundled libpng version
* Mon Jan 26 2026 Jiri Vanek [jvanek@redhat.com] - 1:21.0.10.0.7-1
- Udpated to January 2026 CPU
* Mon Jan 26 2026 Jiri Vanek [jvanek@redhat.com] - 1:21.0.9.0.10-3
- Revert "Rebuilt for
https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild"
* Fri Jan 16 2026 Fedora Release Engineering [releng@fedoraproject.org] - 1:26.0.0.0.29-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
* Wed Dec 24 2025 Yaakov Selkowitz [yselkowi@redhat.com] - 1:26.0.0.0.29-2
- Fix ELN build
* Wed Dec 24 2025 Jiri Vanek [jvanek@redhat.com] - 1:26.0.0.0.29-1
- Annual christmas update to jdk26
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-1ad57632f2' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
