Transmission, Nextcloud, Samba, and Core Libraries updates for Fedora

Fedora Linux 9374 Published 2026-06-05 06:37 by Philipp Esselbach

News

[SECURITY] Fedora 44 Update: transmission-4.1.2-1.fc44

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-c032fac814
2026-06-05 04:25:00.359120+00:00
--------------------------------------------------------------------------------

Name : transmission
Product : Fedora 44
Version : 4.1.2
Release : 1.fc44
URL : http://www.transmissionbt.com
Summary : A lightweight GTK+ BitTorrent client
Description :
Transmission is a free, lightweight BitTorrent client. It features a
simple, intuitive interface on top on an efficient, cross-platform
back-end.

--------------------------------------------------------------------------------
Update Information:

4.1.2, fix for CVE-2026-38978
--------------------------------------------------------------------------------
ChangeLog:

* Wed Jun 3 2026 Gwyn Ciesla [gwync@protonmail.com] - 4.1.2-1
- 4.1.2
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2483871 - transmission-4.1.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2483871
[ 2 ] Bug #2484367 - CVE-2026-38978 transmission: Transmission: Clickjacking weakness in WebUI and RPC response paths [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2484367
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-c032fac814' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new

[SECURITY] Fedora 44 Update: libre-4.8.1-1.fc44

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-837d6ef455
2026-06-05 04:25:00.359060+00:00
--------------------------------------------------------------------------------

Name : libre
Product : Fedora 44
Version : 4.8.1
Release : 1.fc44
URL : https://github.com/baresip/re
Summary : Generic library for real-time communications
Description :
Libre is a generic library for real-time communications with async I/O
support. Features are a SIP stack (RFC 3261), SDP, RTP and RTCP, SRTP and
SRTCP (Secure RTP), DNS client, STUN/TURN/ICE stack, BFCP, HTTP stack with
client/server, Websockets, Jitter buffer, async I/O (poll, epoll, select,
kqueue), UDP/TCP/TLS/DTLS transport, JSON parser and Real Time Messaging
Protocol (RTMP).

--------------------------------------------------------------------------------
Update Information:

libre v4.8.1 (2026-05-28)
fmt/pl: add pl_strip_html()
sys/fs: add getpwuid fallback for fs_gethome
tls: remove unused include rsa.h
ice: check source address of incoming application packets
websock: Fix integer overflow in websock_decode() masked frame check
https://github.com/baresip/re/security/advisories/GHSA-hvxv-v2gp-v93h
https://github.com/baresip/baresip/issues/3705
--------------------------------------------------------------------------------
ChangeLog:

* Thu May 28 2026 Robert Scheck [robert@fedoraproject.org] 4.8.1-1
- Upgrade to 4.8.1 (#2482756)
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2482756 - libre-4.8.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2482756
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-837d6ef455' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new

[SECURITY] Fedora 44 Update: python-starlette-0.52.1-2.fc44

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-3bce8d3f11
2026-06-05 04:25:00.359057+00:00
--------------------------------------------------------------------------------

Name : python-starlette
Product : Fedora 44
Version : 0.52.1
Release : 2.fc44
URL : https://www.starlette.io/
Summary : The little ASGI library that shines
Description :
Starlette is a lightweight ASGI framework/toolkit, which is ideal for building
async web services in Python.

It is production-ready, and gives you the following:

??? A lightweight, low-complexity HTTP web framework.
??? WebSocket support.
??? In-process background tasks.
??? Startup and shutdown events.
??? Test client built on requests.
??? CORS, GZip, Static Files, Streaming responses.
??? Session and Cookie support.
??? 100% test coverage.
??? 100% type annotated codebase.
??? Few hard dependencies.
??? Compatible with asyncio and trio backends.
??? Great overall performance against independent benchmarks.

--------------------------------------------------------------------------------
Update Information:

Backport fix for CVE-2026-48710
--------------------------------------------------------------------------------
ChangeLog:

* Thu May 28 2026 Paul Wouters [paul.wouters@aiven.io] - 0.52.1-2
- Backport fix for CVE-2026-48710
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2481742 - CVE-2026-48710 starlette: Starlette: Security restriction bypass via malformed HTTP Host header
https://bugzilla.redhat.com/show_bug.cgi?id=2481742
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-3bce8d3f11' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

[SECURITY] Fedora 44 Update: nextcloud-33.0.4-1.fc44

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-30881a5be7
2026-06-05 04:25:00.359051+00:00
--------------------------------------------------------------------------------

Name : nextcloud
Product : Fedora 44
Version : 33.0.4
Release : 1.fc44
URL : http://nextcloud.com
Summary : Private file sync and share server
Description :
NextCloud gives you universal access to your files through a web interface or
WebDAV. It also provides a platform to easily view & sync your contacts,
calendars and bookmarks across all your devices and enables basic editing right
on the web. NextCloud is extendable via a simple but powerful API for
applications and plugins.

--------------------------------------------------------------------------------
Update Information:

33.0.4 Release
--------------------------------------------------------------------------------
ChangeLog:

* Thu May 28 2026 Andrew Bauer [zonexpertconsulting@outlook.com] - 33.0.4-1
- 33.0.4 Release RHBZ#2482794
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2467998 - CVE-2026-42044 nextcloud: Axios: Invisible JSON Response Tampering via Prototype Pollution Gadget [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2467998
[ 2 ] Bug #2468008 - CVE-2026-42044 nextcloud: Axios: Invisible JSON Response Tampering via Prototype Pollution Gadget [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2468008
[ 3 ] Bug #2476733 - CVE-2026-44167 nextcloud: phpseclib: Denial of Service via untrusted ASN.1 file loading [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2476733
[ 4 ] Bug #2476734 - CVE-2026-44167 nextcloud: phpseclib: Denial of Service via untrusted ASN.1 file loading [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2476734
[ 5 ] Bug #2482794 - nextcloud-33.0.4 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2482794
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-30881a5be7' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new

[SECURITY] Fedora 44 Update: perl-Cpanel-JSON-XS-4.41-1.fc44

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-0a82e80353
2026-06-05 04:25:00.359045+00:00
--------------------------------------------------------------------------------

Name : perl-Cpanel-JSON-XS
Product : Fedora 44
Version : 4.41
Release : 1.fc44
URL : https://metacpan.org/release/Cpanel-JSON-XS
Summary : JSON::XS for Cpanel, fast and correct serializing
Description :
This module converts Perl data structures to JSON and vice versa. Its
primary goal is to be correct and its secondary goal is to be fast. To
reach the latter goal it was written in C.

--------------------------------------------------------------------------------
Update Information:

This update addresses a number of bugs including these security issues:
Fix BOM-shift PV-corruption SIGABRT (CVE-2026-9516)
Fix dupkeys_as_arrayref type confusion (CVE-2026-9334)
--------------------------------------------------------------------------------
ChangeLog:

* Thu May 28 2026 Paul Howarth - 4.41-1
- Update to 4.41
- Fix BOM-shift PV-corruption SIGABRT (CVE-2026-9516)
- Fix dupkeys_as_arrayref type confusion (CVE-2026-9334)
- Fix incr_parse single-quote string delimiter (GH#245)
- Fix a one-byte out-of-bounds heap read reachable via allow_barekey on
truncated input (GH#244)
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2484331 - CVE-2026-9334 perl-Cpanel-JSON-XS: perl-Cpanel-JSON-XS: Denial of Service via type confusion with duplicate JSON object keys [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2484331
[ 2 ] Bug #2484333 - CVE-2026-9516 perl-Cpanel-JSON-XS: Cpanel::JSON::XS: Denial of Service via UTF-8 BOM prefixed input [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2484333
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-0a82e80353' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new

[SECURITY] Fedora 44 Update: rubygem-yard-0.9.40-2.fc44

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-acefc1fe48
2026-06-05 04:25:00.359020+00:00
--------------------------------------------------------------------------------

Name : rubygem-yard
Product : Fedora 44
Version : 0.9.40
Release : 2.fc44
URL : http://yardoc.org
Summary : Documentation tool for consistent and usable documentation in Ruby
Description :
YARD is a documentation generation tool for the Ruby programming language.
It enables the user to generate consistent, usable documentation that can be
exported to a number of formats very easily, and also supports extending for
custom Ruby constructs such as custom class level definitions.

--------------------------------------------------------------------------------
Update Information:

Backport 0.9.41 / 0.9.44 fixes for possible path traversal issues
--------------------------------------------------------------------------------
ChangeLog:

* Thu May 28 2026 Mamoru TASAKA [mtasaka@fedoraproject.org] - 0.9.40-2
- Backport 0.9.41 / 0.9.44 fixes for possible path traversal issues
- https://github.com/lsegal/yard/security/advisories/GHSA-3jfp-46x4-xgfj
- https://github.com/lsegal/yard/security/advisories/GHSA-pxcc-8665-phx8
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-acefc1fe48' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new

[SECURITY] Fedora 44 Update: rust-sequoia-sq-1.3.1-12.fc44

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-5c5f4f40a4
2026-06-05 04:25:00.359000+00:00
--------------------------------------------------------------------------------

Name : rust-sequoia-sq
Product : Fedora 44
Version : 1.3.1
Release : 12.fc44
URL : https://crates.io/crates/sequoia-sq
Summary : Command-line frontends for Sequoia
Description :
Command-line frontends for Sequoia.

--------------------------------------------------------------------------------
Update Information:

Update the sequoia-wot crate to version 0.15.2.
Update the sequoia-keystore crate to version 0.7.3.
This includes a rebuild of all dependent applications to address three low-
severity security vulnerabilities in sequoia-wot:
https://gitlab.com/sequoia-pgp/sequoia-wot/-/commit/77605b2f
https://gitlab.com/sequoia-pgp/sequoia-wot/-/commit/81210321
https://gitlab.com/sequoia-pgp/sequoia-wot/-/commit/dd2ffb50
--------------------------------------------------------------------------------
ChangeLog:

* Wed May 27 2026 Fabio Valentini [decathorpe@gmail.com] - 1.3.1-12
- Bump sequoia-wot dependency from 0.14 to 0.15
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2356514 - Package NEWS
https://bugzilla.redhat.com/show_bug.cgi?id=2356514
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-5c5f4f40a4' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new

[SECURITY] Fedora 44 Update: rust-sequoia-wot-0.15.2-1.fc44

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-5c5f4f40a4
2026-06-05 04:25:00.359000+00:00
--------------------------------------------------------------------------------

Name : rust-sequoia-wot
Product : Fedora 44
Version : 0.15.2
Release : 1.fc44
URL : https://crates.io/crates/sequoia-wot
Summary : Implementation of OpenPGP's web of trust
Description :
An implementation of OpenPGP's web of trust.

--------------------------------------------------------------------------------
Update Information:

Update the sequoia-wot crate to version 0.15.2.
Update the sequoia-keystore crate to version 0.7.3.
This includes a rebuild of all dependent applications to address three low-
severity security vulnerabilities in sequoia-wot:
https://gitlab.com/sequoia-pgp/sequoia-wot/-/commit/77605b2f
https://gitlab.com/sequoia-pgp/sequoia-wot/-/commit/81210321
https://gitlab.com/sequoia-pgp/sequoia-wot/-/commit/dd2ffb50
--------------------------------------------------------------------------------
ChangeLog:

* Wed May 27 2026 Fabio Valentini [decathorpe@gmail.com] - 0.15.2-1
- Update to version 0.15.2; Fixes RHBZ#2382386
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2356514 - Package NEWS
https://bugzilla.redhat.com/show_bug.cgi?id=2356514
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-5c5f4f40a4' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new

[SECURITY] Fedora 44 Update: rust-sequoia-chameleon-gnupg-0.13.1-13.fc44

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-5c5f4f40a4
2026-06-05 04:25:00.359000+00:00
--------------------------------------------------------------------------------

Name : rust-sequoia-chameleon-gnupg
Product : Fedora 44
Version : 0.13.1
Release : 13.fc44
URL : https://crates.io/crates/sequoia-chameleon-gnupg
Summary : Sequoia's reimplementation of the GnuPG interface
Description :
Sequoia's reimplementation of the GnuPG interface.

--------------------------------------------------------------------------------
Update Information:

Update the sequoia-wot crate to version 0.15.2.
Update the sequoia-keystore crate to version 0.7.3.
This includes a rebuild of all dependent applications to address three low-
severity security vulnerabilities in sequoia-wot:
https://gitlab.com/sequoia-pgp/sequoia-wot/-/commit/77605b2f
https://gitlab.com/sequoia-pgp/sequoia-wot/-/commit/81210321
https://gitlab.com/sequoia-pgp/sequoia-wot/-/commit/dd2ffb50
--------------------------------------------------------------------------------
ChangeLog:

* Wed May 27 2026 Fabio Valentini [decathorpe@gmail.com] - 0.13.1-13
- Bump sequoia-wot dependency from 0.14 to 0.15
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2356514 - Package NEWS
https://bugzilla.redhat.com/show_bug.cgi?id=2356514
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-5c5f4f40a4' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new

[SECURITY] Fedora 44 Update: rust-sequoia-octopus-librnp-1.11.1-7.fc44

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-5c5f4f40a4
2026-06-05 04:25:00.359000+00:00
--------------------------------------------------------------------------------

Name : rust-sequoia-octopus-librnp
Product : Fedora 44
Version : 1.11.1
Release : 7.fc44
URL : https://crates.io/crates/sequoia-octopus-librnp
Summary : Reimplementation of RNP's interface using Sequoia for use with Thunderbird
Description :
Reimplementation of RNP's interface using Sequoia for use with
Thunderbird.

--------------------------------------------------------------------------------
Update Information:

Update the sequoia-wot crate to version 0.15.2.
Update the sequoia-keystore crate to version 0.7.3.
This includes a rebuild of all dependent applications to address three low-
severity security vulnerabilities in sequoia-wot:
https://gitlab.com/sequoia-pgp/sequoia-wot/-/commit/77605b2f
https://gitlab.com/sequoia-pgp/sequoia-wot/-/commit/81210321
https://gitlab.com/sequoia-pgp/sequoia-wot/-/commit/dd2ffb50
--------------------------------------------------------------------------------
ChangeLog:

* Wed May 27 2026 Fabio Valentini [decathorpe@gmail.com] - 1.11.1-7
- Bump sequoia-wot dependency from 0.14 to 0.15
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2356514 - Package NEWS
https://bugzilla.redhat.com/show_bug.cgi?id=2356514
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-5c5f4f40a4' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new

[SECURITY] Fedora 44 Update: rust-sequoia-sop-0.37.3-4.fc44

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-5c5f4f40a4
2026-06-05 04:25:00.359000+00:00
--------------------------------------------------------------------------------

Name : rust-sequoia-sop
Product : Fedora 44
Version : 0.37.3
Release : 4.fc44
URL : https://crates.io/crates/sequoia-sop
Summary : Implementation of the Stateless OpenPGP Interface using Sequoia
Description :
An implementation of the Stateless OpenPGP Interface using Sequoia.

--------------------------------------------------------------------------------
Update Information:

Update the sequoia-wot crate to version 0.15.2.
Update the sequoia-keystore crate to version 0.7.3.
This includes a rebuild of all dependent applications to address three low-
severity security vulnerabilities in sequoia-wot:
https://gitlab.com/sequoia-pgp/sequoia-wot/-/commit/77605b2f
https://gitlab.com/sequoia-pgp/sequoia-wot/-/commit/81210321
https://gitlab.com/sequoia-pgp/sequoia-wot/-/commit/dd2ffb50
--------------------------------------------------------------------------------
ChangeLog:

* Wed May 27 2026 Fabio Valentini [decathorpe@gmail.com] - 0.37.3-4
- Bump sequoia-wot dependency from 0.14 to 0.15
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2356514 - Package NEWS
https://bugzilla.redhat.com/show_bug.cgi?id=2356514
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-5c5f4f40a4' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new

[SECURITY] Fedora 44 Update: rust-sequoia-cert-store-0.7.3-1.fc44

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-5c5f4f40a4
2026-06-05 04:25:00.359000+00:00
--------------------------------------------------------------------------------

Name : rust-sequoia-cert-store
Product : Fedora 44
Version : 0.7.3
Release : 1.fc44
URL : https://crates.io/crates/sequoia-cert-store
Summary : Certificate database interface
Description :
A certificate database interface.

--------------------------------------------------------------------------------
Update Information:

Update the sequoia-wot crate to version 0.15.2.
Update the sequoia-keystore crate to version 0.7.3.
This includes a rebuild of all dependent applications to address three low-
severity security vulnerabilities in sequoia-wot:
https://gitlab.com/sequoia-pgp/sequoia-wot/-/commit/77605b2f
https://gitlab.com/sequoia-pgp/sequoia-wot/-/commit/81210321
https://gitlab.com/sequoia-pgp/sequoia-wot/-/commit/dd2ffb50
--------------------------------------------------------------------------------
ChangeLog:

* Wed May 27 2026 Fabio Valentini [decathorpe@gmail.com] - 0.7.3-1
- Update to version 0.7.3; Fixes RHBZ#2414562
* Tue Mar 31 2026 Fabio Valentini [decathorpe@gmail.com] - 0.7.2-1
- Update to version 0.7.2
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2356514 - Package NEWS
https://bugzilla.redhat.com/show_bug.cgi?id=2356514
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-5c5f4f40a4' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new

[SECURITY] Fedora 44 Update: perl-Dist-Build-0.028-1.fc44

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-dafdad8fd3
2026-06-05 04:25:00.358941+00:00
--------------------------------------------------------------------------------

Name : perl-Dist-Build
Product : Fedora 44
Version : 0.028
Release : 1.fc44
URL : https://metacpan.org/dist/Dist-Build
Summary : Modern module builder with author tools not included
Description :
Dist::Build is a Build.PL implementation. Unlike Module::Build::Tiny it is
extensible, unlike Module::Build it uses a build graph internally which
makes it easy to combine different customizations. It's typically extended
by adding a .pl script in planner/.

--------------------------------------------------------------------------------
Update Information:

Update to 0.031 #2477035 #2481131 fixes CVE-2026-8463
--------------------------------------------------------------------------------
ChangeLog:

* Sun Mar 22 2026 Charles R. Anderson [cra@alum.wpi.edu] 0.028-1
- Update to 0.028
- Update BR/Requires
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-dafdad8fd3' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new

[SECURITY] Fedora 44 Update: perl-Crypt-Argon2-0.031-1.fc44

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-dafdad8fd3
2026-06-05 04:25:00.358941+00:00
--------------------------------------------------------------------------------

Name : perl-Crypt-Argon2
Product : Fedora 44
Version : 0.031
Release : 1.fc44
URL : https://metacpan.org/release/Crypt-Argon2
Summary : Perl interface to the Argon2 key derivation functions
Description :
This module implements the Argon2 key derivation function, which is
suitable to convert any password into a cryptographic key. This is most
often used to for secure storage of passwords but can also be used to
derive a encryption key from a password. It offers variable time and memory
costs as well as output size.

--------------------------------------------------------------------------------
Update Information:

Update to 0.031 #2477035 #2481131 fixes CVE-2026-8463
--------------------------------------------------------------------------------
ChangeLog:

* Tue May 26 2026 Charles R. Anderson [cra@alum.wpi.edu] - 0.031-1
- Update to 0.031 #2477035 #2481131 fixes CVE-2026-8463
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-dafdad8fd3' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new

[SECURITY] Fedora 44 Update: perl-ExtUtils-Builder-Compiler-0.036-1.fc44

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-dafdad8fd3
2026-06-05 04:25:00.358941+00:00
--------------------------------------------------------------------------------

Name : perl-ExtUtils-Builder-Compiler
Product : Fedora 44
Version : 0.036
Release : 1.fc44
URL : https://metacpan.org/dist/ExtUtils-Builder-Compiler
Summary : Interface around different compilers
Description :
This is an interface wrapping around different compilers. It's usually not
used directly but by a portability layer like
ExtUtils::Builder::Autodetect::C.

--------------------------------------------------------------------------------
Update Information:

Update to 0.031 #2477035 #2481131 fixes CVE-2026-8463
--------------------------------------------------------------------------------
ChangeLog:

* Sun Mar 22 2026 Charles R. Anderson [cra@alum.wpi.edu] 0.036-1
- Update to 0.036
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-dafdad8fd3' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new

[SECURITY] Fedora 44 Update: perl-ExtUtils-Builder-0.020-1.fc44

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-dafdad8fd3
2026-06-05 04:25:00.358941+00:00
--------------------------------------------------------------------------------

Name : perl-ExtUtils-Builder
Product : Fedora 44
Version : 0.020
Release : 1.fc44
URL : https://metacpan.org/dist/ExtUtils-Builder
Summary : Abstract actions and plans for the ExtUtils-Builder framework
Description :
Writing extensions for various build tools can be a daunting
task. This module tries to abstract steps of build processes into
reusable building blocks for creating platform and build system
agnostic executable descriptions of work.

--------------------------------------------------------------------------------
Update Information:

Update to 0.031 #2477035 #2481131 fixes CVE-2026-8463
--------------------------------------------------------------------------------
ChangeLog:

* Sun Mar 22 2026 Charles R. Anderson [cra@alum.wpi.edu] 0.020-1
- Update to 0.020
- add scan-perl-buildrequires.sh which uses scan-perl-prereqs
from Perl::PrereqScanner
- Update BR
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-dafdad8fd3' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new

[SECURITY] Fedora 43 Update: transmission-4.1.2-1.fc43

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-893c99f61c
2026-06-05 04:07:33.980067+00:00
--------------------------------------------------------------------------------

Name : transmission
Product : Fedora 43
Version : 4.1.2
Release : 1.fc43
URL : http://www.transmissionbt.com
Summary : A lightweight GTK+ BitTorrent client
Description :
Transmission is a free, lightweight BitTorrent client. It features a
simple, intuitive interface on top on an efficient, cross-platform
back-end.

--------------------------------------------------------------------------------
Update Information:

4.1.2, fix for CVE-2026-38978
--------------------------------------------------------------------------------
ChangeLog:

* Wed Jun 3 2026 Gwyn Ciesla [gwync@protonmail.com] - 4.1.2-1
- 4.1.2
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2483871 - transmission-4.1.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2483871
[ 2 ] Bug #2484367 - CVE-2026-38978 transmission: Transmission: Clickjacking weakness in WebUI and RPC response paths [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2484367
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-893c99f61c' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new

[SECURITY] Fedora 43 Update: freeipa-4.13.1-7.fc43

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-fc81581a79
2026-06-05 04:07:33.980053+00:00
--------------------------------------------------------------------------------

Name : freeipa
Product : Fedora 43
Version : 4.13.1
Release : 7.fc43
URL : http://www.freeipa.org/
Summary : The Identity, Policy and Audit system
Description :
IPA is an integrated solution to provide centrally managed Identity (users,
hosts, services), Authentication (SSO, 2FA), and Authorization
(host access control, SELinux user roles, services). The solution provides
features for further integration with Linux based clients (SUDO, automount)
and integration with Active Directory based infrastructures (Trusts).

--------------------------------------------------------------------------------
Update Information:

Update to Samba 4.23.8 - Security fix for CVE-2026-4480, CVE-2026-2340,
CVE-2026-3012, CVE-2026-1933, CVE-2026-4408, and CVE-2026-3238
--------------------------------------------------------------------------------
ChangeLog:

* Fri May 29 2026 Alexander Bokovoy [abokovoy@redhat.com] - 4.13.1-7
- Rebuild against Samba 4.23.8
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2481447 - CVE-2026-4480 samba: Samba: Remote Code Execution in printing subsystem via unescaped job description [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2481447
[ 2 ] Bug #2481857 - CVE-2026-3012 samba: group policy certificate enrollment uses http:// without validation [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2481857
[ 3 ] Bug #2481875 - CVE-2026-2340 samba: vfs_worm does not block directory modification [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2481875
[ 4 ] Bug #2481876 - CVE-2026-1933 samba: Missing access check on reparse point operations [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2481876
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-fc81581a79' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new

[SECURITY] Fedora 43 Update: samba-4.23.8-1.fc43

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-fc81581a79
2026-06-05 04:07:33.980053+00:00
--------------------------------------------------------------------------------

Name : samba
Product : Fedora 43
Version : 4.23.8
Release : 1.fc43
URL : https://www.samba.org
Summary : Server and Client software to interoperate with Windows machines
Description :
Samba is the standard Windows interoperability suite of programs for Linux and
Unix.

--------------------------------------------------------------------------------
Update Information:

Update to Samba 4.23.8 - Security fix for CVE-2026-4480, CVE-2026-2340,
CVE-2026-3012, CVE-2026-1933, CVE-2026-4408, and CVE-2026-3238
--------------------------------------------------------------------------------
ChangeLog:

* Thu May 28 2026 G??nther Deschner [gd@samba.org] - 2:4.23.8-1
- Update to Samba 4.23.8
- resolves: rhbz#2481447 - Security fix for CVE-2026-4480
- resolves: rhbz#2481875 - Security fix for CVE-2026-2340
- resolves: rhbz#2481857 - Security fix for CVE-2026-3012
- resolves: rhbz#2481876 - Security fix for CVE-2026-1933
- Security fix for CVE-2026-4408
- Security fix for CVE-2026-3238
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2481447 - CVE-2026-4480 samba: Samba: Remote Code Execution in printing subsystem via unescaped job description [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2481447
[ 2 ] Bug #2481857 - CVE-2026-3012 samba: group policy certificate enrollment uses http:// without validation [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2481857
[ 3 ] Bug #2481875 - CVE-2026-2340 samba: vfs_worm does not block directory modification [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2481875
[ 4 ] Bug #2481876 - CVE-2026-1933 samba: Missing access check on reparse point operations [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2481876
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-fc81581a79' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

[SECURITY] Fedora 43 Update: libre-4.8.1-1.fc43

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-bfba5a213d
2026-06-05 04:07:33.980048+00:00
--------------------------------------------------------------------------------

Name : libre
Product : Fedora 43
Version : 4.8.1
Release : 1.fc43
URL : https://github.com/baresip/re
Summary : Generic library for real-time communications
Description :
Libre is a generic library for real-time communications with async I/O
support. Features are a SIP stack (RFC 3261), SDP, RTP and RTCP, SRTP and
SRTCP (Secure RTP), DNS client, STUN/TURN/ICE stack, BFCP, HTTP stack with
client/server, Websockets, Jitter buffer, async I/O (poll, epoll, select,
kqueue), UDP/TCP/TLS/DTLS transport, JSON parser and Real Time Messaging
Protocol (RTMP).

--------------------------------------------------------------------------------
Update Information:

libre v4.8.1 (2026-05-28)
fmt/pl: add pl_strip_html()
sys/fs: add getpwuid fallback for fs_gethome
tls: remove unused include rsa.h
ice: check source address of incoming application packets
websock: Fix integer overflow in websock_decode() masked frame check
https://github.com/baresip/re/security/advisories/GHSA-hvxv-v2gp-v93h
https://github.com/baresip/baresip/issues/3705
--------------------------------------------------------------------------------
ChangeLog:

* Thu May 28 2026 Robert Scheck [robert@fedoraproject.org] 4.8.1-1
- Upgrade to 4.8.1 (#2482756)
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2482756 - libre-4.8.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2482756
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-bfba5a213d' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new

[SECURITY] Fedora 43 Update: python-starlette-0.52.1-2.fc43

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-e0f378428e
2026-06-05 04:07:33.980046+00:00
--------------------------------------------------------------------------------

Name : python-starlette
Product : Fedora 43
Version : 0.52.1
Release : 2.fc43
URL : https://www.starlette.io/
Summary : The little ASGI library that shines
Description :
Starlette is a lightweight ASGI framework/toolkit, which is ideal for building
async web services in Python.

It is production-ready, and gives you the following:

??? A lightweight, low-complexity HTTP web framework.
??? WebSocket support.
??? In-process background tasks.
??? Startup and shutdown events.
??? Test client built on requests.
??? CORS, GZip, Static Files, Streaming responses.
??? Session and Cookie support.
??? 100% test coverage.
??? 100% type annotated codebase.
??? Few hard dependencies.
??? Compatible with asyncio and trio backends.
??? Great overall performance against independent benchmarks.

--------------------------------------------------------------------------------
Update Information:

Backport fix for CVE-2026-48710
--------------------------------------------------------------------------------
ChangeLog:

* Thu May 28 2026 Paul Wouters [paul.wouters@aiven.io] - 0.52.1-2
- Backport fix for CVE-2026-48710
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2481742 - CVE-2026-48710 starlette: Starlette: Security restriction bypass via malformed HTTP Host header
https://bugzilla.redhat.com/show_bug.cgi?id=2481742
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-e0f378428e' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

[SECURITY] Fedora 43 Update: nextcloud-33.0.4-1.fc43

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-e187104307
2026-06-05 04:07:33.980039+00:00
--------------------------------------------------------------------------------

Name : nextcloud
Product : Fedora 43
Version : 33.0.4
Release : 1.fc43
URL : http://nextcloud.com
Summary : Private file sync and share server
Description :
NextCloud gives you universal access to your files through a web interface or
WebDAV. It also provides a platform to easily view & sync your contacts,
calendars and bookmarks across all your devices and enables basic editing right
on the web. NextCloud is extendable via a simple but powerful API for
applications and plugins.

--------------------------------------------------------------------------------
Update Information:

33.0.4 Release
--------------------------------------------------------------------------------
ChangeLog:

* Thu May 28 2026 Andrew Bauer [zonexpertconsulting@outlook.com] - 33.0.4-1
- 33.0.4 Release RHBZ#2482794
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2467998 - CVE-2026-42044 nextcloud: Axios: Invisible JSON Response Tampering via Prototype Pollution Gadget [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2467998
[ 2 ] Bug #2468008 - CVE-2026-42044 nextcloud: Axios: Invisible JSON Response Tampering via Prototype Pollution Gadget [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2468008
[ 3 ] Bug #2476733 - CVE-2026-44167 nextcloud: phpseclib: Denial of Service via untrusted ASN.1 file loading [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2476733
[ 4 ] Bug #2476734 - CVE-2026-44167 nextcloud: phpseclib: Denial of Service via untrusted ASN.1 file loading [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2476734
[ 5 ] Bug #2482794 - nextcloud-33.0.4 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2482794
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-e187104307' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new

[SECURITY] Fedora 43 Update: perl-Cpanel-JSON-XS-4.41-1.fc43

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-d88c7fac8c
2026-06-05 04:07:33.980032+00:00
--------------------------------------------------------------------------------

Name : perl-Cpanel-JSON-XS
Product : Fedora 43
Version : 4.41
Release : 1.fc43
URL : https://metacpan.org/release/Cpanel-JSON-XS
Summary : JSON::XS for Cpanel, fast and correct serializing
Description :
This module converts Perl data structures to JSON and vice versa. Its
primary goal is to be correct and its secondary goal is to be fast. To
reach the latter goal it was written in C.

--------------------------------------------------------------------------------
Update Information:

This update addresses a number of bugs including these security issues:
Fix BOM-shift PV-corruption SIGABRT (CVE-2026-9516)
Fix dupkeys_as_arrayref type confusion (CVE-2026-9334)
--------------------------------------------------------------------------------
ChangeLog:

* Thu May 28 2026 Paul Howarth - 4.41-1
- Update to 4.41
- Fix BOM-shift PV-corruption SIGABRT (CVE-2026-9516)
- Fix dupkeys_as_arrayref type confusion (CVE-2026-9334)
- Fix incr_parse single-quote string delimiter (GH#245)
- Fix a one-byte out-of-bounds heap read reachable via allow_barekey on
truncated input (GH#244)
* Sat Jan 17 2026 Fedora Release Engineering [releng@fedoraproject.org] - 4.40-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2484331 - CVE-2026-9334 perl-Cpanel-JSON-XS: perl-Cpanel-JSON-XS: Denial of Service via type confusion with duplicate JSON object keys [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2484331
[ 2 ] Bug #2484333 - CVE-2026-9516 perl-Cpanel-JSON-XS: Cpanel::JSON::XS: Denial of Service via UTF-8 BOM prefixed input [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2484333
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-d88c7fac8c' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new

[SECURITY] Fedora 43 Update: rubygem-yard-0.9.37-5.fc43

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-2d0a32ddc0
2026-06-05 04:07:33.980021+00:00
--------------------------------------------------------------------------------

Name : rubygem-yard
Product : Fedora 43
Version : 0.9.37
Release : 5.fc43
URL : http://yardoc.org
Summary : Documentation tool for consistent and usable documentation in Ruby
Description :
YARD is a documentation generation tool for the Ruby programming language.
It enables the user to generate consistent, usable documentation that can be
exported to a number of formats very easily, and also supports extending for
custom Ruby constructs such as custom class level definitions.

--------------------------------------------------------------------------------
Update Information:

Backport 0.9.41 / 0.9.44 fixes for possible path traversal issues
--------------------------------------------------------------------------------
ChangeLog:

* Thu May 28 2026 Mamoru TASAKA [mtasaka@fedoraproject.org] - 0.9.37-5
- Backport 0.9.41 / 0.9.44 fixes for possible path traversal issues
- https://github.com/lsegal/yard/security/advisories/GHSA-3jfp-46x4-xgfj
- https://github.com/lsegal/yard/security/advisories/GHSA-pxcc-8665-phx8
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-2d0a32ddc0' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new

[SECURITY] Fedora 43 Update: rust-sequoia-wot-0.15.2-1.fc43

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-ecfadb29a1
2026-06-05 04:07:33.980011+00:00
--------------------------------------------------------------------------------

Name : rust-sequoia-wot
Product : Fedora 43
Version : 0.15.2
Release : 1.fc43
URL : https://crates.io/crates/sequoia-wot
Summary : Implementation of OpenPGP's web of trust
Description :
An implementation of OpenPGP's web of trust.

--------------------------------------------------------------------------------
Update Information:

Update the sequoia-wot crate to version 0.15.2.
Update the sequoia-keystore crate to version 0.7.3.
This includes a rebuild of all dependent applications to address three low-
severity security vulnerabilities in sequoia-wot:
https://gitlab.com/sequoia-pgp/sequoia-wot/-/commit/77605b2f
https://gitlab.com/sequoia-pgp/sequoia-wot/-/commit/81210321
https://gitlab.com/sequoia-pgp/sequoia-wot/-/commit/dd2ffb50
--------------------------------------------------------------------------------
ChangeLog:

* Wed May 27 2026 Fabio Valentini [decathorpe@gmail.com] - 0.15.2-1
- Update to version 0.15.2; Fixes RHBZ#2382386
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2356514 - Package NEWS
https://bugzilla.redhat.com/show_bug.cgi?id=2356514
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-ecfadb29a1' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new

[SECURITY] Fedora 43 Update: rust-sequoia-sq-1.3.1-12.fc43

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-ecfadb29a1
2026-06-05 04:07:33.980011+00:00
--------------------------------------------------------------------------------

Name : rust-sequoia-sq
Product : Fedora 43
Version : 1.3.1
Release : 12.fc43
URL : https://crates.io/crates/sequoia-sq
Summary : Command-line frontends for Sequoia
Description :
Command-line frontends for Sequoia.

--------------------------------------------------------------------------------
Update Information:

Update the sequoia-wot crate to version 0.15.2.
Update the sequoia-keystore crate to version 0.7.3.
This includes a rebuild of all dependent applications to address three low-
severity security vulnerabilities in sequoia-wot:
https://gitlab.com/sequoia-pgp/sequoia-wot/-/commit/77605b2f
https://gitlab.com/sequoia-pgp/sequoia-wot/-/commit/81210321
https://gitlab.com/sequoia-pgp/sequoia-wot/-/commit/dd2ffb50
--------------------------------------------------------------------------------
ChangeLog:

* Wed May 27 2026 Fabio Valentini [decathorpe@gmail.com] - 1.3.1-12
- Bump sequoia-wot dependency from 0.14 to 0.15
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2356514 - Package NEWS
https://bugzilla.redhat.com/show_bug.cgi?id=2356514
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-ecfadb29a1' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new

[SECURITY] Fedora 43 Update: rust-sequoia-chameleon-gnupg-0.13.1-13.fc43

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-ecfadb29a1
2026-06-05 04:07:33.980011+00:00
--------------------------------------------------------------------------------

Name : rust-sequoia-chameleon-gnupg
Product : Fedora 43
Version : 0.13.1
Release : 13.fc43
URL : https://crates.io/crates/sequoia-chameleon-gnupg
Summary : Sequoia's reimplementation of the GnuPG interface
Description :
Sequoia's reimplementation of the GnuPG interface.

--------------------------------------------------------------------------------
Update Information:

Update the sequoia-wot crate to version 0.15.2.
Update the sequoia-keystore crate to version 0.7.3.
This includes a rebuild of all dependent applications to address three low-
severity security vulnerabilities in sequoia-wot:
https://gitlab.com/sequoia-pgp/sequoia-wot/-/commit/77605b2f
https://gitlab.com/sequoia-pgp/sequoia-wot/-/commit/81210321
https://gitlab.com/sequoia-pgp/sequoia-wot/-/commit/dd2ffb50
--------------------------------------------------------------------------------
ChangeLog:

* Wed May 27 2026 Fabio Valentini [decathorpe@gmail.com] - 0.13.1-13
- Bump sequoia-wot dependency from 0.14 to 0.15
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2356514 - Package NEWS
https://bugzilla.redhat.com/show_bug.cgi?id=2356514
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-ecfadb29a1' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new

[SECURITY] Fedora 43 Update: rust-sequoia-sop-0.37.3-4.fc43

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-ecfadb29a1
2026-06-05 04:07:33.980011+00:00
--------------------------------------------------------------------------------

Name : rust-sequoia-sop
Product : Fedora 43
Version : 0.37.3
Release : 4.fc43
URL : https://crates.io/crates/sequoia-sop
Summary : Implementation of the Stateless OpenPGP Interface using Sequoia
Description :
An implementation of the Stateless OpenPGP Interface using Sequoia.

--------------------------------------------------------------------------------
Update Information:

Update the sequoia-wot crate to version 0.15.2.
Update the sequoia-keystore crate to version 0.7.3.
This includes a rebuild of all dependent applications to address three low-
severity security vulnerabilities in sequoia-wot:
https://gitlab.com/sequoia-pgp/sequoia-wot/-/commit/77605b2f
https://gitlab.com/sequoia-pgp/sequoia-wot/-/commit/81210321
https://gitlab.com/sequoia-pgp/sequoia-wot/-/commit/dd2ffb50
--------------------------------------------------------------------------------
ChangeLog:

* Wed May 27 2026 Fabio Valentini [decathorpe@gmail.com] - 0.37.3-4
- Bump sequoia-wot dependency from 0.14 to 0.15
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2356514 - Package NEWS
https://bugzilla.redhat.com/show_bug.cgi?id=2356514
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-ecfadb29a1' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new

[SECURITY] Fedora 43 Update: rust-sequoia-octopus-librnp-1.11.1-7.fc43

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-ecfadb29a1
2026-06-05 04:07:33.980011+00:00
--------------------------------------------------------------------------------

Name : rust-sequoia-octopus-librnp
Product : Fedora 43
Version : 1.11.1
Release : 7.fc43
URL : https://crates.io/crates/sequoia-octopus-librnp
Summary : Reimplementation of RNP's interface using Sequoia for use with Thunderbird
Description :
Reimplementation of RNP's interface using Sequoia for use with
Thunderbird.

--------------------------------------------------------------------------------
Update Information:

Update the sequoia-wot crate to version 0.15.2.
Update the sequoia-keystore crate to version 0.7.3.
This includes a rebuild of all dependent applications to address three low-
severity security vulnerabilities in sequoia-wot:
https://gitlab.com/sequoia-pgp/sequoia-wot/-/commit/77605b2f
https://gitlab.com/sequoia-pgp/sequoia-wot/-/commit/81210321
https://gitlab.com/sequoia-pgp/sequoia-wot/-/commit/dd2ffb50
--------------------------------------------------------------------------------
ChangeLog:

* Wed May 27 2026 Fabio Valentini [decathorpe@gmail.com] - 1.11.1-7
- Bump sequoia-wot dependency from 0.14 to 0.15
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2356514 - Package NEWS
https://bugzilla.redhat.com/show_bug.cgi?id=2356514
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-ecfadb29a1' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new

[SECURITY] Fedora 43 Update: rust-sequoia-cert-store-0.7.3-1.fc43

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-ecfadb29a1
2026-06-05 04:07:33.980011+00:00
--------------------------------------------------------------------------------

Name : rust-sequoia-cert-store
Product : Fedora 43
Version : 0.7.3
Release : 1.fc43
URL : https://crates.io/crates/sequoia-cert-store
Summary : Certificate database interface
Description :
A certificate database interface.

--------------------------------------------------------------------------------
Update Information:

Update the sequoia-wot crate to version 0.15.2.
Update the sequoia-keystore crate to version 0.7.3.
This includes a rebuild of all dependent applications to address three low-
severity security vulnerabilities in sequoia-wot:
https://gitlab.com/sequoia-pgp/sequoia-wot/-/commit/77605b2f
https://gitlab.com/sequoia-pgp/sequoia-wot/-/commit/81210321
https://gitlab.com/sequoia-pgp/sequoia-wot/-/commit/dd2ffb50
--------------------------------------------------------------------------------
ChangeLog:

* Wed May 27 2026 Fabio Valentini [decathorpe@gmail.com] - 0.7.3-1
- Update to version 0.7.3; Fixes RHBZ#2414562
* Tue Mar 31 2026 Fabio Valentini [decathorpe@gmail.com] - 0.7.2-1
- Update to version 0.7.2
* Sat Jan 17 2026 Fedora Release Engineering [releng@fedoraproject.org] - 0.7.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
* Thu Dec 11 2025 Fabio Valentini [decathorpe@gmail.com] - 0.7.1-1
- Update to version 0.7.1
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2356514 - Package NEWS
https://bugzilla.redhat.com/show_bug.cgi?id=2356514
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-ecfadb29a1' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new

[SECURITY] Fedora 43 Update: perl-ExtUtils-Builder-Compiler-0.036-1.fc43

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-f2c746ff8e
2026-06-05 04:07:33.979975+00:00
--------------------------------------------------------------------------------

Name : perl-ExtUtils-Builder-Compiler
Product : Fedora 43
Version : 0.036
Release : 1.fc43
URL : https://metacpan.org/dist/ExtUtils-Builder-Compiler
Summary : Interface around different compilers
Description :
This is an interface wrapping around different compilers. It's usually not
used directly but by a portability layer like
ExtUtils::Builder::Autodetect::C.

--------------------------------------------------------------------------------
Update Information:

Update to 0.031 #2477035 #2481131 fixes CVE-2026-8463
--------------------------------------------------------------------------------
ChangeLog:

* Sun Mar 22 2026 Charles R. Anderson [cra@alum.wpi.edu] 0.036-1
- Update to 0.036
* Mon Jan 19 2026 Charles R. Anderson [cra@alum.wpi.edu] 0.035-1
- Update to 0.035
* Mon Jan 19 2026 Charles R. Anderson [cra@alum.wpi.edu] 0.034-1
- Update to 0.034
* Sat Jan 17 2026 Fedora Release Engineering [releng@fedoraproject.org] - 0.031-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-f2c746ff8e' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new

[SECURITY] Fedora 43 Update: perl-Dist-Build-0.028-1.fc43

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-f2c746ff8e
2026-06-05 04:07:33.979975+00:00
--------------------------------------------------------------------------------

Name : perl-Dist-Build
Product : Fedora 43
Version : 0.028
Release : 1.fc43
URL : https://metacpan.org/dist/Dist-Build
Summary : Modern module builder with author tools not included
Description :
Dist::Build is a Build.PL implementation. Unlike Module::Build::Tiny it is
extensible, unlike Module::Build it uses a build graph internally which
makes it easy to combine different customizations. It's typically extended
by adding a .pl script in planner/.

--------------------------------------------------------------------------------
Update Information:

Update to 0.031 #2477035 #2481131 fixes CVE-2026-8463
--------------------------------------------------------------------------------
ChangeLog:

* Sun Mar 22 2026 Charles R. Anderson [cra@alum.wpi.edu] 0.028-1
- Update to 0.028
- Update BR/Requires
* Mon Jan 19 2026 Charles R. Anderson [cra@alum.wpi.edu] 0.025-1
- Update to 0.025
* Sat Jan 17 2026 Fedora Release Engineering [releng@fedoraproject.org] - 0.021-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
* Fri Dec 5 2025 Charles R. Anderson [cra@alum.wpi.edu] 0.022-1
- Update to 0.022
* Sat Nov 15 2025 Charles R. Anderson [cra@alum.wpi.edu] 0.021-1
- Update to 0.021
- Use https for Source0
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-f2c746ff8e' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new

[SECURITY] Fedora 43 Update: perl-ExtUtils-Builder-0.020-1.fc43

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-f2c746ff8e
2026-06-05 04:07:33.979975+00:00
--------------------------------------------------------------------------------

Name : perl-ExtUtils-Builder
Product : Fedora 43
Version : 0.020
Release : 1.fc43
URL : https://metacpan.org/dist/ExtUtils-Builder
Summary : Abstract actions and plans for the ExtUtils-Builder framework
Description :
Writing extensions for various build tools can be a daunting
task. This module tries to abstract steps of build processes into
reusable building blocks for creating platform and build system
agnostic executable descriptions of work.

--------------------------------------------------------------------------------
Update Information:

Update to 0.031 #2477035 #2481131 fixes CVE-2026-8463
--------------------------------------------------------------------------------
ChangeLog:

* Sun Mar 22 2026 Charles R. Anderson [cra@alum.wpi.edu] 0.020-1
- Update to 0.020
- add scan-perl-buildrequires.sh which uses scan-perl-prereqs
from Perl::PrereqScanner
- Update BR
* Mon Jan 19 2026 Charles R. Anderson [cra@alum.wpi.edu] 0.019-1
- Update to 0.019
* Sat Jan 17 2026 Fedora Release Engineering [releng@fedoraproject.org] - 0.017-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
* Fri Dec 5 2025 Charles R. Anderson [cra@alum.wpi.edu] 0.018-1
- Update to 0.018
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-f2c746ff8e' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new

[SECURITY] Fedora 43 Update: perl-Crypt-Argon2-0.031-1.fc43

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-f2c746ff8e
2026-06-05 04:07:33.979975+00:00
--------------------------------------------------------------------------------

Name : perl-Crypt-Argon2
Product : Fedora 43
Version : 0.031
Release : 1.fc43
URL : https://metacpan.org/release/Crypt-Argon2
Summary : Perl interface to the Argon2 key derivation functions
Description :
This module implements the Argon2 key derivation function, which is
suitable to convert any password into a cryptographic key. This is most
often used to for secure storage of passwords but can also be used to
derive a encryption key from a password. It offers variable time and memory
costs as well as output size.

--------------------------------------------------------------------------------
Update Information:

Update to 0.031 #2477035 #2481131 fixes CVE-2026-8463
--------------------------------------------------------------------------------
ChangeLog:

* Tue May 26 2026 Charles R. Anderson [cra@alum.wpi.edu] - 0.031-1
- Update to 0.031 #2477035 #2481131 fixes CVE-2026-8463
* Sat Jan 17 2026 Fedora Release Engineering [releng@fedoraproject.org] - 0.030-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
* Tue Aug 26 2025 Charles R. Anderson [cra@alum.wpi.edu] - 0.030-1
- Update to 0.030
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-f2c746ff8e' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new

[SECURITY] Fedora 43 Update: jpegxl-0.11.2-1.fc43

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-3e75b379d4
2026-06-05 04:07:33.979932+00:00
--------------------------------------------------------------------------------

Name : jpegxl
Product : Fedora 43
Version : 0.11.2
Release : 1.fc43
URL : https://jpeg.org/jpegxl/
Summary : JPEG XL image format reference implementation
Description :

This package contains a reference implementation of JPEG XL (encoder and
decoder).

--------------------------------------------------------------------------------
Update Information:

Update to version 0.11.2. Resolves CVE-2025-12474 and CVE-2026-1837.
Release notes: https://github.com/libjxl/libjxl/releases/tag/v0.11.2
--------------------------------------------------------------------------------
ChangeLog:

* Tue May 26 2026 Fabio Valentini [decathorpe@gmail.com] - 1:0.11.2-1
- Update to version 0.11.2; Fixes RHBZ#2438459
* Tue May 26 2026 Richard Shaw [hobbes1069@gmail.com] - 1:0.11.1-11
- Rebuild for OpenEXR 3.4.12.
* Mon May 25 2026 Fabio Valentini [decathorpe@gmail.com] - 1:0.11.1-10
- Skip tests on s390x entirely due to cmake / gtest regressions
* Mon May 25 2026 Richard Shaw [hobbes1069@gmail.com] - 1:0.11.1-9
- Rebuild for OpenEXR 3.4.12.
* Fri Jan 16 2026 Fedora Release Engineering [releng@fedoraproject.org] - 1:0.11.1-8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2438459 - jpegxl-0.11.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2438459
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-3e75b379d4' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new

[SECURITY] Fedora 43 Update: perl-libwww-perl-6.83-1.fc43

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-3b48ba7dc7
2026-06-05 04:07:33.979902+00:00
--------------------------------------------------------------------------------

Name : perl-libwww-perl
Product : Fedora 43
Version : 6.83
Release : 1.fc43
URL : https://metacpan.org/release/libwww-perl
Summary : A Perl interface to the World-Wide Web
Description :
The libwww-perl collection is a set of Perl modules which provides a simple and
consistent application programming interface to the World-Wide Web. The main
focus of the library is to provide classes and functions that allow you to
write WWW clients. The library also contain modules that are of more general
use and even classes that help you implement simple HTTP servers.

--------------------------------------------------------------------------------
Update Information:

Changes:
6.83 2026-05-12 11:41:48Z
- LWP::UserAgent now strips Authorization and Proxy-Authorization headers
on cross-origin redirects (a different scheme, host, or port) to prevent
credential leakage to the redirect target. Same-origin redirects retain
credentials. Opt out with allow_credentialed_redirects => 1.
CVE-2026-8368 reported by Kai Zen; PoC and initial patch by Stig
Palmquist.
- LWP::UserAgent now refuses https to http redirects by default to prevent
leaking remaining request headers and bodies over plaintext. Opt in with
allow_downgrade => 1. Related hardening alongside CVE-2026-8368; PoC by
Stig Palmquist.
--------------------------------------------------------------------------------
ChangeLog:

* Tue May 19 2026 Michal Josef ??pa??ek [mspacek@redhat.com] - 6.83-1
- 6.83 bump
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-3b48ba7dc7' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

[SECURITY] Fedora 43 Update: perl-HTTP-Tiny-0.094-1.fc43

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-3bfb774625
2026-06-05 04:07:33.979891+00:00
--------------------------------------------------------------------------------

Name : perl-HTTP-Tiny
Product : Fedora 43
Version : 0.094
Release : 1.fc43
URL : https://metacpan.org/release/HTTP-Tiny
Summary : Small, simple, correct HTTP/1.1 client
Description :
This is a very simple HTTP/1.1 client, designed for doing simple GET requests
without the overhead of a large framework like LWP::UserAgent.

It is more correct and more complete than HTTP::Lite. It supports proxies
(currently only non-authenticating ones) and redirection. It also correctly
resumes after EINTR.

--------------------------------------------------------------------------------
Update Information:

0.094 - fix to prevent invalid characters in all headers, and prevent header
smuggling (CVE-2026-7010)
--------------------------------------------------------------------------------
ChangeLog:

* Wed May 20 2026 Jitka Plesnikova [jplesnik@redhat.com] - 0.094-1
- 0.094 bump (rhbz#2478249)
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2478249 - perl-HTTP-Tiny-0.094 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2478249
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-3bfb774625' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new

[SECURITY] Fedora 43 Update: cockpit-362-1.fc43

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-58cee40a55
2026-06-05 04:07:33.979887+00:00
--------------------------------------------------------------------------------

Name : cockpit
Product : Fedora 43
Version : 362
Release : 1.fc43
URL : https://cockpit-project.org/
Summary : Web Console for Linux servers
Description :
The Cockpit Web Console enables users to administer GNU/Linux servers using a
web browser.

It offers network configuration, log inspection, diagnostic reports, SELinux
troubleshooting, interactive command-line sessions, and more.

--------------------------------------------------------------------------------
Update Information:

Automatic update for cockpit-362-1.fc43.
Changelog for cockpit
* Wed May 20 2026 Packit [hello@packit.dev] - 362-1
- Bug fixes and translation updates
- Fix arbitrary code execution via specially crafted logs page link
(CVE-2026-4802)
--------------------------------------------------------------------------------
ChangeLog:

* Wed May 20 2026 Packit [hello@packit.dev] - 362-1
- Bug fixes and translation updates
- Fix arbitrary code execution via specially crafted logs page link (CVE-2026-4802)
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2480095 - [Exploits (KEV)] CVE-2026-4802 cockpit: Cockpit: Arbitrary command execution via crafted links in system logs UI [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2480095
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-58cee40a55' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new

Apache HTTP Server, Nano Editor and Linux Kernel updates for Ubuntu

Windows Package Manager 1.29.250 Release Candidate Adds Source Priority and Preserves Installer Arguments

[SECURITY] Fedora 44 Update: transmission-4.1.2-1.fc44

[SECURITY] Fedora 44 Update: libre-4.8.1-1.fc44

[SECURITY] Fedora 44 Update: python-starlette-0.52.1-2.fc44

[SECURITY] Fedora 44 Update: nextcloud-33.0.4-1.fc44

[SECURITY] Fedora 44 Update: perl-Cpanel-JSON-XS-4.41-1.fc44

[SECURITY] Fedora 44 Update: rubygem-yard-0.9.40-2.fc44

[SECURITY] Fedora 44 Update: rust-sequoia-sq-1.3.1-12.fc44

[SECURITY] Fedora 44 Update: rust-sequoia-wot-0.15.2-1.fc44

[SECURITY] Fedora 44 Update: rust-sequoia-chameleon-gnupg-0.13.1-13.fc44

[SECURITY] Fedora 44 Update: rust-sequoia-octopus-librnp-1.11.1-7.fc44

[SECURITY] Fedora 44 Update: rust-sequoia-sop-0.37.3-4.fc44

[SECURITY] Fedora 44 Update: rust-sequoia-cert-store-0.7.3-1.fc44

[SECURITY] Fedora 44 Update: perl-Dist-Build-0.028-1.fc44

[SECURITY] Fedora 44 Update: perl-Crypt-Argon2-0.031-1.fc44

[SECURITY] Fedora 44 Update: perl-ExtUtils-Builder-Compiler-0.036-1.fc44

[SECURITY] Fedora 44 Update: perl-ExtUtils-Builder-0.020-1.fc44

[SECURITY] Fedora 43 Update: transmission-4.1.2-1.fc43

[SECURITY] Fedora 43 Update: freeipa-4.13.1-7.fc43

[SECURITY] Fedora 43 Update: samba-4.23.8-1.fc43

[SECURITY] Fedora 43 Update: libre-4.8.1-1.fc43

[SECURITY] Fedora 43 Update: python-starlette-0.52.1-2.fc43

[SECURITY] Fedora 43 Update: nextcloud-33.0.4-1.fc43

[SECURITY] Fedora 43 Update: perl-Cpanel-JSON-XS-4.41-1.fc43

[SECURITY] Fedora 43 Update: rubygem-yard-0.9.37-5.fc43

[SECURITY] Fedora 43 Update: rust-sequoia-wot-0.15.2-1.fc43

[SECURITY] Fedora 43 Update: rust-sequoia-sq-1.3.1-12.fc43

[SECURITY] Fedora 43 Update: rust-sequoia-chameleon-gnupg-0.13.1-13.fc43

[SECURITY] Fedora 43 Update: rust-sequoia-sop-0.37.3-4.fc43

[SECURITY] Fedora 43 Update: rust-sequoia-octopus-librnp-1.11.1-7.fc43

[SECURITY] Fedora 43 Update: rust-sequoia-cert-store-0.7.3-1.fc43

[SECURITY] Fedora 43 Update: perl-ExtUtils-Builder-Compiler-0.036-1.fc43

[SECURITY] Fedora 43 Update: perl-Dist-Build-0.028-1.fc43

[SECURITY] Fedora 43 Update: perl-ExtUtils-Builder-0.020-1.fc43

[SECURITY] Fedora 43 Update: perl-Crypt-Argon2-0.031-1.fc43

[SECURITY] Fedora 43 Update: jpegxl-0.11.2-1.fc43

[SECURITY] Fedora 43 Update: perl-libwww-perl-6.83-1.fc43

[SECURITY] Fedora 43 Update: perl-HTTP-Tiny-0.094-1.fc43

[SECURITY] Fedora 43 Update: cockpit-362-1.fc43

Windows

Linux

macOS

Community