The following Fedora EPEL 10.1 Security updates need testing:
Age URL
6 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-e6de0f54eb
mbedtls-3.6.5-1.el10_1
6 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-72c6be2069
python-aiohttp-3.11.18-4.el10_1
5 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-2a63b8835b
webkitgtk-2.50.1-2.el10_1
1 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-5aefff4853
fluidsynth-2.4.8-2.el10_1
The following builds have been pushed to Fedora EPEL 10.1 updates-testing
php-nikic-php-parser5-5.6.2-1.el10_1
rust-astral-tokio-tar-0.5.6-1.el10_1
rust-backon-1.5.2-2.el10_1
rust-dlv-list-0.5.2-2.el10_1
rust-dotenv-0.15.0-16.el10_1
rust-macro_rules_attribute-0.2.2-2.el10_1
rust-macro_rules_attribute-proc_macro-0.2.2-2.el10_1
rust-newtype-uuid-1.3.1-1.el10_1
rust-normpath-1.5.0-1.el10_1
rust-ordered-float-5.1.0-1.el10_1
rust-ordered-multimap-0.7.3-2.el10_1
rust-os_pipe-1.2.3-1.el10_1
rust-owo-colors-4.2.3-1.el10_1
rust-pem-3.0.6-1.el10_1
rust-pyproject-toml-0.13.7-1.el10_1
rust-regex-lite-0.1.8-1.el10_1
rust-regex-syntax-0.8.8-1.el10_1
rust-reqsign-0.17.0-1.el10_1
rust-reqsign-aws-v4-1.0.0-1.el10_1
rust-reqsign-command-execute-tokio-1.0.0-1.el10_1
rust-reqsign-core-1.0.0-1.el10_1
rust-reqsign-file-read-tokio-1.0.0-1.el10_1
rust-reqsign-http-send-reqwest-1.0.0-1.el10_1
rust-rust-ini-0.21.3-1.el10_1
rust-rustls-native-certs-0.8.2-1.el10_1
rust-rusty-fork-0.3.1-1.el10_1
rust-scc-2.4.0-1.el10_1
rust-socket2-0.6.1-1.el10_1
rust-stable_deref_trait-1.2.1-1.el10_1
rust-syn-2.0.107-1.el10_1
rust-system-deps-7.0.6-1.el10_1
rust-tikv-jemalloc-sys-0.6.1-1.el10_1
rust-tikv-jemallocator-0.6.1-1.el10_1
rust-unicode-width-0.2.2-1.el10_1
rust-webpki-roots-1.0.3-1.el10_1
rust-xattr-1.6.1-1.el10_1
Details about builds:
================================================================================
php-nikic-php-parser5-5.6.2-1.el10_1 (FEDORA-EPEL-2025-38df238ccb)
A PHP parser written in PHP - version 5
--------------------------------------------------------------------------------
Update Information:
Version 5.6.2 (2025-10-21)
Fixed
Fixed formatting-preserving pretty-printing when changing the visibility
modifier on a node that
has attributes.
Fixed chr() deprecation warning on PHP 8.4
Added
Added Param::isFinal() method.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Oct 22 2025 Remi Collet <[email protected]> - 5.6.2-1
- update to 5.6.2
--------------------------------------------------------------------------------
================================================================================
rust-astral-tokio-tar-0.5.6-1.el10_1 (FEDORA-EPEL-2025-e6cbc78be8)
Rust implementation of an async TAR file reader and writer
--------------------------------------------------------------------------------
Update Information:
Initial packages for a number of new dependencies for uv, and initial EPEL10
packages for a few of their dependencies.
rust-astral-tokio-tar 0.5.6
Fixed a parser desynchronization vulnerability when reading tar archives that
contain mismatched size information in PAX/ustar headers.
This vulnerability is being tracked as GHSA-j5gw-2vrg-8fgx
and CVE-2025-62518.
Update rust-tikv-jemallocator and rust-tikv-jemalloc-sys to 0.6.1.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Oct 21 2025 Benjamin A. Beasley <[email protected]> - 0.5.6-1
- Update to version 0.5.6; Fixes RHBZ#2405351
- Security fix for CVE-2025-62518
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2405468 - CVE-2025-62518 rust-astral-tokio-tar: astral-tokio-tar
Vulnerable to PAX Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405468
--------------------------------------------------------------------------------
================================================================================
rust-backon-1.5.2-2.el10_1 (FEDORA-EPEL-2025-e6cbc78be8)
Make retry like a built-in feature provided by Rust
--------------------------------------------------------------------------------
Update Information:
Initial packages for a number of new dependencies for uv, and initial EPEL10
packages for a few of their dependencies.
rust-astral-tokio-tar 0.5.6
Fixed a parser desynchronization vulnerability when reading tar archives that
contain mismatched size information in PAX/ustar headers.
This vulnerability is being tracked as GHSA-j5gw-2vrg-8fgx
and CVE-2025-62518.
Update rust-tikv-jemallocator and rust-tikv-jemalloc-sys to 0.6.1.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Aug 21 2025 Benjamin A. Beasley <[email protected]> - 1.5.2-2
- Drop unnecessary sqlx dev-dependency
* Wed Jul 30 2025 Fabio Valentini <[email protected]> - 1.5.2-1
- Update to version 1.5.2; Fixes RHBZ#2384769
* Fri Jul 25 2025 Fedora Release Engineering <[email protected]> -
1.5.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
* Thu Jun 19 2025 Fabio Valentini <[email protected]> - 1.5.1-1
- Update to version 1.5.1
* Wed Apr 23 2025 Fabio Valentini <[email protected]> - 1.5.0-3
- Drop WASM-specific features
* Tue Apr 22 2025 Fabio Valentini <[email protected]> - 1.5.0-2
- Fix invalid rust2rpm.toml, regenerate spec, relax spin dependency
* Sun Apr 20 2025 Andreas Schneider <[email protected]> - 1.5.0-1
- New package version 1.5.0
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2405468 - CVE-2025-62518 rust-astral-tokio-tar: astral-tokio-tar
Vulnerable to PAX Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405468
--------------------------------------------------------------------------------
================================================================================
rust-dlv-list-0.5.2-2.el10_1 (FEDORA-EPEL-2025-e6cbc78be8)
Semi-doubly linked list implemented using a vector
--------------------------------------------------------------------------------
Update Information:
Initial packages for a number of new dependencies for uv, and initial EPEL10
packages for a few of their dependencies.
rust-astral-tokio-tar 0.5.6
Fixed a parser desynchronization vulnerability when reading tar archives that
contain mismatched size information in PAX/ustar headers.
This vulnerability is being tracked as GHSA-j5gw-2vrg-8fgx
and CVE-2025-62518.
Update rust-tikv-jemallocator and rust-tikv-jemalloc-sys to 0.6.1.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jul 25 2025 Fedora Release Engineering <[email protected]> -
0.5.2-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
* Fri May 2 2025 Cristian Le <[email protected]> - 0.5.2-1
- Update to version 0.5.2; Fixes RHBZ#1989392
* Sun Jan 19 2025 Fedora Release Engineering <[email protected]> -
0.3.0-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
* Fri Jul 19 2024 Fedora Release Engineering <[email protected]> -
0.3.0-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
* Fri Jan 26 2024 Fedora Release Engineering <[email protected]> -
0.3.0-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2405468 - CVE-2025-62518 rust-astral-tokio-tar: astral-tokio-tar
Vulnerable to PAX Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405468
--------------------------------------------------------------------------------
================================================================================
rust-dotenv-0.15.0-16.el10_1 (FEDORA-EPEL-2025-e6cbc78be8)
Dotenv implementation for Rust
--------------------------------------------------------------------------------
Update Information:
Initial packages for a number of new dependencies for uv, and initial EPEL10
packages for a few of their dependencies.
rust-astral-tokio-tar 0.5.6
Fixed a parser desynchronization vulnerability when reading tar archives that
contain mismatched size information in PAX/ustar headers.
This vulnerability is being tracked as GHSA-j5gw-2vrg-8fgx
and CVE-2025-62518.
Update rust-tikv-jemallocator and rust-tikv-jemalloc-sys to 0.6.1.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jul 25 2025 Fedora Release Engineering <[email protected]> -
0.15.0-16
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
* Sun Jan 19 2025 Fedora Release Engineering <[email protected]> -
0.15.0-15
- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
* Fri Sep 13 2024 Fabio Valentini <[email protected]> - 0.15.0-14
- Remove reference to readme file that is not included in published crates
* Fri Jul 19 2024 Fedora Release Engineering <[email protected]> -
0.15.0-13
- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
* Fri Jan 26 2024 Fedora Release Engineering <[email protected]> -
0.15.0-12
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2405468 - CVE-2025-62518 rust-astral-tokio-tar: astral-tokio-tar
Vulnerable to PAX Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405468
--------------------------------------------------------------------------------
================================================================================
rust-macro_rules_attribute-0.2.2-2.el10_1 (FEDORA-EPEL-2025-e6cbc78be8)
Use declarative macros in attribute or derive position
--------------------------------------------------------------------------------
Update Information:
Initial packages for a number of new dependencies for uv, and initial EPEL10
packages for a few of their dependencies.
rust-astral-tokio-tar 0.5.6
Fixed a parser desynchronization vulnerability when reading tar archives that
contain mismatched size information in PAX/ustar headers.
This vulnerability is being tracked as GHSA-j5gw-2vrg-8fgx
and CVE-2025-62518.
Update rust-tikv-jemallocator and rust-tikv-jemalloc-sys to 0.6.1.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jul 25 2025 Fedora Release Engineering <[email protected]> -
0.2.2-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
* Tue Jun 10 2025 Alexander F. Lent <[email protected]> - 0.2.2-1
- Initial Import (rhbz#2358542).
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2405468 - CVE-2025-62518 rust-astral-tokio-tar: astral-tokio-tar
Vulnerable to PAX Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405468
--------------------------------------------------------------------------------
================================================================================
rust-macro_rules_attribute-proc_macro-0.2.2-2.el10_1
(FEDORA-EPEL-2025-e6cbc78be8)
Use declarative macros as proc_macro attributes or derives
--------------------------------------------------------------------------------
Update Information:
Initial packages for a number of new dependencies for uv, and initial EPEL10
packages for a few of their dependencies.
rust-astral-tokio-tar 0.5.6
Fixed a parser desynchronization vulnerability when reading tar archives that
contain mismatched size information in PAX/ustar headers.
This vulnerability is being tracked as GHSA-j5gw-2vrg-8fgx
and CVE-2025-62518.
Update rust-tikv-jemallocator and rust-tikv-jemalloc-sys to 0.6.1.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jul 25 2025 Fedora Release Engineering <[email protected]> -
0.2.2-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
* Tue Jun 3 2025 Alexander F. Lent <[email protected]> - 0.2.2-1
- Update macro_rules_attribute-proc_macro to 0.2.2
* Tue Jun 3 2025 Alexander F. Lent <[email protected]> - 0.2.0-1
- Initial Import (rhbz#2358541).
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2405468 - CVE-2025-62518 rust-astral-tokio-tar: astral-tokio-tar
Vulnerable to PAX Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405468
--------------------------------------------------------------------------------
================================================================================
rust-newtype-uuid-1.3.1-1.el10_1 (FEDORA-EPEL-2025-5532a7724e)
Newtype wrapper around UUIDs
--------------------------------------------------------------------------------
Update Information:
Update to version 1.3.1.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Oct 22 2025 Fabio Valentini <[email protected]> - 1.3.1-1
- Update to version 1.3.1; Fixes RHBZ#2400557
--------------------------------------------------------------------------------
================================================================================
rust-normpath-1.5.0-1.el10_1 (FEDORA-EPEL-2025-1ac0221121)
More reliable path manipulation
--------------------------------------------------------------------------------
Update Information:
Update to version 1.5.0.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Oct 22 2025 Fabio Valentini <[email protected]> - 1.5.0-1
- Update to version 1.5.0
--------------------------------------------------------------------------------
================================================================================
rust-ordered-float-5.1.0-1.el10_1 (FEDORA-EPEL-2025-d2cc4a8ef7)
Wrappers for total ordering on floats
--------------------------------------------------------------------------------
Update Information:
Update to version 5.1.0.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Oct 22 2025 Fabio Valentini <[email protected]> - 5.1.0-1
- Update to version 5.1.0; Fixes RHBZ#2400474
* Fri Jul 25 2025 Fedora Release Engineering <[email protected]> -
5.0.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
rust-ordered-multimap-0.7.3-2.el10_1 (FEDORA-EPEL-2025-e6cbc78be8)
Insertion ordered multimap
--------------------------------------------------------------------------------
Update Information:
Initial packages for a number of new dependencies for uv, and initial EPEL10
packages for a few of their dependencies.
rust-astral-tokio-tar 0.5.6
Fixed a parser desynchronization vulnerability when reading tar archives that
contain mismatched size information in PAX/ustar headers.
This vulnerability is being tracked as GHSA-j5gw-2vrg-8fgx
and CVE-2025-62518.
Update rust-tikv-jemallocator and rust-tikv-jemalloc-sys to 0.6.1.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jul 25 2025 Fedora Release Engineering <[email protected]> -
0.7.3-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
* Thu May 1 2025 Cristian Le <[email protected]> - 0.7.3-1
- Update to version 0.7.3; Fixes RHBZ#1976416
* Sun Jan 19 2025 Fedora Release Engineering <[email protected]> -
0.4.3-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
* Sat Jul 20 2024 Fedora Release Engineering <[email protected]> -
0.4.3-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
* Fri Jan 26 2024 Fedora Release Engineering <[email protected]> -
0.4.3-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2405468 - CVE-2025-62518 rust-astral-tokio-tar: astral-tokio-tar
Vulnerable to PAX Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405468
--------------------------------------------------------------------------------
================================================================================
rust-os_pipe-1.2.3-1.el10_1 (FEDORA-EPEL-2025-4c48ebf74b)
Cross-platform library for opening OS pipes
--------------------------------------------------------------------------------
Update Information:
Update to version 1.2.3.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Oct 22 2025 Fabio Valentini <[email protected]> - 1.2.3-1
- Update to version 1.2.3; Fixes RHBZ#2403315
* Fri Jul 25 2025 Fedora Release Engineering <[email protected]> -
1.2.2-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
rust-owo-colors-4.2.3-1.el10_1 (FEDORA-EPEL-2025-bcae79d721)
Zero-allocation terminal colors that'll make people go owo
--------------------------------------------------------------------------------
Update Information:
Update to version 4.2.3.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Oct 22 2025 Fabio Valentini <[email protected]> - 4.2.3-1
- Update to version 4.2.3; Fixes RHBZ#2400178
* Fri Jul 25 2025 Fedora Release Engineering <[email protected]> -
4.2.2-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
rust-pem-3.0.6-1.el10_1 (FEDORA-EPEL-2025-ffa3320d04)
Parse and encode PEM-encoded data
--------------------------------------------------------------------------------
Update Information:
Update to version 3.0.6.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Oct 22 2025 Fabio Valentini <[email protected]> - 3.0.6-1
- Update to version 3.0.6; Fixes RHBZ#2403116
* Fri Jul 25 2025 Fedora Release Engineering <[email protected]> -
3.0.5-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
rust-pyproject-toml-0.13.7-1.el10_1 (FEDORA-EPEL-2025-9b3556e4f8)
Pyproject.toml parser in Rust
--------------------------------------------------------------------------------
Update Information:
Update to version 0.13.7.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Oct 22 2025 Fabio Valentini <[email protected]> - 0.13.7-1
- Update to version 0.13.7; Fixes RHBZ#2402709
--------------------------------------------------------------------------------
================================================================================
rust-regex-lite-0.1.8-1.el10_1 (FEDORA-EPEL-2025-9908159f71)
Lightweight regex engine that optimizes for binary size and compilation time
--------------------------------------------------------------------------------
Update Information:
Update to version 0.1.8.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Oct 22 2025 Fabio Valentini <[email protected]> - 0.1.8-1
- Update to version 0.1.8; Fixes RHBZ#2403246
--------------------------------------------------------------------------------
================================================================================
rust-regex-syntax-0.8.8-1.el10_1 (FEDORA-EPEL-2025-d69a6f1c55)
Regular expression parser
--------------------------------------------------------------------------------
Update Information:
Update to version 0.8.8.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Oct 22 2025 Fabio Valentini <[email protected]> - 0.8.8-1
- Update to version 0.8.8; Fixes RHBZ#2403247
--------------------------------------------------------------------------------
================================================================================
rust-reqsign-0.17.0-1.el10_1 (FEDORA-EPEL-2025-e6cbc78be8)
Signing HTTP requests for popular cloud services
--------------------------------------------------------------------------------
Update Information:
Initial packages for a number of new dependencies for uv, and initial EPEL10
packages for a few of their dependencies.
rust-astral-tokio-tar 0.5.6
Fixed a parser desynchronization vulnerability when reading tar archives that
contain mismatched size information in PAX/ustar headers.
This vulnerability is being tracked as GHSA-j5gw-2vrg-8fgx
and CVE-2025-62518.
Update rust-tikv-jemallocator and rust-tikv-jemalloc-sys to 0.6.1.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Oct 22 2025 Benjamin A. Beasley <[email protected]> - 0.17.0-1
- Initial package (close RHBZ#2400218)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2405468 - CVE-2025-62518 rust-astral-tokio-tar: astral-tokio-tar
Vulnerable to PAX Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405468
--------------------------------------------------------------------------------
================================================================================
rust-reqsign-aws-v4-1.0.0-1.el10_1 (FEDORA-EPEL-2025-e6cbc78be8)
Signing API requests without effort
--------------------------------------------------------------------------------
Update Information:
Initial packages for a number of new dependencies for uv, and initial EPEL10
packages for a few of their dependencies.
rust-astral-tokio-tar 0.5.6
Fixed a parser desynchronization vulnerability when reading tar archives that
contain mismatched size information in PAX/ustar headers.
This vulnerability is being tracked as GHSA-j5gw-2vrg-8fgx
and CVE-2025-62518.
Update rust-tikv-jemallocator and rust-tikv-jemalloc-sys to 0.6.1.
--------------------------------------------------------------------------------
ChangeLog:
* Sat Oct 11 2025 Benjamin A. Beasley <[email protected]> - 1.0.0-1
- Initial package (close RHBZ#2400195)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2405468 - CVE-2025-62518 rust-astral-tokio-tar: astral-tokio-tar
Vulnerable to PAX Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405468
--------------------------------------------------------------------------------
================================================================================
rust-reqsign-command-execute-tokio-1.0.0-1.el10_1 (FEDORA-EPEL-2025-e6cbc78be8)
Tokio-based command execution implementation for reqsign
--------------------------------------------------------------------------------
Update Information:
Initial packages for a number of new dependencies for uv, and initial EPEL10
packages for a few of their dependencies.
rust-astral-tokio-tar 0.5.6
Fixed a parser desynchronization vulnerability when reading tar archives that
contain mismatched size information in PAX/ustar headers.
This vulnerability is being tracked as GHSA-j5gw-2vrg-8fgx
and CVE-2025-62518.
Update rust-tikv-jemallocator and rust-tikv-jemalloc-sys to 0.6.1.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 2 2025 Benjamin A. Beasley <[email protected]> - 1.0.0-1
- Initial package (close RHBZ#2400111)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2405468 - CVE-2025-62518 rust-astral-tokio-tar: astral-tokio-tar
Vulnerable to PAX Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405468
--------------------------------------------------------------------------------
================================================================================
rust-reqsign-core-1.0.0-1.el10_1 (FEDORA-EPEL-2025-e6cbc78be8)
Signing API requests without effort
--------------------------------------------------------------------------------
Update Information:
Initial packages for a number of new dependencies for uv, and initial EPEL10
packages for a few of their dependencies.
rust-astral-tokio-tar 0.5.6
Fixed a parser desynchronization vulnerability when reading tar archives that
contain mismatched size information in PAX/ustar headers.
This vulnerability is being tracked as GHSA-j5gw-2vrg-8fgx
and CVE-2025-62518.
Update rust-tikv-jemallocator and rust-tikv-jemalloc-sys to 0.6.1.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Sep 30 2025 Benjamin A. Beasley <[email protected]> - 1.0.0-1
- Initial package (close RHBZ#2400096)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2405468 - CVE-2025-62518 rust-astral-tokio-tar: astral-tokio-tar
Vulnerable to PAX Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405468
--------------------------------------------------------------------------------
================================================================================
rust-reqsign-file-read-tokio-1.0.0-1.el10_1 (FEDORA-EPEL-2025-e6cbc78be8)
Signing API requests without effort
--------------------------------------------------------------------------------
Update Information:
Initial packages for a number of new dependencies for uv, and initial EPEL10
packages for a few of their dependencies.
rust-astral-tokio-tar 0.5.6
Fixed a parser desynchronization vulnerability when reading tar archives that
contain mismatched size information in PAX/ustar headers.
This vulnerability is being tracked as GHSA-j5gw-2vrg-8fgx
and CVE-2025-62518.
Update rust-tikv-jemallocator and rust-tikv-jemalloc-sys to 0.6.1.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Oct 8 2025 Benjamin A. Beasley <[email protected]> - 1.0.0-1
- Initial package (close RHBZ#2400101)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2405468 - CVE-2025-62518 rust-astral-tokio-tar: astral-tokio-tar
Vulnerable to PAX Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405468
--------------------------------------------------------------------------------
================================================================================
rust-reqsign-http-send-reqwest-1.0.0-1.el10_1 (FEDORA-EPEL-2025-e6cbc78be8)
Signing API requests without effort
--------------------------------------------------------------------------------
Update Information:
Initial packages for a number of new dependencies for uv, and initial EPEL10
packages for a few of their dependencies.
rust-astral-tokio-tar 0.5.6
Fixed a parser desynchronization vulnerability when reading tar archives that
contain mismatched size information in PAX/ustar headers.
This vulnerability is being tracked as GHSA-j5gw-2vrg-8fgx
and CVE-2025-62518.
Update rust-tikv-jemallocator and rust-tikv-jemalloc-sys to 0.6.1.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 2 2025 Benjamin A. Beasley <[email protected]> - 1.0.0-1
- Initial package (close RHBZ#2400100)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2405468 - CVE-2025-62518 rust-astral-tokio-tar: astral-tokio-tar
Vulnerable to PAX Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405468
--------------------------------------------------------------------------------
================================================================================
rust-rust-ini-0.21.3-1.el10_1 (FEDORA-EPEL-2025-e6cbc78be8)
Ini configuration file parsing library in Rust
--------------------------------------------------------------------------------
Update Information:
Initial packages for a number of new dependencies for uv, and initial EPEL10
packages for a few of their dependencies.
rust-astral-tokio-tar 0.5.6
Fixed a parser desynchronization vulnerability when reading tar archives that
contain mismatched size information in PAX/ustar headers.
This vulnerability is being tracked as GHSA-j5gw-2vrg-8fgx
and CVE-2025-62518.
Update rust-tikv-jemallocator and rust-tikv-jemalloc-sys to 0.6.1.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Oct 22 2025 Fabio Valentini <[email protected]> - 0.21.3-1
- Update to version 0.21.3; Fixes RHBZ#2392154
* Fri Jul 25 2025 Fedora Release Engineering <[email protected]> -
0.21.2-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
* Tue Jul 8 2025 Fabio Valentini <[email protected]> - 0.21.2-1
- Update to version 0.21.2; Fixes RHBZ#2375939
* Thu May 1 2025 Cristian Le <[email protected]> - 0.21.1-1
- Update to version 0.21.1; Fixes RHBZ#2193253
* Sun Jan 19 2025 Fedora Release Engineering <[email protected]> -
0.18.0-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
* Sat Jul 20 2024 Fedora Release Engineering <[email protected]> -
0.18.0-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
* Fri Jan 26 2024 Fedora Release Engineering <[email protected]> -
0.18.0-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2405468 - CVE-2025-62518 rust-astral-tokio-tar: astral-tokio-tar
Vulnerable to PAX Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405468
--------------------------------------------------------------------------------
================================================================================
rust-rustls-native-certs-0.8.2-1.el10_1 (FEDORA-EPEL-2025-01806c6f16)
Allows rustls to use the platform native certificate store
--------------------------------------------------------------------------------
Update Information:
Update to version 0.8.2.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Oct 22 2025 Fabio Valentini <[email protected]> - 0.8.2-1
- Update to version 0.8.2; Fixes RHBZ#2404132
* Fri Jul 25 2025 Fedora Release Engineering <[email protected]> -
0.8.1-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
* Sun Jan 19 2025 Fedora Release Engineering <[email protected]> -
0.8.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
rust-rusty-fork-0.3.1-1.el10_1 (FEDORA-EPEL-2025-c4f3b443e0)
Library for running Rust tests in sub-processes using a fork-like interface
--------------------------------------------------------------------------------
Update Information:
Update to version 0.3.1.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Oct 22 2025 Fabio Valentini <[email protected]> - 0.3.1-1
- Update to version 0.3.1; Fixes RHBZ#2401611
* Fri Jul 25 2025 Fedora Release Engineering <[email protected]> -
0.3.0-13
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
* Sun Jan 19 2025 Fedora Release Engineering <[email protected]> -
0.3.0-12
- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
rust-scc-2.4.0-1.el10_1 (FEDORA-EPEL-2025-962dd83cf6)
Containers and utilities for concurrent and asynchronous programming
--------------------------------------------------------------------------------
Update Information:
Update to version 2.4.0.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Oct 22 2025 Fabio Valentini <[email protected]> - 2.4.0-1
- Update to version 2.4.0
* Fri Jul 25 2025 Fedora Release Engineering <[email protected]> -
2.3.4-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
rust-socket2-0.6.1-1.el10_1 (FEDORA-EPEL-2025-30d75feb82)
Utilities for handling networking sockets
--------------------------------------------------------------------------------
Update Information:
Update to version 0.6.1.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Oct 22 2025 Fabio Valentini <[email protected]> - 0.6.1-1
- Update to version 0.6.1; Fixes RHBZ#2403506
* Fri Jul 25 2025 Fedora Release Engineering <[email protected]> -
0.6.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
rust-stable_deref_trait-1.2.1-1.el10_1 (FEDORA-EPEL-2025-5f7f82ec99)
Dereference to a stable address even when moved
--------------------------------------------------------------------------------
Update Information:
Update to version 1.2.1.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Oct 22 2025 Fabio Valentini <[email protected]> - 1.2.1-1
- Update to version 1.2.1; Fixes RHBZ#2402663
* Fri Jul 25 2025 Fedora Release Engineering <[email protected]> -
1.2.0-15
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
* Sun Jan 19 2025 Fedora Release Engineering <[email protected]> -
1.2.0-14
- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
rust-syn-2.0.107-1.el10_1 (FEDORA-EPEL-2025-f2c9d97a99)
Parser for Rust source code
--------------------------------------------------------------------------------
Update Information:
Update to version 2.0.107.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Oct 22 2025 Fabio Valentini <[email protected]> - 2.0.107-1
- Update to version 2.0.107; Fixes RHBZ#2404927
--------------------------------------------------------------------------------
================================================================================
rust-system-deps-7.0.6-1.el10_1 (FEDORA-EPEL-2025-76b87a488e)
Declarative system dependencies in Cargo.toml
--------------------------------------------------------------------------------
Update Information:
Update to version 7.0.6.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Oct 22 2025 Fabio Valentini <[email protected]> - 7.0.6-1
- Update to version 7.0.6; Fixes RHBZ#2403779
* Fri Jul 25 2025 Fedora Release Engineering <[email protected]> -
7.0.5-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
rust-tikv-jemalloc-sys-0.6.1-1.el10_1 (FEDORA-EPEL-2025-e6cbc78be8)
Rust FFI bindings to jemalloc
--------------------------------------------------------------------------------
Update Information:
Initial packages for a number of new dependencies for uv, and initial EPEL10
packages for a few of their dependencies.
rust-astral-tokio-tar 0.5.6
Fixed a parser desynchronization vulnerability when reading tar archives that
contain mismatched size information in PAX/ustar headers.
This vulnerability is being tracked as GHSA-j5gw-2vrg-8fgx
and CVE-2025-62518.
Update rust-tikv-jemallocator and rust-tikv-jemalloc-sys to 0.6.1.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 16 2025 Benjamin A. Beasley <[email protected]> - 0.6.1-1
- Update to version 0.6.1
* Fri Jul 25 2025 Fedora Release Engineering <[email protected]> -
0.6.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2405468 - CVE-2025-62518 rust-astral-tokio-tar: astral-tokio-tar
Vulnerable to PAX Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405468
--------------------------------------------------------------------------------
================================================================================
rust-tikv-jemallocator-0.6.1-1.el10_1 (FEDORA-EPEL-2025-e6cbc78be8)
Rust allocator backed by jemalloc
--------------------------------------------------------------------------------
Update Information:
Initial packages for a number of new dependencies for uv, and initial EPEL10
packages for a few of their dependencies.
rust-astral-tokio-tar 0.5.6
Fixed a parser desynchronization vulnerability when reading tar archives that
contain mismatched size information in PAX/ustar headers.
This vulnerability is being tracked as GHSA-j5gw-2vrg-8fgx
and CVE-2025-62518.
Update rust-tikv-jemallocator and rust-tikv-jemalloc-sys to 0.6.1.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 16 2025 Benjamin A. Beasley <[email protected]> - 0.6.1-1
- Update to version 0.6.1; Fixes RHBZ#2404523
* Fri Jul 25 2025 Fedora Release Engineering <[email protected]> -
0.6.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2405468 - CVE-2025-62518 rust-astral-tokio-tar: astral-tokio-tar
Vulnerable to PAX Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405468
--------------------------------------------------------------------------------
================================================================================
rust-unicode-width-0.2.2-1.el10_1 (FEDORA-EPEL-2025-e4469524ea)
Determine displayed width of 'char' and 'str' types
--------------------------------------------------------------------------------
Update Information:
Update to version 0.2.2.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Oct 22 2025 Fabio Valentini <[email protected]> - 0.2.2-1
- Update to version 0.2.2; Fixes RHBZ#2401886
* Fri Jul 25 2025 Fedora Release Engineering <[email protected]> -
0.2.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
rust-webpki-roots-1.0.3-1.el10_1 (FEDORA-EPEL-2025-67f0f25ce2)
Mozilla's CA root certificates for use with webpki
--------------------------------------------------------------------------------
Update Information:
Update to version 1.0.3.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Oct 22 2025 Fabio Valentini <[email protected]> - 1.0.3-1
- Update to version 1.0.3; Fixes RHBZ#2402416
--------------------------------------------------------------------------------
================================================================================
rust-xattr-1.6.1-1.el10_1 (FEDORA-EPEL-2025-a58e878486)
Unix extended filesystem attributes
--------------------------------------------------------------------------------
Update Information:
Update to version 1.6.1.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Oct 22 2025 Fabio Valentini <[email protected]> - 1.6.1-1
- Update to version 1.6.1; Fixes RHBZ#2397136
* Fri Jul 25 2025 Fedora Release Engineering <[email protected]> -
1.5.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
--------------------------------------------------------------------------------
--
_______________________________________________
epel-devel mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/[email protected]
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
