The following Fedora EPEL 10.1 Security updates need testing:
Age URL
6 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-e6de0f54eb
mbedtls-3.6.5-1.el10_1
6 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-72c6be2069
python-aiohttp-3.11.18-4.el10_1
5 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-2a63b8835b
webkitgtk-2.50.1-2.el10_1
1 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-5aefff4853
fluidsynth-2.4.8-2.el10_1
The following builds have been pushed to Fedora EPEL 10.1 updates-testing
dymo-cups-drivers-lw5xx-2.0.0.0-1.el10_1
egl-wayland2-1.0.1~20251021gite16cb0f-1.el10_1
mock-6.5-1.el10_1
openbao-2.4.3-1.el10_1
python-setuptools-git-versioning-2.1.0-16.el10_1
rust-ambient-id-0.0.5-1.el10_1
rust-astral-tokio-tar-0.5.6-1.el10_1
rust-backon-1.5.2-2.el10_1
rust-csv-1.4.0-1.el10_1
rust-csv-core-0.1.13-1.el10_1
rust-dlv-list-0.5.2-2.el10_1
rust-dotenv-0.15.0-16.el10_1
rust-indoc-2.0.7-1.el10_1
rust-insta-1.43.2-1.el10_1
rust-macro_rules_attribute-0.2.2-2.el10_1
rust-macro_rules_attribute-proc_macro-0.2.2-2.el10_1
rust-memmap2-0.9.9-1.el10_1
rust-ordered-multimap-0.7.3-2.el10_1
rust-pest-2.8.3-1.el10_1
rust-pest_derive-2.8.3-1.el10_1
rust-pest_generator-2.8.3-1.el10_1
rust-pest_meta-2.8.3-1.el10_1
rust-proc-macro2-1.0.102-1.el10_1
rust-python-pkginfo-0.6.6-1.el10_1
rust-ref-cast-1.0.25-1.el10_1
rust-ref-cast-impl-1.0.25-1.el10_1
rust-reqsign-0.17.0-1.el10_1
rust-reqsign-aws-v4-1.0.0-1.el10_1
rust-reqsign-command-execute-tokio-1.0.0-1.el10_1
rust-reqsign-core-1.0.0-1.el10_1
rust-reqsign-file-read-tokio-1.0.0-1.el10_1
rust-reqsign-http-send-reqwest-1.0.0-1.el10_1
rust-rust-ini-0.21.3-1.el10_1
rust-rust_decimal-1.39.0-1.el10_1
rust-rust_decimal_macros-1.39.0-1.el10_1
rust-secrecy-0.10.3-1.el10_1
rust-serde-1.0.228-1.el10_1
rust-serde_core-1.0.228-1.el10_1
rust-serde_derive-1.0.228-1.el10_1
rust-snafu-0.8.9-1.el10_1
rust-snafu-derive-0.8.9-1.el10_1
rust-tikv-jemalloc-sys-0.6.1-1.el10_1
rust-tikv-jemallocator-0.6.1-1.el10_1
rust-typetag-0.2.21-1.el10_1
rust-typetag-impl-0.2.21-1.el10_1
rust-unicode-ident-1.0.20-1.el10_1
rust-zbus-5.12.0-1.el10_1
rust-zbus_macros-5.12.0-1.el10_1
rust-zerocopy-0.8.27-1.el10_1
rust-zerocopy-derive-0.8.27-1.el10_1
rust-zvariant-5.8.0-1.el10_1
rust-zvariant_derive-5.8.0-1.el10_1
uv-0.8.24-2.el10_1
Details about builds:
================================================================================
dymo-cups-drivers-lw5xx-2.0.0.0-1.el10_1 (FEDORA-EPEL-2025-b759a81ab4)
DYMO LabelWriter 5xx Drivers for CUPS
--------------------------------------------------------------------------------
Update Information:
Initial specfile
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 23 2025 Andrew Bauer <[email protected]> - 2.0.0.0-1
- Initial specfile
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2359216 - dymo-cups-drivers version is outdated
https://bugzilla.redhat.com/show_bug.cgi?id=2359216
[ 2 ] Bug #2369164 - Review Request: dymo-cups-drivers-lw5xx - DYMO
LabelWriter 5xx Drivers for CUPS
https://bugzilla.redhat.com/show_bug.cgi?id=2369164
--------------------------------------------------------------------------------
================================================================================
egl-wayland2-1.0.1~20251021gite16cb0f-1.el10_1 (FEDORA-EPEL-2025-f78e531e4a)
Dma-buf-based Wayland external platform library
--------------------------------------------------------------------------------
Update Information:
Update to latest snapshot.
Update to latest snapshot.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Oct 22 2025 Simone Caronni <[email protected]> -
1.0.1~20251021gite16cb0f-1
- Update to latest snapshot.
* Mon Oct 20 2025 Simone Caronni <[email protected]> -
1.0.1~20251018git295712b-1
- Update to latest snapshot.
--------------------------------------------------------------------------------
================================================================================
mock-6.5-1.el10_1 (FEDORA-EPEL-2025-9500486e27)
Builds packages inside chroots
--------------------------------------------------------------------------------
Update Information:
make suppress-sync opt-in, not opt-out ([email protected])
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 23 2025 Pavel Raiskup <[email protected]> 6.5-1
- make suppress-sync opt-in, not opt-out ([email protected])
--------------------------------------------------------------------------------
================================================================================
openbao-2.4.3-1.el10_1 (FEDORA-EPEL-2025-a67eb81816)
A tool for securely accessing secrets
--------------------------------------------------------------------------------
Update Information:
Update to upstream 2.4.3, including fixes for CVE-2025-62513 and CVE-2025-62705.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 23 2025 Dave Dykstra <[email protected]> -
2.4.3-1
- update to upstream 2.4.3
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2405900 - CVE-2025-62513 openbao: OpenBao leaks HTTPRawBody in
Audit Logs [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405900
[ 2 ] Bug #2405901 - CVE-2025-62513 openbao: OpenBao leaks HTTPRawBody in
Audit Logs [epel-8]
https://bugzilla.redhat.com/show_bug.cgi?id=2405901
[ 3 ] Bug #2405902 - CVE-2025-62513 openbao: OpenBao leaks HTTPRawBody in
Audit Logs [epel-9]
https://bugzilla.redhat.com/show_bug.cgi?id=2405902
[ 4 ] Bug #2405903 - CVE-2025-62513 openbao: OpenBao leaks HTTPRawBody in
Audit Logs [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2405903
[ 5 ] Bug #2405904 - CVE-2025-62513 openbao: OpenBao leaks HTTPRawBody in
Audit Logs [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2405904
--------------------------------------------------------------------------------
================================================================================
python-setuptools-git-versioning-2.1.0-16.el10_1 (FEDORA-EPEL-2025-d3b51c5152)
Use git repo data for building a version number according to PEP-440
--------------------------------------------------------------------------------
Update Information:
Fix incorrect version in metadata (RHBZ#2405588)
Run the tests
Fix a small typo in the package summary and description, and tidy up the
package description a bit
--------------------------------------------------------------------------------
ChangeLog:
* Wed Oct 22 2025 Benjamin A. Beasley <[email protected]> - 2.1.0-16
- Run the tests
* Wed Oct 22 2025 Benjamin A. Beasley <[email protected]> - 2.1.0-15
- Fix incorrect version in metadata (fix RHBZ#2405588)
* Wed Oct 22 2025 Benjamin A. Beasley <[email protected]> - 2.1.0-13
- Fix a small typo in the package summary and description
- Tidy up the package description a bit
* Wed Oct 22 2025 Benjamin A. Beasley <[email protected]> - 2.1.0-12
- Simplify man page generation
* Wed Oct 22 2025 Benjamin A. Beasley <[email protected]> - 2.1.0-11
- Fix wrong Summary on binary package
* Wed Oct 22 2025 Benjamin A. Beasley <[email protected]> - 2.1.0-9
- Fix the source archive name
* Fri Sep 19 2025 Python Maint <[email protected]> - 2.1.0-7
- Rebuilt for Python 3.14.0rc3 bytecode
* Fri Aug 15 2025 Python Maint <[email protected]> - 2.1.0-6
- Rebuilt for Python 3.14.0rc2 bytecode
* Fri Jul 25 2025 Fedora Release Engineering <[email protected]> -
2.1.0-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
* Mon Jun 2 2025 Python Maint <[email protected]> - 2.1.0-4
- Rebuilt for Python 3.14
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2405588 - python-setuptools-git-versioning python3dist provides
are incorrect
https://bugzilla.redhat.com/show_bug.cgi?id=2405588
--------------------------------------------------------------------------------
================================================================================
rust-ambient-id-0.0.5-1.el10_1 (FEDORA-EPEL-2025-e6cbc78be8)
Detects ambient OIDC credentials in a variety of environments
--------------------------------------------------------------------------------
Update Information:
uv 0.8.24
https://github.com/astral-sh/uv/blob/0.8.24/CHANGELOG.md
Since uv was built with astral-tokio-tar 0.5.6, this is a security fix for
CVE-2025-62518.
rust-astral-tokio-tar 0.5.6
Fixed a parser desynchronization vulnerability when reading tar archives that
contain mismatched size information in PAX/ustar headers.
This vulnerability is being tracked as GHSA-j5gw-2vrg-8fgx
and CVE-2025-62518.
Update rust-tikv-jemallocator and rust-tikv-jemalloc-sys to 0.6.1.
Initial packages for a number of new dependencies for uv, and initial EPEL10
packages for a few of their dependencies.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Sep 26 2025 Benjamin A. Beasley <[email protected]> - 0.0.5-1
- Initial package (close RHBZ#2396331)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2405468 - CVE-2025-62518 rust-astral-tokio-tar: astral-tokio-tar
Vulnerable to PAX Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405468
[ 2 ] Bug #2405469 - CVE-2025-62518 uv: astral-tokio-tar Vulnerable to PAX
Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405469
--------------------------------------------------------------------------------
================================================================================
rust-astral-tokio-tar-0.5.6-1.el10_1 (FEDORA-EPEL-2025-e6cbc78be8)
Rust implementation of an async TAR file reader and writer
--------------------------------------------------------------------------------
Update Information:
uv 0.8.24
https://github.com/astral-sh/uv/blob/0.8.24/CHANGELOG.md
Since uv was built with astral-tokio-tar 0.5.6, this is a security fix for
CVE-2025-62518.
rust-astral-tokio-tar 0.5.6
Fixed a parser desynchronization vulnerability when reading tar archives that
contain mismatched size information in PAX/ustar headers.
This vulnerability is being tracked as GHSA-j5gw-2vrg-8fgx
and CVE-2025-62518.
Update rust-tikv-jemallocator and rust-tikv-jemalloc-sys to 0.6.1.
Initial packages for a number of new dependencies for uv, and initial EPEL10
packages for a few of their dependencies.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Oct 21 2025 Benjamin A. Beasley <[email protected]> - 0.5.6-1
- Update to version 0.5.6; Fixes RHBZ#2405351
- Security fix for CVE-2025-62518
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2405468 - CVE-2025-62518 rust-astral-tokio-tar: astral-tokio-tar
Vulnerable to PAX Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405468
[ 2 ] Bug #2405469 - CVE-2025-62518 uv: astral-tokio-tar Vulnerable to PAX
Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405469
--------------------------------------------------------------------------------
================================================================================
rust-backon-1.5.2-2.el10_1 (FEDORA-EPEL-2025-e6cbc78be8)
Make retry like a built-in feature provided by Rust
--------------------------------------------------------------------------------
Update Information:
uv 0.8.24
https://github.com/astral-sh/uv/blob/0.8.24/CHANGELOG.md
Since uv was built with astral-tokio-tar 0.5.6, this is a security fix for
CVE-2025-62518.
rust-astral-tokio-tar 0.5.6
Fixed a parser desynchronization vulnerability when reading tar archives that
contain mismatched size information in PAX/ustar headers.
This vulnerability is being tracked as GHSA-j5gw-2vrg-8fgx
and CVE-2025-62518.
Update rust-tikv-jemallocator and rust-tikv-jemalloc-sys to 0.6.1.
Initial packages for a number of new dependencies for uv, and initial EPEL10
packages for a few of their dependencies.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Aug 21 2025 Benjamin A. Beasley <[email protected]> - 1.5.2-2
- Drop unnecessary sqlx dev-dependency
* Wed Jul 30 2025 Fabio Valentini <[email protected]> - 1.5.2-1
- Update to version 1.5.2; Fixes RHBZ#2384769
* Fri Jul 25 2025 Fedora Release Engineering <[email protected]> -
1.5.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
* Thu Jun 19 2025 Fabio Valentini <[email protected]> - 1.5.1-1
- Update to version 1.5.1
* Wed Apr 23 2025 Fabio Valentini <[email protected]> - 1.5.0-3
- Drop WASM-specific features
* Tue Apr 22 2025 Fabio Valentini <[email protected]> - 1.5.0-2
- Fix invalid rust2rpm.toml, regenerate spec, relax spin dependency
* Sun Apr 20 2025 Andreas Schneider <[email protected]> - 1.5.0-1
- New package version 1.5.0
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2405468 - CVE-2025-62518 rust-astral-tokio-tar: astral-tokio-tar
Vulnerable to PAX Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405468
[ 2 ] Bug #2405469 - CVE-2025-62518 uv: astral-tokio-tar Vulnerable to PAX
Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405469
--------------------------------------------------------------------------------
================================================================================
rust-csv-1.4.0-1.el10_1 (FEDORA-EPEL-2025-8ceb1cf981)
Fast CSV parsing with support for serde
--------------------------------------------------------------------------------
Update Information:
Batch update for various Rust crates.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 23 2025 Fabio Valentini <[email protected]> - 1.4.0-1
- Update to version 1.4.0; Fixes RHBZ#2404706
* Fri Jul 25 2025 Fedora Release Engineering <[email protected]> -
1.3.1-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
* Sun Jan 19 2025 Fedora Release Engineering <[email protected]> -
1.3.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
rust-csv-core-0.1.13-1.el10_1 (FEDORA-EPEL-2025-8ceb1cf981)
Bare bones CSV parsing with no_std support
--------------------------------------------------------------------------------
Update Information:
Batch update for various Rust crates.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 23 2025 Fabio Valentini <[email protected]> - 0.1.13-1
- Update to version 0.1.13; Fixes RHBZ#2404707
--------------------------------------------------------------------------------
================================================================================
rust-dlv-list-0.5.2-2.el10_1 (FEDORA-EPEL-2025-e6cbc78be8)
Semi-doubly linked list implemented using a vector
--------------------------------------------------------------------------------
Update Information:
uv 0.8.24
https://github.com/astral-sh/uv/blob/0.8.24/CHANGELOG.md
Since uv was built with astral-tokio-tar 0.5.6, this is a security fix for
CVE-2025-62518.
rust-astral-tokio-tar 0.5.6
Fixed a parser desynchronization vulnerability when reading tar archives that
contain mismatched size information in PAX/ustar headers.
This vulnerability is being tracked as GHSA-j5gw-2vrg-8fgx
and CVE-2025-62518.
Update rust-tikv-jemallocator and rust-tikv-jemalloc-sys to 0.6.1.
Initial packages for a number of new dependencies for uv, and initial EPEL10
packages for a few of their dependencies.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jul 25 2025 Fedora Release Engineering <[email protected]> -
0.5.2-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
* Fri May 2 2025 Cristian Le <[email protected]> - 0.5.2-1
- Update to version 0.5.2; Fixes RHBZ#1989392
* Sun Jan 19 2025 Fedora Release Engineering <[email protected]> -
0.3.0-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
* Fri Jul 19 2024 Fedora Release Engineering <[email protected]> -
0.3.0-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
* Fri Jan 26 2024 Fedora Release Engineering <[email protected]> -
0.3.0-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2405468 - CVE-2025-62518 rust-astral-tokio-tar: astral-tokio-tar
Vulnerable to PAX Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405468
[ 2 ] Bug #2405469 - CVE-2025-62518 uv: astral-tokio-tar Vulnerable to PAX
Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405469
--------------------------------------------------------------------------------
================================================================================
rust-dotenv-0.15.0-16.el10_1 (FEDORA-EPEL-2025-e6cbc78be8)
Dotenv implementation for Rust
--------------------------------------------------------------------------------
Update Information:
uv 0.8.24
https://github.com/astral-sh/uv/blob/0.8.24/CHANGELOG.md
Since uv was built with astral-tokio-tar 0.5.6, this is a security fix for
CVE-2025-62518.
rust-astral-tokio-tar 0.5.6
Fixed a parser desynchronization vulnerability when reading tar archives that
contain mismatched size information in PAX/ustar headers.
This vulnerability is being tracked as GHSA-j5gw-2vrg-8fgx
and CVE-2025-62518.
Update rust-tikv-jemallocator and rust-tikv-jemalloc-sys to 0.6.1.
Initial packages for a number of new dependencies for uv, and initial EPEL10
packages for a few of their dependencies.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jul 25 2025 Fedora Release Engineering <[email protected]> -
0.15.0-16
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
* Sun Jan 19 2025 Fedora Release Engineering <[email protected]> -
0.15.0-15
- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
* Fri Sep 13 2024 Fabio Valentini <[email protected]> - 0.15.0-14
- Remove reference to readme file that is not included in published crates
* Fri Jul 19 2024 Fedora Release Engineering <[email protected]> -
0.15.0-13
- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
* Fri Jan 26 2024 Fedora Release Engineering <[email protected]> -
0.15.0-12
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2405468 - CVE-2025-62518 rust-astral-tokio-tar: astral-tokio-tar
Vulnerable to PAX Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405468
[ 2 ] Bug #2405469 - CVE-2025-62518 uv: astral-tokio-tar Vulnerable to PAX
Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405469
--------------------------------------------------------------------------------
================================================================================
rust-indoc-2.0.7-1.el10_1 (FEDORA-EPEL-2025-c6b6d4f551)
Indented document literals
--------------------------------------------------------------------------------
Update Information:
Update to version 2.0.7.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 23 2025 Fabio Valentini <[email protected]> - 2.0.7-1
- Update to version 2.0.7; Fixes RHBZ#2405429
* Fri Jul 25 2025 Fedora Release Engineering <[email protected]> -
2.0.6-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
rust-insta-1.43.2-1.el10_1 (FEDORA-EPEL-2025-8ceb1cf981)
Snapshot testing library for Rust
--------------------------------------------------------------------------------
Update Information:
Batch update for various Rust crates.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 23 2025 Fabio Valentini <[email protected]> - 1.43.2-1
- Update to version 1.43.2; Fixes RHBZ#2393320
--------------------------------------------------------------------------------
================================================================================
rust-macro_rules_attribute-0.2.2-2.el10_1 (FEDORA-EPEL-2025-e6cbc78be8)
Use declarative macros in attribute or derive position
--------------------------------------------------------------------------------
Update Information:
uv 0.8.24
https://github.com/astral-sh/uv/blob/0.8.24/CHANGELOG.md
Since uv was built with astral-tokio-tar 0.5.6, this is a security fix for
CVE-2025-62518.
rust-astral-tokio-tar 0.5.6
Fixed a parser desynchronization vulnerability when reading tar archives that
contain mismatched size information in PAX/ustar headers.
This vulnerability is being tracked as GHSA-j5gw-2vrg-8fgx
and CVE-2025-62518.
Update rust-tikv-jemallocator and rust-tikv-jemalloc-sys to 0.6.1.
Initial packages for a number of new dependencies for uv, and initial EPEL10
packages for a few of their dependencies.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jul 25 2025 Fedora Release Engineering <[email protected]> -
0.2.2-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
* Tue Jun 10 2025 Alexander F. Lent <[email protected]> - 0.2.2-1
- Initial Import (rhbz#2358542).
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2405468 - CVE-2025-62518 rust-astral-tokio-tar: astral-tokio-tar
Vulnerable to PAX Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405468
[ 2 ] Bug #2405469 - CVE-2025-62518 uv: astral-tokio-tar Vulnerable to PAX
Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405469
--------------------------------------------------------------------------------
================================================================================
rust-macro_rules_attribute-proc_macro-0.2.2-2.el10_1
(FEDORA-EPEL-2025-e6cbc78be8)
Use declarative macros as proc_macro attributes or derives
--------------------------------------------------------------------------------
Update Information:
uv 0.8.24
https://github.com/astral-sh/uv/blob/0.8.24/CHANGELOG.md
Since uv was built with astral-tokio-tar 0.5.6, this is a security fix for
CVE-2025-62518.
rust-astral-tokio-tar 0.5.6
Fixed a parser desynchronization vulnerability when reading tar archives that
contain mismatched size information in PAX/ustar headers.
This vulnerability is being tracked as GHSA-j5gw-2vrg-8fgx
and CVE-2025-62518.
Update rust-tikv-jemallocator and rust-tikv-jemalloc-sys to 0.6.1.
Initial packages for a number of new dependencies for uv, and initial EPEL10
packages for a few of their dependencies.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jul 25 2025 Fedora Release Engineering <[email protected]> -
0.2.2-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
* Tue Jun 3 2025 Alexander F. Lent <[email protected]> - 0.2.2-1
- Update macro_rules_attribute-proc_macro to 0.2.2
* Tue Jun 3 2025 Alexander F. Lent <[email protected]> - 0.2.0-1
- Initial Import (rhbz#2358541).
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2405468 - CVE-2025-62518 rust-astral-tokio-tar: astral-tokio-tar
Vulnerable to PAX Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405468
[ 2 ] Bug #2405469 - CVE-2025-62518 uv: astral-tokio-tar Vulnerable to PAX
Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405469
--------------------------------------------------------------------------------
================================================================================
rust-memmap2-0.9.9-1.el10_1 (FEDORA-EPEL-2025-f5e86b1ed6)
Cross-platform Rust API for memory-mapped file IO
--------------------------------------------------------------------------------
Update Information:
Update to version 0.9.9.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 23 2025 Fabio Valentini <[email protected]> - 0.9.9-1
- Update to version 0.9.9; Fixes RHBZ#2405355
--------------------------------------------------------------------------------
================================================================================
rust-ordered-multimap-0.7.3-2.el10_1 (FEDORA-EPEL-2025-e6cbc78be8)
Insertion ordered multimap
--------------------------------------------------------------------------------
Update Information:
uv 0.8.24
https://github.com/astral-sh/uv/blob/0.8.24/CHANGELOG.md
Since uv was built with astral-tokio-tar 0.5.6, this is a security fix for
CVE-2025-62518.
rust-astral-tokio-tar 0.5.6
Fixed a parser desynchronization vulnerability when reading tar archives that
contain mismatched size information in PAX/ustar headers.
This vulnerability is being tracked as GHSA-j5gw-2vrg-8fgx
and CVE-2025-62518.
Update rust-tikv-jemallocator and rust-tikv-jemalloc-sys to 0.6.1.
Initial packages for a number of new dependencies for uv, and initial EPEL10
packages for a few of their dependencies.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jul 25 2025 Fedora Release Engineering <[email protected]> -
0.7.3-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
* Thu May 1 2025 Cristian Le <[email protected]> - 0.7.3-1
- Update to version 0.7.3; Fixes RHBZ#1976416
* Sun Jan 19 2025 Fedora Release Engineering <[email protected]> -
0.4.3-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
* Sat Jul 20 2024 Fedora Release Engineering <[email protected]> -
0.4.3-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
* Fri Jan 26 2024 Fedora Release Engineering <[email protected]> -
0.4.3-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2405468 - CVE-2025-62518 rust-astral-tokio-tar: astral-tokio-tar
Vulnerable to PAX Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405468
[ 2 ] Bug #2405469 - CVE-2025-62518 uv: astral-tokio-tar Vulnerable to PAX
Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405469
--------------------------------------------------------------------------------
================================================================================
rust-pest-2.8.3-1.el10_1 (FEDORA-EPEL-2025-8ceb1cf981)
Elegant Parser
--------------------------------------------------------------------------------
Update Information:
Batch update for various Rust crates.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 23 2025 Fabio Valentini <[email protected]> - 2.8.3-1
- Update to version 2.8.3; Fixes RHBZ#2394785
* Fri Jul 25 2025 Fedora Release Engineering <[email protected]> -
2.8.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
rust-pest_derive-2.8.3-1.el10_1 (FEDORA-EPEL-2025-8ceb1cf981)
Pest's derive macro
--------------------------------------------------------------------------------
Update Information:
Batch update for various Rust crates.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 23 2025 Fabio Valentini <[email protected]> - 2.8.3-1
- Update to version 2.8.3; Fixes RHBZ#2394786
* Fri Jul 25 2025 Fedora Release Engineering <[email protected]> -
2.8.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
rust-pest_generator-2.8.3-1.el10_1 (FEDORA-EPEL-2025-8ceb1cf981)
Pest code generator
--------------------------------------------------------------------------------
Update Information:
Batch update for various Rust crates.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 23 2025 Fabio Valentini <[email protected]> - 2.8.3-1
- Update to version 2.8.3; Fixes RHBZ#2394787
* Fri Jul 25 2025 Fedora Release Engineering <[email protected]> -
2.8.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
rust-pest_meta-2.8.3-1.el10_1 (FEDORA-EPEL-2025-8ceb1cf981)
Pest meta language parser and validator
--------------------------------------------------------------------------------
Update Information:
Batch update for various Rust crates.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 23 2025 Fabio Valentini <[email protected]> - 2.8.3-1
- Update to version 2.8.3; Fixes RHBZ#2394788
* Fri Jul 25 2025 Fedora Release Engineering <[email protected]> -
2.8.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
rust-proc-macro2-1.0.102-1.el10_1 (FEDORA-EPEL-2025-43e503c446)
Substitute implementation of the Rust compiler's proc_macro API
--------------------------------------------------------------------------------
Update Information:
Update to version 1.0.102.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 23 2025 Fabio Valentini <[email protected]> - 1.0.102-1
- Update to version 1.0.102; Fixes RHBZ#2405955
--------------------------------------------------------------------------------
================================================================================
rust-python-pkginfo-0.6.6-1.el10_1 (FEDORA-EPEL-2025-3499634d5e)
Parse Python package metadata from sdist and bdists and etc
--------------------------------------------------------------------------------
Update Information:
Update to version 0.6.6.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 23 2025 Fabio Valentini <[email protected]> - 0.6.6-1
- Update to version 0.6.6; Fixes RHBZ#2405106
* Fri Jul 25 2025 Fedora Release Engineering <[email protected]> -
0.6.5-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
rust-ref-cast-1.0.25-1.el10_1 (FEDORA-EPEL-2025-8ceb1cf981)
Safely cast &T to &U where the struct U contains a single field of type T
--------------------------------------------------------------------------------
Update Information:
Batch update for various Rust crates.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 23 2025 Fabio Valentini <[email protected]> - 1.0.25-1
- Update to version 1.0.25; Fixes RHBZ#2400028
* Fri Jul 25 2025 Fedora Release Engineering <[email protected]> -
1.0.24-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
rust-ref-cast-impl-1.0.25-1.el10_1 (FEDORA-EPEL-2025-8ceb1cf981)
Derive implementation for ref_cast::RefCast
--------------------------------------------------------------------------------
Update Information:
Batch update for various Rust crates.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 23 2025 Fabio Valentini <[email protected]> - 1.0.25-1
- Update to version 1.0.25; Fixes RHBZ#2400029
* Fri Jul 25 2025 Fedora Release Engineering <[email protected]> -
1.0.24-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
rust-reqsign-0.17.0-1.el10_1 (FEDORA-EPEL-2025-e6cbc78be8)
Signing HTTP requests for popular cloud services
--------------------------------------------------------------------------------
Update Information:
uv 0.8.24
https://github.com/astral-sh/uv/blob/0.8.24/CHANGELOG.md
Since uv was built with astral-tokio-tar 0.5.6, this is a security fix for
CVE-2025-62518.
rust-astral-tokio-tar 0.5.6
Fixed a parser desynchronization vulnerability when reading tar archives that
contain mismatched size information in PAX/ustar headers.
This vulnerability is being tracked as GHSA-j5gw-2vrg-8fgx
and CVE-2025-62518.
Update rust-tikv-jemallocator and rust-tikv-jemalloc-sys to 0.6.1.
Initial packages for a number of new dependencies for uv, and initial EPEL10
packages for a few of their dependencies.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Oct 22 2025 Benjamin A. Beasley <[email protected]> - 0.17.0-1
- Initial package (close RHBZ#2400218)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2405468 - CVE-2025-62518 rust-astral-tokio-tar: astral-tokio-tar
Vulnerable to PAX Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405468
[ 2 ] Bug #2405469 - CVE-2025-62518 uv: astral-tokio-tar Vulnerable to PAX
Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405469
--------------------------------------------------------------------------------
================================================================================
rust-reqsign-aws-v4-1.0.0-1.el10_1 (FEDORA-EPEL-2025-e6cbc78be8)
Signing API requests without effort
--------------------------------------------------------------------------------
Update Information:
uv 0.8.24
https://github.com/astral-sh/uv/blob/0.8.24/CHANGELOG.md
Since uv was built with astral-tokio-tar 0.5.6, this is a security fix for
CVE-2025-62518.
rust-astral-tokio-tar 0.5.6
Fixed a parser desynchronization vulnerability when reading tar archives that
contain mismatched size information in PAX/ustar headers.
This vulnerability is being tracked as GHSA-j5gw-2vrg-8fgx
and CVE-2025-62518.
Update rust-tikv-jemallocator and rust-tikv-jemalloc-sys to 0.6.1.
Initial packages for a number of new dependencies for uv, and initial EPEL10
packages for a few of their dependencies.
--------------------------------------------------------------------------------
ChangeLog:
* Sat Oct 11 2025 Benjamin A. Beasley <[email protected]> - 1.0.0-1
- Initial package (close RHBZ#2400195)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2405468 - CVE-2025-62518 rust-astral-tokio-tar: astral-tokio-tar
Vulnerable to PAX Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405468
[ 2 ] Bug #2405469 - CVE-2025-62518 uv: astral-tokio-tar Vulnerable to PAX
Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405469
--------------------------------------------------------------------------------
================================================================================
rust-reqsign-command-execute-tokio-1.0.0-1.el10_1 (FEDORA-EPEL-2025-e6cbc78be8)
Tokio-based command execution implementation for reqsign
--------------------------------------------------------------------------------
Update Information:
uv 0.8.24
https://github.com/astral-sh/uv/blob/0.8.24/CHANGELOG.md
Since uv was built with astral-tokio-tar 0.5.6, this is a security fix for
CVE-2025-62518.
rust-astral-tokio-tar 0.5.6
Fixed a parser desynchronization vulnerability when reading tar archives that
contain mismatched size information in PAX/ustar headers.
This vulnerability is being tracked as GHSA-j5gw-2vrg-8fgx
and CVE-2025-62518.
Update rust-tikv-jemallocator and rust-tikv-jemalloc-sys to 0.6.1.
Initial packages for a number of new dependencies for uv, and initial EPEL10
packages for a few of their dependencies.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 2 2025 Benjamin A. Beasley <[email protected]> - 1.0.0-1
- Initial package (close RHBZ#2400111)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2405468 - CVE-2025-62518 rust-astral-tokio-tar: astral-tokio-tar
Vulnerable to PAX Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405468
[ 2 ] Bug #2405469 - CVE-2025-62518 uv: astral-tokio-tar Vulnerable to PAX
Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405469
--------------------------------------------------------------------------------
================================================================================
rust-reqsign-core-1.0.0-1.el10_1 (FEDORA-EPEL-2025-e6cbc78be8)
Signing API requests without effort
--------------------------------------------------------------------------------
Update Information:
uv 0.8.24
https://github.com/astral-sh/uv/blob/0.8.24/CHANGELOG.md
Since uv was built with astral-tokio-tar 0.5.6, this is a security fix for
CVE-2025-62518.
rust-astral-tokio-tar 0.5.6
Fixed a parser desynchronization vulnerability when reading tar archives that
contain mismatched size information in PAX/ustar headers.
This vulnerability is being tracked as GHSA-j5gw-2vrg-8fgx
and CVE-2025-62518.
Update rust-tikv-jemallocator and rust-tikv-jemalloc-sys to 0.6.1.
Initial packages for a number of new dependencies for uv, and initial EPEL10
packages for a few of their dependencies.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Sep 30 2025 Benjamin A. Beasley <[email protected]> - 1.0.0-1
- Initial package (close RHBZ#2400096)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2405468 - CVE-2025-62518 rust-astral-tokio-tar: astral-tokio-tar
Vulnerable to PAX Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405468
[ 2 ] Bug #2405469 - CVE-2025-62518 uv: astral-tokio-tar Vulnerable to PAX
Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405469
--------------------------------------------------------------------------------
================================================================================
rust-reqsign-file-read-tokio-1.0.0-1.el10_1 (FEDORA-EPEL-2025-e6cbc78be8)
Signing API requests without effort
--------------------------------------------------------------------------------
Update Information:
uv 0.8.24
https://github.com/astral-sh/uv/blob/0.8.24/CHANGELOG.md
Since uv was built with astral-tokio-tar 0.5.6, this is a security fix for
CVE-2025-62518.
rust-astral-tokio-tar 0.5.6
Fixed a parser desynchronization vulnerability when reading tar archives that
contain mismatched size information in PAX/ustar headers.
This vulnerability is being tracked as GHSA-j5gw-2vrg-8fgx
and CVE-2025-62518.
Update rust-tikv-jemallocator and rust-tikv-jemalloc-sys to 0.6.1.
Initial packages for a number of new dependencies for uv, and initial EPEL10
packages for a few of their dependencies.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Oct 8 2025 Benjamin A. Beasley <[email protected]> - 1.0.0-1
- Initial package (close RHBZ#2400101)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2405468 - CVE-2025-62518 rust-astral-tokio-tar: astral-tokio-tar
Vulnerable to PAX Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405468
[ 2 ] Bug #2405469 - CVE-2025-62518 uv: astral-tokio-tar Vulnerable to PAX
Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405469
--------------------------------------------------------------------------------
================================================================================
rust-reqsign-http-send-reqwest-1.0.0-1.el10_1 (FEDORA-EPEL-2025-e6cbc78be8)
Signing API requests without effort
--------------------------------------------------------------------------------
Update Information:
uv 0.8.24
https://github.com/astral-sh/uv/blob/0.8.24/CHANGELOG.md
Since uv was built with astral-tokio-tar 0.5.6, this is a security fix for
CVE-2025-62518.
rust-astral-tokio-tar 0.5.6
Fixed a parser desynchronization vulnerability when reading tar archives that
contain mismatched size information in PAX/ustar headers.
This vulnerability is being tracked as GHSA-j5gw-2vrg-8fgx
and CVE-2025-62518.
Update rust-tikv-jemallocator and rust-tikv-jemalloc-sys to 0.6.1.
Initial packages for a number of new dependencies for uv, and initial EPEL10
packages for a few of their dependencies.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 2 2025 Benjamin A. Beasley <[email protected]> - 1.0.0-1
- Initial package (close RHBZ#2400100)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2405468 - CVE-2025-62518 rust-astral-tokio-tar: astral-tokio-tar
Vulnerable to PAX Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405468
[ 2 ] Bug #2405469 - CVE-2025-62518 uv: astral-tokio-tar Vulnerable to PAX
Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405469
--------------------------------------------------------------------------------
================================================================================
rust-rust-ini-0.21.3-1.el10_1 (FEDORA-EPEL-2025-e6cbc78be8)
Ini configuration file parsing library in Rust
--------------------------------------------------------------------------------
Update Information:
uv 0.8.24
https://github.com/astral-sh/uv/blob/0.8.24/CHANGELOG.md
Since uv was built with astral-tokio-tar 0.5.6, this is a security fix for
CVE-2025-62518.
rust-astral-tokio-tar 0.5.6
Fixed a parser desynchronization vulnerability when reading tar archives that
contain mismatched size information in PAX/ustar headers.
This vulnerability is being tracked as GHSA-j5gw-2vrg-8fgx
and CVE-2025-62518.
Update rust-tikv-jemallocator and rust-tikv-jemalloc-sys to 0.6.1.
Initial packages for a number of new dependencies for uv, and initial EPEL10
packages for a few of their dependencies.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Oct 22 2025 Fabio Valentini <[email protected]> - 0.21.3-1
- Update to version 0.21.3; Fixes RHBZ#2392154
* Fri Jul 25 2025 Fedora Release Engineering <[email protected]> -
0.21.2-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
* Tue Jul 8 2025 Fabio Valentini <[email protected]> - 0.21.2-1
- Update to version 0.21.2; Fixes RHBZ#2375939
* Thu May 1 2025 Cristian Le <[email protected]> - 0.21.1-1
- Update to version 0.21.1; Fixes RHBZ#2193253
* Sun Jan 19 2025 Fedora Release Engineering <[email protected]> -
0.18.0-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
* Sat Jul 20 2024 Fedora Release Engineering <[email protected]> -
0.18.0-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
* Fri Jan 26 2024 Fedora Release Engineering <[email protected]> -
0.18.0-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2405468 - CVE-2025-62518 rust-astral-tokio-tar: astral-tokio-tar
Vulnerable to PAX Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405468
[ 2 ] Bug #2405469 - CVE-2025-62518 uv: astral-tokio-tar Vulnerable to PAX
Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405469
--------------------------------------------------------------------------------
================================================================================
rust-rust_decimal-1.39.0-1.el10_1 (FEDORA-EPEL-2025-8ceb1cf981)
Decimal number implementation written in pure Rust
--------------------------------------------------------------------------------
Update Information:
Batch update for various Rust crates.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 23 2025 Fabio Valentini <[email protected]> - 1.39.0-1
- Update to version 1.39.0; Fixes RHBZ#2395075
* Fri Jul 25 2025 Fedora Release Engineering <[email protected]> -
1.37.2-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
rust-rust_decimal_macros-1.39.0-1.el10_1 (FEDORA-EPEL-2025-8ceb1cf981)
Shorthand macros to assist creating Decimal types
--------------------------------------------------------------------------------
Update Information:
Batch update for various Rust crates.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 23 2025 Fabio Valentini <[email protected]> - 1.39.0-1
- Update to version 1.39.0; Fixes RHBZ#2395074
* Fri Jul 25 2025 Fedora Release Engineering <[email protected]> -
1.37.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
rust-secrecy-0.10.3-1.el10_1 (FEDORA-EPEL-2025-e6cbc78be8)
Wrapper types and traits for secret management
--------------------------------------------------------------------------------
Update Information:
uv 0.8.24
https://github.com/astral-sh/uv/blob/0.8.24/CHANGELOG.md
Since uv was built with astral-tokio-tar 0.5.6, this is a security fix for
CVE-2025-62518.
rust-astral-tokio-tar 0.5.6
Fixed a parser desynchronization vulnerability when reading tar archives that
contain mismatched size information in PAX/ustar headers.
This vulnerability is being tracked as GHSA-j5gw-2vrg-8fgx
and CVE-2025-62518.
Update rust-tikv-jemallocator and rust-tikv-jemalloc-sys to 0.6.1.
Initial packages for a number of new dependencies for uv, and initial EPEL10
packages for a few of their dependencies.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Sep 18 2025 Benjamin A. Beasley <[email protected]> - 0.10.3-1
- Update to version 0.10.3; Fixes RHBZ#2313021
* Fri Jul 25 2025 Fedora Release Engineering <[email protected]> -
0.8.0-8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
* Sun Jan 19 2025 Fedora Release Engineering <[email protected]> -
0.8.0-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
* Sat Jul 20 2024 Fedora Release Engineering <[email protected]> -
0.8.0-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
* Fri Jan 26 2024 Fedora Release Engineering <[email protected]> -
0.8.0-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2405468 - CVE-2025-62518 rust-astral-tokio-tar: astral-tokio-tar
Vulnerable to PAX Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405468
[ 2 ] Bug #2405469 - CVE-2025-62518 uv: astral-tokio-tar Vulnerable to PAX
Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405469
--------------------------------------------------------------------------------
================================================================================
rust-serde-1.0.228-1.el10_1 (FEDORA-EPEL-2025-8ceb1cf981)
Generic serialization/deserialization framework
--------------------------------------------------------------------------------
Update Information:
Batch update for various Rust crates.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 23 2025 Fabio Valentini <[email protected]> - 1.0.228-1
- Update to version 1.0.228; Fixes RHBZ#2397127
--------------------------------------------------------------------------------
================================================================================
rust-serde_core-1.0.228-1.el10_1 (FEDORA-EPEL-2025-8ceb1cf981)
Serde traits
--------------------------------------------------------------------------------
Update Information:
Batch update for various Rust crates.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 23 2025 Fabio Valentini <[email protected]> - 1.0.228-1
- Update to version 1.0.228; Fixes RHBZ#2397130
--------------------------------------------------------------------------------
================================================================================
rust-serde_derive-1.0.228-1.el10_1 (FEDORA-EPEL-2025-8ceb1cf981)
Macros 1.1 implementation of #[derive(Serialize, Deserialize)]
--------------------------------------------------------------------------------
Update Information:
Batch update for various Rust crates.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 23 2025 Fabio Valentini <[email protected]> - 1.0.228-1
- Update to version 1.0.228; Fixes RHBZ#2397128
--------------------------------------------------------------------------------
================================================================================
rust-snafu-0.8.9-1.el10_1 (FEDORA-EPEL-2025-8ceb1cf981)
Ergonomic error handling library
--------------------------------------------------------------------------------
Update Information:
Batch update for various Rust crates.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 23 2025 Fabio Valentini <[email protected]> - 0.8.9-1
- Update to version 0.8.9; Fixes RHBZ#2389908
* Fri Jul 25 2025 Fedora Release Engineering <[email protected]> -
0.8.6-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
rust-snafu-derive-0.8.9-1.el10_1 (FEDORA-EPEL-2025-8ceb1cf981)
Ergonomic error handling library
--------------------------------------------------------------------------------
Update Information:
Batch update for various Rust crates.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 23 2025 Fabio Valentini <[email protected]> - 0.8.9-1
- Update to version 0.8.9; Fixes RHBZ#2389909
* Fri Jul 25 2025 Fedora Release Engineering <[email protected]> -
0.8.6-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
rust-tikv-jemalloc-sys-0.6.1-1.el10_1 (FEDORA-EPEL-2025-e6cbc78be8)
Rust FFI bindings to jemalloc
--------------------------------------------------------------------------------
Update Information:
uv 0.8.24
https://github.com/astral-sh/uv/blob/0.8.24/CHANGELOG.md
Since uv was built with astral-tokio-tar 0.5.6, this is a security fix for
CVE-2025-62518.
rust-astral-tokio-tar 0.5.6
Fixed a parser desynchronization vulnerability when reading tar archives that
contain mismatched size information in PAX/ustar headers.
This vulnerability is being tracked as GHSA-j5gw-2vrg-8fgx
and CVE-2025-62518.
Update rust-tikv-jemallocator and rust-tikv-jemalloc-sys to 0.6.1.
Initial packages for a number of new dependencies for uv, and initial EPEL10
packages for a few of their dependencies.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 16 2025 Benjamin A. Beasley <[email protected]> - 0.6.1-1
- Update to version 0.6.1
* Fri Jul 25 2025 Fedora Release Engineering <[email protected]> -
0.6.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2405468 - CVE-2025-62518 rust-astral-tokio-tar: astral-tokio-tar
Vulnerable to PAX Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405468
[ 2 ] Bug #2405469 - CVE-2025-62518 uv: astral-tokio-tar Vulnerable to PAX
Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405469
--------------------------------------------------------------------------------
================================================================================
rust-tikv-jemallocator-0.6.1-1.el10_1 (FEDORA-EPEL-2025-e6cbc78be8)
Rust allocator backed by jemalloc
--------------------------------------------------------------------------------
Update Information:
uv 0.8.24
https://github.com/astral-sh/uv/blob/0.8.24/CHANGELOG.md
Since uv was built with astral-tokio-tar 0.5.6, this is a security fix for
CVE-2025-62518.
rust-astral-tokio-tar 0.5.6
Fixed a parser desynchronization vulnerability when reading tar archives that
contain mismatched size information in PAX/ustar headers.
This vulnerability is being tracked as GHSA-j5gw-2vrg-8fgx
and CVE-2025-62518.
Update rust-tikv-jemallocator and rust-tikv-jemalloc-sys to 0.6.1.
Initial packages for a number of new dependencies for uv, and initial EPEL10
packages for a few of their dependencies.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 16 2025 Benjamin A. Beasley <[email protected]> - 0.6.1-1
- Update to version 0.6.1; Fixes RHBZ#2404523
* Fri Jul 25 2025 Fedora Release Engineering <[email protected]> -
0.6.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2405468 - CVE-2025-62518 rust-astral-tokio-tar: astral-tokio-tar
Vulnerable to PAX Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405468
[ 2 ] Bug #2405469 - CVE-2025-62518 uv: astral-tokio-tar Vulnerable to PAX
Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405469
--------------------------------------------------------------------------------
================================================================================
rust-typetag-0.2.21-1.el10_1 (FEDORA-EPEL-2025-8ceb1cf981)
Serde serializable and deserializable trait objects
--------------------------------------------------------------------------------
Update Information:
Batch update for various Rust crates.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 23 2025 Fabio Valentini <[email protected]> - 0.2.21-1
- Update to version 0.2.21; Fixes RHBZ#2400030
* Fri Jul 25 2025 Fedora Release Engineering <[email protected]> -
0.2.20-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
rust-typetag-impl-0.2.21-1.el10_1 (FEDORA-EPEL-2025-8ceb1cf981)
Implementation detail of the typetag crate
--------------------------------------------------------------------------------
Update Information:
Batch update for various Rust crates.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 23 2025 Fabio Valentini <[email protected]> - 0.2.21-1
- Update to version 0.2.21; Fixes RHBZ#2400031
* Fri Jul 25 2025 Fedora Release Engineering <[email protected]> -
0.2.20-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
rust-unicode-ident-1.0.20-1.el10_1 (FEDORA-EPEL-2025-e26882cf07)
Determine whether characters have the XID_Start or XID_Continue properties
--------------------------------------------------------------------------------
Update Information:
Update to version 1.0.20.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 23 2025 Fabio Valentini <[email protected]> - 1.0.20-1
- Update to version 1.0.20; Fixes RHBZ#2405296
--------------------------------------------------------------------------------
================================================================================
rust-zbus-5.12.0-1.el10_1 (FEDORA-EPEL-2025-8ceb1cf981)
API for D-Bus communication
--------------------------------------------------------------------------------
Update Information:
Batch update for various Rust crates.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 23 2025 Fabio Valentini <[email protected]> - 5.12.0-1
- Update to version 5.12.0; Fixes RHBZ#2394033
--------------------------------------------------------------------------------
================================================================================
rust-zbus_macros-5.12.0-1.el10_1 (FEDORA-EPEL-2025-8ceb1cf981)
Proc-macros for zbus
--------------------------------------------------------------------------------
Update Information:
Batch update for various Rust crates.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 23 2025 Fabio Valentini <[email protected]> - 5.12.0-1
- Update to version 5.12.0; Fixes RHBZ#2394034
--------------------------------------------------------------------------------
================================================================================
rust-zerocopy-0.8.27-1.el10_1 (FEDORA-EPEL-2025-8ceb1cf981)
Makes zero-cost memory manipulation effortless
--------------------------------------------------------------------------------
Update Information:
Batch update for various Rust crates.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 23 2025 Fabio Valentini <[email protected]> - 0.8.27-1
- Update to version 0.8.27; Fixes RHBZ#2393699
* Fri Jul 25 2025 Fedora Release Engineering <[email protected]> -
0.8.26-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
rust-zerocopy-derive-0.8.27-1.el10_1 (FEDORA-EPEL-2025-8ceb1cf981)
Custom derive for traits from the zerocopy crate
--------------------------------------------------------------------------------
Update Information:
Batch update for various Rust crates.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 23 2025 Fabio Valentini <[email protected]> - 0.8.27-1
- Update to version 0.8.27; Fixes RHBZ#2393698
* Fri Jul 25 2025 Fedora Release Engineering <[email protected]> -
0.8.26-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
rust-zvariant-5.8.0-1.el10_1 (FEDORA-EPEL-2025-8ceb1cf981)
D-Bus & GVariant encoding & decoding
--------------------------------------------------------------------------------
Update Information:
Batch update for various Rust crates.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 23 2025 Fabio Valentini <[email protected]> - 5.8.0-1
- Update to version 5.8.0; Fixes RHBZ#2404210
--------------------------------------------------------------------------------
================================================================================
rust-zvariant_derive-5.8.0-1.el10_1 (FEDORA-EPEL-2025-8ceb1cf981)
D-Bus & GVariant encoding & decoding
--------------------------------------------------------------------------------
Update Information:
Batch update for various Rust crates.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 23 2025 Fabio Valentini <[email protected]> - 5.8.0-1
- Update to version 5.8.0; Fixes RHBZ#2404213
--------------------------------------------------------------------------------
================================================================================
uv-0.8.24-2.el10_1 (FEDORA-EPEL-2025-e6cbc78be8)
An extremely fast Python package installer and resolver, written in Rust
--------------------------------------------------------------------------------
Update Information:
uv 0.8.24
https://github.com/astral-sh/uv/blob/0.8.24/CHANGELOG.md
Since uv was built with astral-tokio-tar 0.5.6, this is a security fix for
CVE-2025-62518.
rust-astral-tokio-tar 0.5.6
Fixed a parser desynchronization vulnerability when reading tar archives that
contain mismatched size information in PAX/ustar headers.
This vulnerability is being tracked as GHSA-j5gw-2vrg-8fgx
and CVE-2025-62518.
Update rust-tikv-jemallocator and rust-tikv-jemalloc-sys to 0.6.1.
Initial packages for a number of new dependencies for uv, and initial EPEL10
packages for a few of their dependencies.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 23 2025 Benjamin A. Beasley <[email protected]> - 0.8.24-2
- Allow hashbrown 0.15 (for EPEL10.1)
* Wed Oct 22 2025 Benjamin A. Beasley <[email protected]> - 0.8.24-1
- Update to 0.8.24
* Wed Oct 22 2025 Benjamin A. Beasley <[email protected]> - 0.8.23-1
- Update to 0.8.23
* Wed Oct 22 2025 Benjamin A. Beasley <[email protected]> - 0.8.22-1
- Update to 0.8.22
* Wed Oct 22 2025 Benjamin A. Beasley <[email protected]> - 0.8.21-1
- Update to 0.8.21
* Thu Oct 16 2025 Gordon Messmer <[email protected]> - 0.8.20-2
- Use rpm's native resource tunable to limit parallelism.
* Mon Sep 29 2025 Benjamin A. Beasley <[email protected]> - 0.8.20-1
- Update to 0.8.20 (close RHBZ#2389326)
* Mon Sep 29 2025 Benjamin A. Beasley <[email protected]> - 0.8.19-1
- Update to 0.8.19
* Mon Sep 29 2025 Benjamin A. Beasley <[email protected]> - 0.8.18-1
- Update to 0.8.18
* Sun Sep 28 2025 Benjamin A. Beasley <[email protected]> - 0.8.17-1
- Update to 0.8.17
* Sun Sep 28 2025 Benjamin A. Beasley <[email protected]> - 0.8.16-1
- Update to 0.8.16
* Sun Sep 28 2025 Benjamin A. Beasley <[email protected]> - 0.8.15-1
- Update to 0.8.15
* Sun Sep 28 2025 Benjamin A. Beasley <[email protected]> - 0.8.14-1
- Update to 0.8.14
* Sun Sep 28 2025 Benjamin A. Beasley <[email protected]> - 0.8.13-1
- Update to 0.8.13
* Sun Sep 28 2025 Benjamin A. Beasley <[email protected]> - 0.8.12-1
- Update to 0.8.12
* Sun Sep 28 2025 Benjamin A. Beasley <[email protected]> - 0.8.11-5
- Use the bundled reqwest-middleware, too
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2405468 - CVE-2025-62518 rust-astral-tokio-tar: astral-tokio-tar
Vulnerable to PAX Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405468
[ 2 ] Bug #2405469 - CVE-2025-62518 uv: astral-tokio-tar Vulnerable to PAX
Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405469
--------------------------------------------------------------------------------
--
_______________________________________________
epel-devel mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/[email protected]
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
