The following Fedora EPEL 10.2 Security updates need testing:
Age URL
4 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-1fe5205aa6
fluidsynth-2.4.8-2.el10_2
3 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-fd412e2ace
qt5-qtbase-5.15.17-2.el10_2
2 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-ebffab4484
chromium-141.0.7390.122-1.el10_2
2 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-3975babff2
openbao-2.4.3-1.el10_2
The following builds have been pushed to Fedora EPEL 10.2 updates-testing
fedora-distro-aliases-1.8-1.el10_2
nextcloud-32.0.1-1.el10_2
ruff-0.14.2-1.el10_2
rust-astral-tokio-tar-0.5.6-1.el10_2
rust-attribute-derive-0.10.5-1.el10_2
rust-attribute-derive-macro-0.10.5-1.el10_2
rust-backon-1.6.0-1.el10_2
rust-basic-toml-0.1.10-2.el10_2
rust-collection_literals-1.0.3-1.el10_2
rust-derive_more-2.0.1-3.el10_2
rust-derive_more-impl-2.0.1-2.el10_2
rust-dlv-list-0.5.2-2.el10_2
rust-dotenv-0.15.0-16.el10_2
rust-get-size-derive2-0.7.0-1.el10_2
rust-get-size2-0.7.0-2.el10_2
rust-half-2.7.1-2.el10_2
rust-interpolator-0.5.0-3.el10_2
rust-intrusive-collections-0.9.7-3.el10_2
rust-macro_rules_attribute-0.2.2-2.el10_2
rust-macro_rules_attribute-proc_macro-0.2.2-2.el10_2
rust-manyhow-0.11.4-1.el10_2
rust-manyhow-macros-0.11.4-1.el10_2
rust-ordered-multimap-0.7.3-2.el10_2
rust-proc-macro-utils-0.10.0-1.el10_2
rust-quote-use-0.8.4-2.el10_2
rust-quote-use-macros-0.8.4-1.el10_2
rust-reqsign-0.18.0-1.el10_2
rust-reqsign-aws-v4-2.0.0-1.el10_2
rust-reqsign-command-execute-tokio-2.0.0-1.el10_2
rust-reqsign-core-2.0.0-1.el10_2
rust-reqsign-file-read-tokio-2.0.0-1.el10_2
rust-reqsign-http-send-reqwest-2.0.0-1.el10_2
rust-rust-ini-0.21.3-1.el10_2
rust-tikv-jemalloc-sys-0.6.1-1.el10_2
rust-tikv-jemallocator-0.6.1-1.el10_2
rust-trybuild2-1.2.0-5.el10_2
uv-0.9.5-1.el10_2
Details about builds:
================================================================================
fedora-distro-aliases-1.8-1.el10_2 (FEDORA-EPEL-2025-cc8e028d0b)
Aliases for active Fedora releases
--------------------------------------------------------------------------------
Update Information:
New upstream release
--------------------------------------------------------------------------------
ChangeLog:
* Sat Oct 25 2025 Jakub Kadlcik <[email protected]> 1.8-1
- Implement a filter_distro helper function ([email protected])
- Test EPEL minor version aliases after 10.1 branching ([email protected])
--------------------------------------------------------------------------------
================================================================================
nextcloud-32.0.1-1.el10_2 (FEDORA-EPEL-2025-b9810fd14d)
Private file sync and share server
--------------------------------------------------------------------------------
Update Information:
32.0.1 release RHBZ#2399899
--------------------------------------------------------------------------------
ChangeLog:
* Sat Oct 25 2025 Andrew Bauer <[email protected]> - 32.0.1-1
- 32.0.1 release RHBZ#2399899
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2399899 - nextcloud-32.0.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2399899
--------------------------------------------------------------------------------
================================================================================
ruff-0.14.2-1.el10_2 (FEDORA-EPEL-2025-d12b62c436)
Extremely fast Python linter and code formatter
--------------------------------------------------------------------------------
Update Information:
uv 0.9.5
https://github.com/astral-sh/uv/blob/0.9.5/CHANGELOG.md
Since uv was built with astral-tokio-tar 0.5.6, this is a security fix for
CVE-2025-62518.
ruff 0.14.2
https://github.com/astral-sh/ruff/blob/0.14.2/CHANGELOG.md
rust-astral-tokio-tar 0.5.6
Fixed a parser desynchronization vulnerability when reading tar archives that
contain mismatched size information in PAX/ustar headers.
This vulnerability is being tracked as GHSA-j5gw-2vrg-8fgx
and CVE-2025-62518.
Initial packages for a number of new dependencies for ruff and uv, and initial
EPEL10 packages for a few of their dependencies.
Update rust-tikv-jemallocator and rust-tikv-jemalloc-sys to 0.6.1.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 23 2025 Benjamin A. Beasley <[email protected]> - 0.14.2-1
- Update to version 0.14.2; Fixes RHBZ#2406135
* Wed Oct 22 2025 Benjamin A. Beasley <[email protected]> - 0.14.1-2
- Double _smp_tasksize_proc again
- Builds for F41 were failing consistently on s390x
* Mon Oct 20 2025 Benjamin A. Beasley <[email protected]> - 0.14.1-1
- Update to 0.14.1 (close RHBZ#2360699)
* Mon Oct 20 2025 Benjamin A. Beasley <[email protected]> - 0.14.0-2
- Skip salsaâs execute_cancellation tests on all architectures
* Mon Oct 20 2025 Benjamin A. Beasley <[email protected]> - 0.14.0-1
- Update to 0.14.0
* Mon Oct 20 2025 Benjamin A. Beasley <[email protected]> - 0.13.3-1
- Update to 0.13.3
* Mon Oct 20 2025 Benjamin A. Beasley <[email protected]> - 0.13.2-1
- Update to 0.13.2
* Thu Oct 16 2025 Gordon Messmer <[email protected]> - 0.12.1-2
- Use rpm's native resource tunable to limit parallelism.
* Wed Sep 24 2025 Benjamin A. Beasley <[email protected]> - 0.12.1-1
- Update to 0.12.1
* Wed Sep 24 2025 Benjamin A. Beasley <[email protected]> - 0.12.0-1
- Update to 0.12.0
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2360699 - ruff-0.14.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2360699
[ 2 ] Bug #2402441 - rust-reqsign-core-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402441
[ 3 ] Bug #2402442 - rust-reqsign-command-execute-tokio-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402442
[ 4 ] Bug #2402443 - rust-reqsign-http-send-reqwest-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402443
[ 5 ] Bug #2402923 - uv-0.9.5 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402923
[ 6 ] Bug #2405468 - CVE-2025-62518 rust-astral-tokio-tar: astral-tokio-tar
Vulnerable to PAX Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405468
[ 7 ] Bug #2405469 - CVE-2025-62518 uv: astral-tokio-tar Vulnerable to PAX
Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405469
[ 8 ] Bug #2406135 - ruff-0.14.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2406135
--------------------------------------------------------------------------------
================================================================================
rust-astral-tokio-tar-0.5.6-1.el10_2 (FEDORA-EPEL-2025-d12b62c436)
Rust implementation of an async TAR file reader and writer
--------------------------------------------------------------------------------
Update Information:
uv 0.9.5
https://github.com/astral-sh/uv/blob/0.9.5/CHANGELOG.md
Since uv was built with astral-tokio-tar 0.5.6, this is a security fix for
CVE-2025-62518.
ruff 0.14.2
https://github.com/astral-sh/ruff/blob/0.14.2/CHANGELOG.md
rust-astral-tokio-tar 0.5.6
Fixed a parser desynchronization vulnerability when reading tar archives that
contain mismatched size information in PAX/ustar headers.
This vulnerability is being tracked as GHSA-j5gw-2vrg-8fgx
and CVE-2025-62518.
Initial packages for a number of new dependencies for ruff and uv, and initial
EPEL10 packages for a few of their dependencies.
Update rust-tikv-jemallocator and rust-tikv-jemalloc-sys to 0.6.1.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Oct 21 2025 Benjamin A. Beasley <[email protected]> - 0.5.6-1
- Update to version 0.5.6; Fixes RHBZ#2405351
- Security fix for CVE-2025-62518
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2360699 - ruff-0.14.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2360699
[ 2 ] Bug #2402441 - rust-reqsign-core-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402441
[ 3 ] Bug #2402442 - rust-reqsign-command-execute-tokio-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402442
[ 4 ] Bug #2402443 - rust-reqsign-http-send-reqwest-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402443
[ 5 ] Bug #2402923 - uv-0.9.5 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402923
[ 6 ] Bug #2405468 - CVE-2025-62518 rust-astral-tokio-tar: astral-tokio-tar
Vulnerable to PAX Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405468
[ 7 ] Bug #2405469 - CVE-2025-62518 uv: astral-tokio-tar Vulnerable to PAX
Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405469
[ 8 ] Bug #2406135 - ruff-0.14.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2406135
--------------------------------------------------------------------------------
================================================================================
rust-attribute-derive-0.10.5-1.el10_2 (FEDORA-EPEL-2025-d12b62c436)
Clap like parsing for attributes in proc-macros
--------------------------------------------------------------------------------
Update Information:
uv 0.9.5
https://github.com/astral-sh/uv/blob/0.9.5/CHANGELOG.md
Since uv was built with astral-tokio-tar 0.5.6, this is a security fix for
CVE-2025-62518.
ruff 0.14.2
https://github.com/astral-sh/ruff/blob/0.14.2/CHANGELOG.md
rust-astral-tokio-tar 0.5.6
Fixed a parser desynchronization vulnerability when reading tar archives that
contain mismatched size information in PAX/ustar headers.
This vulnerability is being tracked as GHSA-j5gw-2vrg-8fgx
and CVE-2025-62518.
Initial packages for a number of new dependencies for ruff and uv, and initial
EPEL10 packages for a few of their dependencies.
Update rust-tikv-jemallocator and rust-tikv-jemalloc-sys to 0.6.1.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Oct 15 2025 Benjamin A. Beasley <[email protected]> - 0.10.5-1
- Initial package (close RHBZ#2398133)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2360699 - ruff-0.14.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2360699
[ 2 ] Bug #2402441 - rust-reqsign-core-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402441
[ 3 ] Bug #2402442 - rust-reqsign-command-execute-tokio-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402442
[ 4 ] Bug #2402443 - rust-reqsign-http-send-reqwest-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402443
[ 5 ] Bug #2402923 - uv-0.9.5 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402923
[ 6 ] Bug #2405468 - CVE-2025-62518 rust-astral-tokio-tar: astral-tokio-tar
Vulnerable to PAX Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405468
[ 7 ] Bug #2405469 - CVE-2025-62518 uv: astral-tokio-tar Vulnerable to PAX
Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405469
[ 8 ] Bug #2406135 - ruff-0.14.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2406135
--------------------------------------------------------------------------------
================================================================================
rust-attribute-derive-macro-0.10.5-1.el10_2 (FEDORA-EPEL-2025-d12b62c436)
Clap for proc macro attributes
--------------------------------------------------------------------------------
Update Information:
uv 0.9.5
https://github.com/astral-sh/uv/blob/0.9.5/CHANGELOG.md
Since uv was built with astral-tokio-tar 0.5.6, this is a security fix for
CVE-2025-62518.
ruff 0.14.2
https://github.com/astral-sh/ruff/blob/0.14.2/CHANGELOG.md
rust-astral-tokio-tar 0.5.6
Fixed a parser desynchronization vulnerability when reading tar archives that
contain mismatched size information in PAX/ustar headers.
This vulnerability is being tracked as GHSA-j5gw-2vrg-8fgx
and CVE-2025-62518.
Initial packages for a number of new dependencies for ruff and uv, and initial
EPEL10 packages for a few of their dependencies.
Update rust-tikv-jemallocator and rust-tikv-jemalloc-sys to 0.6.1.
--------------------------------------------------------------------------------
ChangeLog:
* Sat Oct 11 2025 Benjamin A. Beasley <[email protected]> - 0.10.5-1
- Initial package (close RHBZ#2398120)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2360699 - ruff-0.14.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2360699
[ 2 ] Bug #2402441 - rust-reqsign-core-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402441
[ 3 ] Bug #2402442 - rust-reqsign-command-execute-tokio-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402442
[ 4 ] Bug #2402443 - rust-reqsign-http-send-reqwest-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402443
[ 5 ] Bug #2402923 - uv-0.9.5 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402923
[ 6 ] Bug #2405468 - CVE-2025-62518 rust-astral-tokio-tar: astral-tokio-tar
Vulnerable to PAX Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405468
[ 7 ] Bug #2405469 - CVE-2025-62518 uv: astral-tokio-tar Vulnerable to PAX
Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405469
[ 8 ] Bug #2406135 - ruff-0.14.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2406135
--------------------------------------------------------------------------------
================================================================================
rust-backon-1.6.0-1.el10_2 (FEDORA-EPEL-2025-d12b62c436)
Make retry like a built-in feature provided by Rust
--------------------------------------------------------------------------------
Update Information:
uv 0.9.5
https://github.com/astral-sh/uv/blob/0.9.5/CHANGELOG.md
Since uv was built with astral-tokio-tar 0.5.6, this is a security fix for
CVE-2025-62518.
ruff 0.14.2
https://github.com/astral-sh/ruff/blob/0.14.2/CHANGELOG.md
rust-astral-tokio-tar 0.5.6
Fixed a parser desynchronization vulnerability when reading tar archives that
contain mismatched size information in PAX/ustar headers.
This vulnerability is being tracked as GHSA-j5gw-2vrg-8fgx
and CVE-2025-62518.
Initial packages for a number of new dependencies for ruff and uv, and initial
EPEL10 packages for a few of their dependencies.
Update rust-tikv-jemallocator and rust-tikv-jemalloc-sys to 0.6.1.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Oct 20 2025 Benjamin A. Beasley <[email protected]> - 1.6.0-1
- Update to version 1.6.0; Fixes RHBZ#2404917
* Thu Aug 21 2025 Benjamin A. Beasley <[email protected]> - 1.5.2-2
- Drop unnecessary sqlx dev-dependency
* Wed Jul 30 2025 Fabio Valentini <[email protected]> - 1.5.2-1
- Update to version 1.5.2; Fixes RHBZ#2384769
* Fri Jul 25 2025 Fedora Release Engineering <[email protected]> -
1.5.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
* Thu Jun 19 2025 Fabio Valentini <[email protected]> - 1.5.1-1
- Update to version 1.5.1
* Wed Apr 23 2025 Fabio Valentini <[email protected]> - 1.5.0-3
- Drop WASM-specific features
* Tue Apr 22 2025 Fabio Valentini <[email protected]> - 1.5.0-2
- Fix invalid rust2rpm.toml, regenerate spec, relax spin dependency
* Sun Apr 20 2025 Andreas Schneider <[email protected]> - 1.5.0-1
- New package version 1.5.0
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2360699 - ruff-0.14.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2360699
[ 2 ] Bug #2402441 - rust-reqsign-core-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402441
[ 3 ] Bug #2402442 - rust-reqsign-command-execute-tokio-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402442
[ 4 ] Bug #2402443 - rust-reqsign-http-send-reqwest-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402443
[ 5 ] Bug #2402923 - uv-0.9.5 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402923
[ 6 ] Bug #2405468 - CVE-2025-62518 rust-astral-tokio-tar: astral-tokio-tar
Vulnerable to PAX Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405468
[ 7 ] Bug #2405469 - CVE-2025-62518 uv: astral-tokio-tar Vulnerable to PAX
Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405469
[ 8 ] Bug #2406135 - ruff-0.14.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2406135
--------------------------------------------------------------------------------
================================================================================
rust-basic-toml-0.1.10-2.el10_2 (FEDORA-EPEL-2025-d12b62c436)
Minimal TOML library with few dependencies
--------------------------------------------------------------------------------
Update Information:
uv 0.9.5
https://github.com/astral-sh/uv/blob/0.9.5/CHANGELOG.md
Since uv was built with astral-tokio-tar 0.5.6, this is a security fix for
CVE-2025-62518.
ruff 0.14.2
https://github.com/astral-sh/ruff/blob/0.14.2/CHANGELOG.md
rust-astral-tokio-tar 0.5.6
Fixed a parser desynchronization vulnerability when reading tar archives that
contain mismatched size information in PAX/ustar headers.
This vulnerability is being tracked as GHSA-j5gw-2vrg-8fgx
and CVE-2025-62518.
Initial packages for a number of new dependencies for ruff and uv, and initial
EPEL10 packages for a few of their dependencies.
Update rust-tikv-jemallocator and rust-tikv-jemalloc-sys to 0.6.1.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jul 25 2025 Fedora Release Engineering <[email protected]> -
0.1.10-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
* Mon Mar 3 2025 Fabio Valentini <[email protected]> - 0.1.10-1
- Update to version 0.1.10; Fixes RHBZ#2349381
* Sun Jan 19 2025 Fedora Release Engineering <[email protected]> -
0.1.9-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
* Fri Jul 19 2024 Fedora Release Engineering <[email protected]> -
0.1.9-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
* Thu Apr 25 2024 Fabio Valentini <[email protected]> - 0.1.9-1
- Update to version 0.1.9; Fixes RHBZ#2269097
* Fri Jan 26 2024 Fedora Release Engineering <[email protected]> -
0.1.8-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Wed Jan 3 2024 Fabio Valentini <[email protected]> - 0.1.8-1
- Update to version 0.1.8; Fixes RHBZ#2256493
* Sun Nov 12 2023 Fabio Valentini <[email protected]> - 0.1.7-1
- Update to version 0.1.7; Fixes RHBZ#2246261
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2360699 - ruff-0.14.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2360699
[ 2 ] Bug #2402441 - rust-reqsign-core-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402441
[ 3 ] Bug #2402442 - rust-reqsign-command-execute-tokio-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402442
[ 4 ] Bug #2402443 - rust-reqsign-http-send-reqwest-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402443
[ 5 ] Bug #2402923 - uv-0.9.5 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402923
[ 6 ] Bug #2405468 - CVE-2025-62518 rust-astral-tokio-tar: astral-tokio-tar
Vulnerable to PAX Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405468
[ 7 ] Bug #2405469 - CVE-2025-62518 uv: astral-tokio-tar Vulnerable to PAX
Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405469
[ 8 ] Bug #2406135 - ruff-0.14.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2406135
--------------------------------------------------------------------------------
================================================================================
rust-collection_literals-1.0.3-1.el10_2 (FEDORA-EPEL-2025-d12b62c436)
Easy-to-use macros for initializing any collection
--------------------------------------------------------------------------------
Update Information:
uv 0.9.5
https://github.com/astral-sh/uv/blob/0.9.5/CHANGELOG.md
Since uv was built with astral-tokio-tar 0.5.6, this is a security fix for
CVE-2025-62518.
ruff 0.14.2
https://github.com/astral-sh/ruff/blob/0.14.2/CHANGELOG.md
rust-astral-tokio-tar 0.5.6
Fixed a parser desynchronization vulnerability when reading tar archives that
contain mismatched size information in PAX/ustar headers.
This vulnerability is being tracked as GHSA-j5gw-2vrg-8fgx
and CVE-2025-62518.
Initial packages for a number of new dependencies for ruff and uv, and initial
EPEL10 packages for a few of their dependencies.
Update rust-tikv-jemallocator and rust-tikv-jemalloc-sys to 0.6.1.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Oct 1 2025 Benjamin A. Beasley <[email protected]> - 1.0.3-1
- Update to version 1.0.3; Fixes RHBZ#2400587
- Upstream now provides a LICENSE file
* Mon Sep 29 2025 Benjamin A. Beasley <[email protected]> - 1.0.2-1
- Initial package (close RHBZ#2398064)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2360699 - ruff-0.14.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2360699
[ 2 ] Bug #2402441 - rust-reqsign-core-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402441
[ 3 ] Bug #2402442 - rust-reqsign-command-execute-tokio-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402442
[ 4 ] Bug #2402443 - rust-reqsign-http-send-reqwest-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402443
[ 5 ] Bug #2402923 - uv-0.9.5 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402923
[ 6 ] Bug #2405468 - CVE-2025-62518 rust-astral-tokio-tar: astral-tokio-tar
Vulnerable to PAX Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405468
[ 7 ] Bug #2405469 - CVE-2025-62518 uv: astral-tokio-tar Vulnerable to PAX
Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405469
[ 8 ] Bug #2406135 - ruff-0.14.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2406135
--------------------------------------------------------------------------------
================================================================================
rust-derive_more-2.0.1-3.el10_2 (FEDORA-EPEL-2025-d12b62c436)
Adds #[derive(x)] macros for more traits
--------------------------------------------------------------------------------
Update Information:
uv 0.9.5
https://github.com/astral-sh/uv/blob/0.9.5/CHANGELOG.md
Since uv was built with astral-tokio-tar 0.5.6, this is a security fix for
CVE-2025-62518.
ruff 0.14.2
https://github.com/astral-sh/ruff/blob/0.14.2/CHANGELOG.md
rust-astral-tokio-tar 0.5.6
Fixed a parser desynchronization vulnerability when reading tar archives that
contain mismatched size information in PAX/ustar headers.
This vulnerability is being tracked as GHSA-j5gw-2vrg-8fgx
and CVE-2025-62518.
Initial packages for a number of new dependencies for ruff and uv, and initial
EPEL10 packages for a few of their dependencies.
Update rust-tikv-jemallocator and rust-tikv-jemalloc-sys to 0.6.1.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jul 25 2025 Fedora Release Engineering <[email protected]> -
2.0.1-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
* Tue Mar 25 2025 Fabio Valentini <[email protected]> - 2.0.1-2
- Skip three tests that fail on big-endian architectures
* Sat Mar 22 2025 Fabio Valentini <[email protected]> - 2.0.1-1
- Update to version 2.0.1; Fixes RHBZ#2343601
* Sun Jan 19 2025 Fedora Release Engineering <[email protected]> -
1.0.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
* Mon Sep 2 2024 Fabio Valentini <[email protected]> - 1.0.0-1
- Update to version 1.0.0; Fixes RHBZ#2303544
* Fri Jul 19 2024 Fedora Release Engineering <[email protected]> -
0.99.17-8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
* Fri Jan 26 2024 Fedora Release Engineering <[email protected]> -
0.99.17-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Sat Aug 5 2023 Fabio Valentini <[email protected]> - 0.99.17-6
- Regenerate with rust2rpm v24
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2360699 - ruff-0.14.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2360699
[ 2 ] Bug #2402441 - rust-reqsign-core-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402441
[ 3 ] Bug #2402442 - rust-reqsign-command-execute-tokio-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402442
[ 4 ] Bug #2402443 - rust-reqsign-http-send-reqwest-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402443
[ 5 ] Bug #2402923 - uv-0.9.5 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402923
[ 6 ] Bug #2405468 - CVE-2025-62518 rust-astral-tokio-tar: astral-tokio-tar
Vulnerable to PAX Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405468
[ 7 ] Bug #2405469 - CVE-2025-62518 uv: astral-tokio-tar Vulnerable to PAX
Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405469
[ 8 ] Bug #2406135 - ruff-0.14.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2406135
--------------------------------------------------------------------------------
================================================================================
rust-derive_more-impl-2.0.1-2.el10_2 (FEDORA-EPEL-2025-d12b62c436)
Internal implementation of derive_more crate
--------------------------------------------------------------------------------
Update Information:
uv 0.9.5
https://github.com/astral-sh/uv/blob/0.9.5/CHANGELOG.md
Since uv was built with astral-tokio-tar 0.5.6, this is a security fix for
CVE-2025-62518.
ruff 0.14.2
https://github.com/astral-sh/ruff/blob/0.14.2/CHANGELOG.md
rust-astral-tokio-tar 0.5.6
Fixed a parser desynchronization vulnerability when reading tar archives that
contain mismatched size information in PAX/ustar headers.
This vulnerability is being tracked as GHSA-j5gw-2vrg-8fgx
and CVE-2025-62518.
Initial packages for a number of new dependencies for ruff and uv, and initial
EPEL10 packages for a few of their dependencies.
Update rust-tikv-jemallocator and rust-tikv-jemalloc-sys to 0.6.1.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jul 25 2025 Fedora Release Engineering <[email protected]> -
2.0.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
* Sat Mar 22 2025 Fabio Valentini <[email protected]> - 2.0.1-1
- Update to version 2.0.1; Fixes RHBZ#2343600
* Sun Jan 19 2025 Fedora Release Engineering <[email protected]> -
1.0.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
* Sun Sep 8 2024 Fabio Valentini <[email protected]> - 1.0.0-1
- Initial import (#2309192)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2360699 - ruff-0.14.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2360699
[ 2 ] Bug #2402441 - rust-reqsign-core-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402441
[ 3 ] Bug #2402442 - rust-reqsign-command-execute-tokio-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402442
[ 4 ] Bug #2402443 - rust-reqsign-http-send-reqwest-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402443
[ 5 ] Bug #2402923 - uv-0.9.5 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402923
[ 6 ] Bug #2405468 - CVE-2025-62518 rust-astral-tokio-tar: astral-tokio-tar
Vulnerable to PAX Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405468
[ 7 ] Bug #2405469 - CVE-2025-62518 uv: astral-tokio-tar Vulnerable to PAX
Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405469
[ 8 ] Bug #2406135 - ruff-0.14.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2406135
--------------------------------------------------------------------------------
================================================================================
rust-dlv-list-0.5.2-2.el10_2 (FEDORA-EPEL-2025-d12b62c436)
Semi-doubly linked list implemented using a vector
--------------------------------------------------------------------------------
Update Information:
uv 0.9.5
https://github.com/astral-sh/uv/blob/0.9.5/CHANGELOG.md
Since uv was built with astral-tokio-tar 0.5.6, this is a security fix for
CVE-2025-62518.
ruff 0.14.2
https://github.com/astral-sh/ruff/blob/0.14.2/CHANGELOG.md
rust-astral-tokio-tar 0.5.6
Fixed a parser desynchronization vulnerability when reading tar archives that
contain mismatched size information in PAX/ustar headers.
This vulnerability is being tracked as GHSA-j5gw-2vrg-8fgx
and CVE-2025-62518.
Initial packages for a number of new dependencies for ruff and uv, and initial
EPEL10 packages for a few of their dependencies.
Update rust-tikv-jemallocator and rust-tikv-jemalloc-sys to 0.6.1.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jul 25 2025 Fedora Release Engineering <[email protected]> -
0.5.2-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
* Fri May 2 2025 Cristian Le <[email protected]> - 0.5.2-1
- Update to version 0.5.2; Fixes RHBZ#1989392
* Sun Jan 19 2025 Fedora Release Engineering <[email protected]> -
0.3.0-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
* Fri Jul 19 2024 Fedora Release Engineering <[email protected]> -
0.3.0-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
* Fri Jan 26 2024 Fedora Release Engineering <[email protected]> -
0.3.0-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2360699 - ruff-0.14.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2360699
[ 2 ] Bug #2402441 - rust-reqsign-core-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402441
[ 3 ] Bug #2402442 - rust-reqsign-command-execute-tokio-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402442
[ 4 ] Bug #2402443 - rust-reqsign-http-send-reqwest-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402443
[ 5 ] Bug #2402923 - uv-0.9.5 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402923
[ 6 ] Bug #2405468 - CVE-2025-62518 rust-astral-tokio-tar: astral-tokio-tar
Vulnerable to PAX Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405468
[ 7 ] Bug #2405469 - CVE-2025-62518 uv: astral-tokio-tar Vulnerable to PAX
Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405469
[ 8 ] Bug #2406135 - ruff-0.14.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2406135
--------------------------------------------------------------------------------
================================================================================
rust-dotenv-0.15.0-16.el10_2 (FEDORA-EPEL-2025-d12b62c436)
Dotenv implementation for Rust
--------------------------------------------------------------------------------
Update Information:
uv 0.9.5
https://github.com/astral-sh/uv/blob/0.9.5/CHANGELOG.md
Since uv was built with astral-tokio-tar 0.5.6, this is a security fix for
CVE-2025-62518.
ruff 0.14.2
https://github.com/astral-sh/ruff/blob/0.14.2/CHANGELOG.md
rust-astral-tokio-tar 0.5.6
Fixed a parser desynchronization vulnerability when reading tar archives that
contain mismatched size information in PAX/ustar headers.
This vulnerability is being tracked as GHSA-j5gw-2vrg-8fgx
and CVE-2025-62518.
Initial packages for a number of new dependencies for ruff and uv, and initial
EPEL10 packages for a few of their dependencies.
Update rust-tikv-jemallocator and rust-tikv-jemalloc-sys to 0.6.1.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jul 25 2025 Fedora Release Engineering <[email protected]> -
0.15.0-16
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
* Sun Jan 19 2025 Fedora Release Engineering <[email protected]> -
0.15.0-15
- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
* Fri Sep 13 2024 Fabio Valentini <[email protected]> - 0.15.0-14
- Remove reference to readme file that is not included in published crates
* Fri Jul 19 2024 Fedora Release Engineering <[email protected]> -
0.15.0-13
- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
* Fri Jan 26 2024 Fedora Release Engineering <[email protected]> -
0.15.0-12
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2360699 - ruff-0.14.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2360699
[ 2 ] Bug #2402441 - rust-reqsign-core-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402441
[ 3 ] Bug #2402442 - rust-reqsign-command-execute-tokio-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402442
[ 4 ] Bug #2402443 - rust-reqsign-http-send-reqwest-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402443
[ 5 ] Bug #2402923 - uv-0.9.5 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402923
[ 6 ] Bug #2405468 - CVE-2025-62518 rust-astral-tokio-tar: astral-tokio-tar
Vulnerable to PAX Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405468
[ 7 ] Bug #2405469 - CVE-2025-62518 uv: astral-tokio-tar Vulnerable to PAX
Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405469
[ 8 ] Bug #2406135 - ruff-0.14.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2406135
--------------------------------------------------------------------------------
================================================================================
rust-get-size-derive2-0.7.0-1.el10_2 (FEDORA-EPEL-2025-d12b62c436)
Derives the GetSize trait
--------------------------------------------------------------------------------
Update Information:
uv 0.9.5
https://github.com/astral-sh/uv/blob/0.9.5/CHANGELOG.md
Since uv was built with astral-tokio-tar 0.5.6, this is a security fix for
CVE-2025-62518.
ruff 0.14.2
https://github.com/astral-sh/ruff/blob/0.14.2/CHANGELOG.md
rust-astral-tokio-tar 0.5.6
Fixed a parser desynchronization vulnerability when reading tar archives that
contain mismatched size information in PAX/ustar headers.
This vulnerability is being tracked as GHSA-j5gw-2vrg-8fgx
and CVE-2025-62518.
Initial packages for a number of new dependencies for ruff and uv, and initial
EPEL10 packages for a few of their dependencies.
Update rust-tikv-jemallocator and rust-tikv-jemalloc-sys to 0.6.1.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Oct 20 2025 Benjamin A. Beasley <[email protected]> - 0.7.0-1
- Initial package (close RHBZ#2398141)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2360699 - ruff-0.14.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2360699
[ 2 ] Bug #2402441 - rust-reqsign-core-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402441
[ 3 ] Bug #2402442 - rust-reqsign-command-execute-tokio-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402442
[ 4 ] Bug #2402443 - rust-reqsign-http-send-reqwest-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402443
[ 5 ] Bug #2402923 - uv-0.9.5 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402923
[ 6 ] Bug #2405468 - CVE-2025-62518 rust-astral-tokio-tar: astral-tokio-tar
Vulnerable to PAX Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405468
[ 7 ] Bug #2405469 - CVE-2025-62518 uv: astral-tokio-tar Vulnerable to PAX
Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405469
[ 8 ] Bug #2406135 - ruff-0.14.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2406135
--------------------------------------------------------------------------------
================================================================================
rust-get-size2-0.7.0-2.el10_2 (FEDORA-EPEL-2025-d12b62c436)
Determine the size in bytes an object occupies inside RAM
--------------------------------------------------------------------------------
Update Information:
uv 0.9.5
https://github.com/astral-sh/uv/blob/0.9.5/CHANGELOG.md
Since uv was built with astral-tokio-tar 0.5.6, this is a security fix for
CVE-2025-62518.
ruff 0.14.2
https://github.com/astral-sh/ruff/blob/0.14.2/CHANGELOG.md
rust-astral-tokio-tar 0.5.6
Fixed a parser desynchronization vulnerability when reading tar archives that
contain mismatched size information in PAX/ustar headers.
This vulnerability is being tracked as GHSA-j5gw-2vrg-8fgx
and CVE-2025-62518.
Initial packages for a number of new dependencies for ruff and uv, and initial
EPEL10 packages for a few of their dependencies.
Update rust-tikv-jemallocator and rust-tikv-jemalloc-sys to 0.6.1.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Oct 20 2025 Benjamin A. Beasley <[email protected]> - 0.7.0-2
- Add missing rust2rpm.toml file
* Mon Oct 20 2025 Benjamin A. Beasley <[email protected]> - 0.7.0-1
- Initial package (close RHBZ#2398235)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2360699 - ruff-0.14.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2360699
[ 2 ] Bug #2402441 - rust-reqsign-core-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402441
[ 3 ] Bug #2402442 - rust-reqsign-command-execute-tokio-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402442
[ 4 ] Bug #2402443 - rust-reqsign-http-send-reqwest-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402443
[ 5 ] Bug #2402923 - uv-0.9.5 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402923
[ 6 ] Bug #2405468 - CVE-2025-62518 rust-astral-tokio-tar: astral-tokio-tar
Vulnerable to PAX Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405468
[ 7 ] Bug #2405469 - CVE-2025-62518 uv: astral-tokio-tar Vulnerable to PAX
Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405469
[ 8 ] Bug #2406135 - ruff-0.14.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2406135
--------------------------------------------------------------------------------
================================================================================
rust-half-2.7.1-2.el10_2 (FEDORA-EPEL-2025-ae73151b77)
Half-precision floating point f16 and bf16 types for Rust
--------------------------------------------------------------------------------
Update Information:
2.7.1 - 2025-10-13
Fixed
loongarch64 lsx hardware intrinsics for f16 conversions now enabled only under
nightly cargo feature, fixing compile errors on stable Rust.
2.7.0 - 2025-10-08
Changed
zerocopy is now a required dependency. The optional zerocopy crate feature is
deprecated.
This change is to ensure better code safety and prevent potential unsound
behavior.
Git repository URL has changed due to GitHub user name change. Old URL is
redirected.
Added
New num-traits implementations: Signed for f16 and bf16.
loongarch64 lsx hardware intrinsic support for f16 conversions.
Implemented Weight trait from rand crate for f16 and bf16 with rand optional
cargo
feature.
Fixed
min and max incorrectly propagate NaN values when self is NaN.
Suppressed warnings from new unnecessary_transmutes lint.
Removed
doc_auto_cfg feature has been removed from docs.rs documentation due to removal
of rust
feature.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Oct 24 2025 Benjamin A. Beasley <[email protected]> - 2.7.1-2
- Fix some CRLF-terminated files using dos2unix
* Fri Oct 24 2025 Benjamin A. Beasley <[email protected]> - 2.7.1-1
- Update to version 2.7.1; Fixes RHBZ#2402613
* Fri Jul 25 2025 Fedora Release Engineering <[email protected]> -
2.6.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
rust-interpolator-0.5.0-3.el10_2 (FEDORA-EPEL-2025-d12b62c436)
Runtime format strings, fully compatible with std's macros
--------------------------------------------------------------------------------
Update Information:
uv 0.9.5
https://github.com/astral-sh/uv/blob/0.9.5/CHANGELOG.md
Since uv was built with astral-tokio-tar 0.5.6, this is a security fix for
CVE-2025-62518.
ruff 0.14.2
https://github.com/astral-sh/ruff/blob/0.14.2/CHANGELOG.md
rust-astral-tokio-tar 0.5.6
Fixed a parser desynchronization vulnerability when reading tar archives that
contain mismatched size information in PAX/ustar headers.
This vulnerability is being tracked as GHSA-j5gw-2vrg-8fgx
and CVE-2025-62518.
Initial packages for a number of new dependencies for ruff and uv, and initial
EPEL10 packages for a few of their dependencies.
Update rust-tikv-jemallocator and rust-tikv-jemalloc-sys to 0.6.1.
--------------------------------------------------------------------------------
ChangeLog:
* Sat Oct 4 2025 Benjamin A. Beasley <[email protected]> - 0.5.0-3
- Omit some unnecessary dev-dependencies
* Sat Oct 4 2025 Benjamin A. Beasley <[email protected]> - 0.5.0-2
- No longer allow proptest-derive 0.5
* Thu Oct 2 2025 Benjamin A. Beasley <[email protected]> - 0.5.0-1
- Initial package (close RHBZ#2398112)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2360699 - ruff-0.14.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2360699
[ 2 ] Bug #2402441 - rust-reqsign-core-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402441
[ 3 ] Bug #2402442 - rust-reqsign-command-execute-tokio-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402442
[ 4 ] Bug #2402443 - rust-reqsign-http-send-reqwest-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402443
[ 5 ] Bug #2402923 - uv-0.9.5 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402923
[ 6 ] Bug #2405468 - CVE-2025-62518 rust-astral-tokio-tar: astral-tokio-tar
Vulnerable to PAX Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405468
[ 7 ] Bug #2405469 - CVE-2025-62518 uv: astral-tokio-tar Vulnerable to PAX
Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405469
[ 8 ] Bug #2406135 - ruff-0.14.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2406135
--------------------------------------------------------------------------------
================================================================================
rust-intrusive-collections-0.9.7-3.el10_2 (FEDORA-EPEL-2025-d12b62c436)
Intrusive collections for Rust (linked list and red-black tree)
--------------------------------------------------------------------------------
Update Information:
uv 0.9.5
https://github.com/astral-sh/uv/blob/0.9.5/CHANGELOG.md
Since uv was built with astral-tokio-tar 0.5.6, this is a security fix for
CVE-2025-62518.
ruff 0.14.2
https://github.com/astral-sh/ruff/blob/0.14.2/CHANGELOG.md
rust-astral-tokio-tar 0.5.6
Fixed a parser desynchronization vulnerability when reading tar archives that
contain mismatched size information in PAX/ustar headers.
This vulnerability is being tracked as GHSA-j5gw-2vrg-8fgx
and CVE-2025-62518.
Initial packages for a number of new dependencies for ruff and uv, and initial
EPEL10 packages for a few of their dependencies.
Update rust-tikv-jemallocator and rust-tikv-jemalloc-sys to 0.6.1.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jul 25 2025 Fedora Release Engineering <[email protected]> -
0.9.7-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
* Sun Jan 19 2025 Fedora Release Engineering <[email protected]> -
0.9.7-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
* Tue Sep 17 2024 Fabio Valentini <[email protected]> - 0.9.7-1
- Update to version 0.9.7; Fixes RHBZ#2310229
* Fri Jul 19 2024 Fedora Release Engineering <[email protected]> -
0.9.6-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
* Wed Jul 10 2024 Oliver Steffen <[email protected]> - 0.9.6-1
- Initial import (fedora#2290692).
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2360699 - ruff-0.14.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2360699
[ 2 ] Bug #2402441 - rust-reqsign-core-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402441
[ 3 ] Bug #2402442 - rust-reqsign-command-execute-tokio-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402442
[ 4 ] Bug #2402443 - rust-reqsign-http-send-reqwest-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402443
[ 5 ] Bug #2402923 - uv-0.9.5 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402923
[ 6 ] Bug #2405468 - CVE-2025-62518 rust-astral-tokio-tar: astral-tokio-tar
Vulnerable to PAX Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405468
[ 7 ] Bug #2405469 - CVE-2025-62518 uv: astral-tokio-tar Vulnerable to PAX
Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405469
[ 8 ] Bug #2406135 - ruff-0.14.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2406135
--------------------------------------------------------------------------------
================================================================================
rust-macro_rules_attribute-0.2.2-2.el10_2 (FEDORA-EPEL-2025-d12b62c436)
Use declarative macros in attribute or derive position
--------------------------------------------------------------------------------
Update Information:
uv 0.9.5
https://github.com/astral-sh/uv/blob/0.9.5/CHANGELOG.md
Since uv was built with astral-tokio-tar 0.5.6, this is a security fix for
CVE-2025-62518.
ruff 0.14.2
https://github.com/astral-sh/ruff/blob/0.14.2/CHANGELOG.md
rust-astral-tokio-tar 0.5.6
Fixed a parser desynchronization vulnerability when reading tar archives that
contain mismatched size information in PAX/ustar headers.
This vulnerability is being tracked as GHSA-j5gw-2vrg-8fgx
and CVE-2025-62518.
Initial packages for a number of new dependencies for ruff and uv, and initial
EPEL10 packages for a few of their dependencies.
Update rust-tikv-jemallocator and rust-tikv-jemalloc-sys to 0.6.1.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jul 25 2025 Fedora Release Engineering <[email protected]> -
0.2.2-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
* Tue Jun 10 2025 Alexander F. Lent <[email protected]> - 0.2.2-1
- Initial Import (rhbz#2358542).
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2360699 - ruff-0.14.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2360699
[ 2 ] Bug #2402441 - rust-reqsign-core-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402441
[ 3 ] Bug #2402442 - rust-reqsign-command-execute-tokio-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402442
[ 4 ] Bug #2402443 - rust-reqsign-http-send-reqwest-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402443
[ 5 ] Bug #2402923 - uv-0.9.5 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402923
[ 6 ] Bug #2405468 - CVE-2025-62518 rust-astral-tokio-tar: astral-tokio-tar
Vulnerable to PAX Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405468
[ 7 ] Bug #2405469 - CVE-2025-62518 uv: astral-tokio-tar Vulnerable to PAX
Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405469
[ 8 ] Bug #2406135 - ruff-0.14.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2406135
--------------------------------------------------------------------------------
================================================================================
rust-macro_rules_attribute-proc_macro-0.2.2-2.el10_2
(FEDORA-EPEL-2025-d12b62c436)
Use declarative macros as proc_macro attributes or derives
--------------------------------------------------------------------------------
Update Information:
uv 0.9.5
https://github.com/astral-sh/uv/blob/0.9.5/CHANGELOG.md
Since uv was built with astral-tokio-tar 0.5.6, this is a security fix for
CVE-2025-62518.
ruff 0.14.2
https://github.com/astral-sh/ruff/blob/0.14.2/CHANGELOG.md
rust-astral-tokio-tar 0.5.6
Fixed a parser desynchronization vulnerability when reading tar archives that
contain mismatched size information in PAX/ustar headers.
This vulnerability is being tracked as GHSA-j5gw-2vrg-8fgx
and CVE-2025-62518.
Initial packages for a number of new dependencies for ruff and uv, and initial
EPEL10 packages for a few of their dependencies.
Update rust-tikv-jemallocator and rust-tikv-jemalloc-sys to 0.6.1.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jul 25 2025 Fedora Release Engineering <[email protected]> -
0.2.2-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
* Tue Jun 3 2025 Alexander F. Lent <[email protected]> - 0.2.2-1
- Update macro_rules_attribute-proc_macro to 0.2.2
* Tue Jun 3 2025 Alexander F. Lent <[email protected]> - 0.2.0-1
- Initial Import (rhbz#2358541).
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2360699 - ruff-0.14.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2360699
[ 2 ] Bug #2402441 - rust-reqsign-core-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402441
[ 3 ] Bug #2402442 - rust-reqsign-command-execute-tokio-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402442
[ 4 ] Bug #2402443 - rust-reqsign-http-send-reqwest-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402443
[ 5 ] Bug #2402923 - uv-0.9.5 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402923
[ 6 ] Bug #2405468 - CVE-2025-62518 rust-astral-tokio-tar: astral-tokio-tar
Vulnerable to PAX Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405468
[ 7 ] Bug #2405469 - CVE-2025-62518 uv: astral-tokio-tar Vulnerable to PAX
Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405469
[ 8 ] Bug #2406135 - ruff-0.14.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2406135
--------------------------------------------------------------------------------
================================================================================
rust-manyhow-0.11.4-1.el10_2 (FEDORA-EPEL-2025-d12b62c436)
Proc macro error handling à la anyhow x proc-macro-error
--------------------------------------------------------------------------------
Update Information:
uv 0.9.5
https://github.com/astral-sh/uv/blob/0.9.5/CHANGELOG.md
Since uv was built with astral-tokio-tar 0.5.6, this is a security fix for
CVE-2025-62518.
ruff 0.14.2
https://github.com/astral-sh/ruff/blob/0.14.2/CHANGELOG.md
rust-astral-tokio-tar 0.5.6
Fixed a parser desynchronization vulnerability when reading tar archives that
contain mismatched size information in PAX/ustar headers.
This vulnerability is being tracked as GHSA-j5gw-2vrg-8fgx
and CVE-2025-62518.
Initial packages for a number of new dependencies for ruff and uv, and initial
EPEL10 packages for a few of their dependencies.
Update rust-tikv-jemallocator and rust-tikv-jemalloc-sys to 0.6.1.
--------------------------------------------------------------------------------
ChangeLog:
* Sat Oct 4 2025 Benjamin A. Beasley <[email protected]> - 0.11.4-1
- Initial package (close RHBZ#2398062)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2360699 - ruff-0.14.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2360699
[ 2 ] Bug #2402441 - rust-reqsign-core-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402441
[ 3 ] Bug #2402442 - rust-reqsign-command-execute-tokio-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402442
[ 4 ] Bug #2402443 - rust-reqsign-http-send-reqwest-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402443
[ 5 ] Bug #2402923 - uv-0.9.5 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402923
[ 6 ] Bug #2405468 - CVE-2025-62518 rust-astral-tokio-tar: astral-tokio-tar
Vulnerable to PAX Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405468
[ 7 ] Bug #2405469 - CVE-2025-62518 uv: astral-tokio-tar Vulnerable to PAX
Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405469
[ 8 ] Bug #2406135 - ruff-0.14.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2406135
--------------------------------------------------------------------------------
================================================================================
rust-manyhow-macros-0.11.4-1.el10_2 (FEDORA-EPEL-2025-d12b62c436)
Macro for manyhow
--------------------------------------------------------------------------------
Update Information:
uv 0.9.5
https://github.com/astral-sh/uv/blob/0.9.5/CHANGELOG.md
Since uv was built with astral-tokio-tar 0.5.6, this is a security fix for
CVE-2025-62518.
ruff 0.14.2
https://github.com/astral-sh/ruff/blob/0.14.2/CHANGELOG.md
rust-astral-tokio-tar 0.5.6
Fixed a parser desynchronization vulnerability when reading tar archives that
contain mismatched size information in PAX/ustar headers.
This vulnerability is being tracked as GHSA-j5gw-2vrg-8fgx
and CVE-2025-62518.
Initial packages for a number of new dependencies for ruff and uv, and initial
EPEL10 packages for a few of their dependencies.
Update rust-tikv-jemallocator and rust-tikv-jemalloc-sys to 0.6.1.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 2 2025 Benjamin A. Beasley <[email protected]> - 0.11.4-1
- Initial package (close RHBZ#2398059)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2360699 - ruff-0.14.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2360699
[ 2 ] Bug #2402441 - rust-reqsign-core-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402441
[ 3 ] Bug #2402442 - rust-reqsign-command-execute-tokio-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402442
[ 4 ] Bug #2402443 - rust-reqsign-http-send-reqwest-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402443
[ 5 ] Bug #2402923 - uv-0.9.5 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402923
[ 6 ] Bug #2405468 - CVE-2025-62518 rust-astral-tokio-tar: astral-tokio-tar
Vulnerable to PAX Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405468
[ 7 ] Bug #2405469 - CVE-2025-62518 uv: astral-tokio-tar Vulnerable to PAX
Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405469
[ 8 ] Bug #2406135 - ruff-0.14.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2406135
--------------------------------------------------------------------------------
================================================================================
rust-ordered-multimap-0.7.3-2.el10_2 (FEDORA-EPEL-2025-d12b62c436)
Insertion ordered multimap
--------------------------------------------------------------------------------
Update Information:
uv 0.9.5
https://github.com/astral-sh/uv/blob/0.9.5/CHANGELOG.md
Since uv was built with astral-tokio-tar 0.5.6, this is a security fix for
CVE-2025-62518.
ruff 0.14.2
https://github.com/astral-sh/ruff/blob/0.14.2/CHANGELOG.md
rust-astral-tokio-tar 0.5.6
Fixed a parser desynchronization vulnerability when reading tar archives that
contain mismatched size information in PAX/ustar headers.
This vulnerability is being tracked as GHSA-j5gw-2vrg-8fgx
and CVE-2025-62518.
Initial packages for a number of new dependencies for ruff and uv, and initial
EPEL10 packages for a few of their dependencies.
Update rust-tikv-jemallocator and rust-tikv-jemalloc-sys to 0.6.1.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jul 25 2025 Fedora Release Engineering <[email protected]> -
0.7.3-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
* Thu May 1 2025 Cristian Le <[email protected]> - 0.7.3-1
- Update to version 0.7.3; Fixes RHBZ#1976416
* Sun Jan 19 2025 Fedora Release Engineering <[email protected]> -
0.4.3-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
* Sat Jul 20 2024 Fedora Release Engineering <[email protected]> -
0.4.3-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
* Fri Jan 26 2024 Fedora Release Engineering <[email protected]> -
0.4.3-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2360699 - ruff-0.14.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2360699
[ 2 ] Bug #2402441 - rust-reqsign-core-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402441
[ 3 ] Bug #2402442 - rust-reqsign-command-execute-tokio-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402442
[ 4 ] Bug #2402443 - rust-reqsign-http-send-reqwest-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402443
[ 5 ] Bug #2402923 - uv-0.9.5 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402923
[ 6 ] Bug #2405468 - CVE-2025-62518 rust-astral-tokio-tar: astral-tokio-tar
Vulnerable to PAX Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405468
[ 7 ] Bug #2405469 - CVE-2025-62518 uv: astral-tokio-tar Vulnerable to PAX
Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405469
[ 8 ] Bug #2406135 - ruff-0.14.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2406135
--------------------------------------------------------------------------------
================================================================================
rust-proc-macro-utils-0.10.0-1.el10_2 (FEDORA-EPEL-2025-d12b62c436)
Low-level utilities on proc-macro and proc-macro2 types
--------------------------------------------------------------------------------
Update Information:
uv 0.9.5
https://github.com/astral-sh/uv/blob/0.9.5/CHANGELOG.md
Since uv was built with astral-tokio-tar 0.5.6, this is a security fix for
CVE-2025-62518.
ruff 0.14.2
https://github.com/astral-sh/ruff/blob/0.14.2/CHANGELOG.md
rust-astral-tokio-tar 0.5.6
Fixed a parser desynchronization vulnerability when reading tar archives that
contain mismatched size information in PAX/ustar headers.
This vulnerability is being tracked as GHSA-j5gw-2vrg-8fgx
and CVE-2025-62518.
Initial packages for a number of new dependencies for ruff and uv, and initial
EPEL10 packages for a few of their dependencies.
Update rust-tikv-jemallocator and rust-tikv-jemalloc-sys to 0.6.1.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Sep 29 2025 Benjamin A. Beasley <[email protected]> - 0.10.0-1
- Initial package (close RHBZ#2398050)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2360699 - ruff-0.14.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2360699
[ 2 ] Bug #2402441 - rust-reqsign-core-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402441
[ 3 ] Bug #2402442 - rust-reqsign-command-execute-tokio-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402442
[ 4 ] Bug #2402443 - rust-reqsign-http-send-reqwest-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402443
[ 5 ] Bug #2402923 - uv-0.9.5 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402923
[ 6 ] Bug #2405468 - CVE-2025-62518 rust-astral-tokio-tar: astral-tokio-tar
Vulnerable to PAX Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405468
[ 7 ] Bug #2405469 - CVE-2025-62518 uv: astral-tokio-tar Vulnerable to PAX
Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405469
[ 8 ] Bug #2406135 - ruff-0.14.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2406135
--------------------------------------------------------------------------------
================================================================================
rust-quote-use-0.8.4-2.el10_2 (FEDORA-EPEL-2025-d12b62c436)
Support use in procmacros hygienically
--------------------------------------------------------------------------------
Update Information:
uv 0.9.5
https://github.com/astral-sh/uv/blob/0.9.5/CHANGELOG.md
Since uv was built with astral-tokio-tar 0.5.6, this is a security fix for
CVE-2025-62518.
ruff 0.14.2
https://github.com/astral-sh/ruff/blob/0.14.2/CHANGELOG.md
rust-astral-tokio-tar 0.5.6
Fixed a parser desynchronization vulnerability when reading tar archives that
contain mismatched size information in PAX/ustar headers.
This vulnerability is being tracked as GHSA-j5gw-2vrg-8fgx
and CVE-2025-62518.
Initial packages for a number of new dependencies for ruff and uv, and initial
EPEL10 packages for a few of their dependencies.
Update rust-tikv-jemallocator and rust-tikv-jemalloc-sys to 0.6.1.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Oct 7 2025 Benjamin A. Beasley <[email protected]> - 0.8.4-2
- Omit several unused dev-dependencies
* Sat Oct 4 2025 Benjamin A. Beasley <[email protected]> - 0.8.4-1
- Initial package (close RHBZ#2398057)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2360699 - ruff-0.14.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2360699
[ 2 ] Bug #2402441 - rust-reqsign-core-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402441
[ 3 ] Bug #2402442 - rust-reqsign-command-execute-tokio-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402442
[ 4 ] Bug #2402443 - rust-reqsign-http-send-reqwest-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402443
[ 5 ] Bug #2402923 - uv-0.9.5 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402923
[ 6 ] Bug #2405468 - CVE-2025-62518 rust-astral-tokio-tar: astral-tokio-tar
Vulnerable to PAX Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405468
[ 7 ] Bug #2405469 - CVE-2025-62518 uv: astral-tokio-tar Vulnerable to PAX
Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405469
[ 8 ] Bug #2406135 - ruff-0.14.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2406135
--------------------------------------------------------------------------------
================================================================================
rust-quote-use-macros-0.8.4-1.el10_2 (FEDORA-EPEL-2025-d12b62c436)
Support use in procmacros hygienically
--------------------------------------------------------------------------------
Update Information:
uv 0.9.5
https://github.com/astral-sh/uv/blob/0.9.5/CHANGELOG.md
Since uv was built with astral-tokio-tar 0.5.6, this is a security fix for
CVE-2025-62518.
ruff 0.14.2
https://github.com/astral-sh/ruff/blob/0.14.2/CHANGELOG.md
rust-astral-tokio-tar 0.5.6
Fixed a parser desynchronization vulnerability when reading tar archives that
contain mismatched size information in PAX/ustar headers.
This vulnerability is being tracked as GHSA-j5gw-2vrg-8fgx
and CVE-2025-62518.
Initial packages for a number of new dependencies for ruff and uv, and initial
EPEL10 packages for a few of their dependencies.
Update rust-tikv-jemallocator and rust-tikv-jemalloc-sys to 0.6.1.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 2 2025 Benjamin A. Beasley <[email protected]> - 0.8.4-1
- Initial package (close RHBZ#2398054)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2360699 - ruff-0.14.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2360699
[ 2 ] Bug #2402441 - rust-reqsign-core-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402441
[ 3 ] Bug #2402442 - rust-reqsign-command-execute-tokio-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402442
[ 4 ] Bug #2402443 - rust-reqsign-http-send-reqwest-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402443
[ 5 ] Bug #2402923 - uv-0.9.5 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402923
[ 6 ] Bug #2405468 - CVE-2025-62518 rust-astral-tokio-tar: astral-tokio-tar
Vulnerable to PAX Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405468
[ 7 ] Bug #2405469 - CVE-2025-62518 uv: astral-tokio-tar Vulnerable to PAX
Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405469
[ 8 ] Bug #2406135 - ruff-0.14.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2406135
--------------------------------------------------------------------------------
================================================================================
rust-reqsign-0.18.0-1.el10_2 (FEDORA-EPEL-2025-d12b62c436)
Signing HTTP requests for popular cloud services
--------------------------------------------------------------------------------
Update Information:
uv 0.9.5
https://github.com/astral-sh/uv/blob/0.9.5/CHANGELOG.md
Since uv was built with astral-tokio-tar 0.5.6, this is a security fix for
CVE-2025-62518.
ruff 0.14.2
https://github.com/astral-sh/ruff/blob/0.14.2/CHANGELOG.md
rust-astral-tokio-tar 0.5.6
Fixed a parser desynchronization vulnerability when reading tar archives that
contain mismatched size information in PAX/ustar headers.
This vulnerability is being tracked as GHSA-j5gw-2vrg-8fgx
and CVE-2025-62518.
Initial packages for a number of new dependencies for ruff and uv, and initial
EPEL10 packages for a few of their dependencies.
Update rust-tikv-jemallocator and rust-tikv-jemalloc-sys to 0.6.1.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 23 2025 Benjamin A. Beasley <[email protected]> - 0.18.0-1
- Update to version 0.18.0
* Wed Oct 22 2025 Benjamin A. Beasley <[email protected]> - 0.17.0-1
- Initial package (close RHBZ#2400218)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2360699 - ruff-0.14.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2360699
[ 2 ] Bug #2402441 - rust-reqsign-core-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402441
[ 3 ] Bug #2402442 - rust-reqsign-command-execute-tokio-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402442
[ 4 ] Bug #2402443 - rust-reqsign-http-send-reqwest-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402443
[ 5 ] Bug #2402923 - uv-0.9.5 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402923
[ 6 ] Bug #2405468 - CVE-2025-62518 rust-astral-tokio-tar: astral-tokio-tar
Vulnerable to PAX Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405468
[ 7 ] Bug #2405469 - CVE-2025-62518 uv: astral-tokio-tar Vulnerable to PAX
Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405469
[ 8 ] Bug #2406135 - ruff-0.14.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2406135
--------------------------------------------------------------------------------
================================================================================
rust-reqsign-aws-v4-2.0.0-1.el10_2 (FEDORA-EPEL-2025-d12b62c436)
AWS SigV4 signing implementation for reqsign
--------------------------------------------------------------------------------
Update Information:
uv 0.9.5
https://github.com/astral-sh/uv/blob/0.9.5/CHANGELOG.md
Since uv was built with astral-tokio-tar 0.5.6, this is a security fix for
CVE-2025-62518.
ruff 0.14.2
https://github.com/astral-sh/ruff/blob/0.14.2/CHANGELOG.md
rust-astral-tokio-tar 0.5.6
Fixed a parser desynchronization vulnerability when reading tar archives that
contain mismatched size information in PAX/ustar headers.
This vulnerability is being tracked as GHSA-j5gw-2vrg-8fgx
and CVE-2025-62518.
Initial packages for a number of new dependencies for ruff and uv, and initial
EPEL10 packages for a few of their dependencies.
Update rust-tikv-jemallocator and rust-tikv-jemalloc-sys to 0.6.1.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 23 2025 Benjamin A. Beasley <[email protected]> - 2.0.0-1
- Update to version 2.0.0
* Sat Oct 11 2025 Benjamin A. Beasley <[email protected]> - 1.0.0-1
- Initial package (close RHBZ#2400195)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2360699 - ruff-0.14.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2360699
[ 2 ] Bug #2402441 - rust-reqsign-core-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402441
[ 3 ] Bug #2402442 - rust-reqsign-command-execute-tokio-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402442
[ 4 ] Bug #2402443 - rust-reqsign-http-send-reqwest-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402443
[ 5 ] Bug #2402923 - uv-0.9.5 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402923
[ 6 ] Bug #2405468 - CVE-2025-62518 rust-astral-tokio-tar: astral-tokio-tar
Vulnerable to PAX Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405468
[ 7 ] Bug #2405469 - CVE-2025-62518 uv: astral-tokio-tar Vulnerable to PAX
Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405469
[ 8 ] Bug #2406135 - ruff-0.14.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2406135
--------------------------------------------------------------------------------
================================================================================
rust-reqsign-command-execute-tokio-2.0.0-1.el10_2 (FEDORA-EPEL-2025-d12b62c436)
Tokio-based command execution implementation for reqsign
--------------------------------------------------------------------------------
Update Information:
uv 0.9.5
https://github.com/astral-sh/uv/blob/0.9.5/CHANGELOG.md
Since uv was built with astral-tokio-tar 0.5.6, this is a security fix for
CVE-2025-62518.
ruff 0.14.2
https://github.com/astral-sh/ruff/blob/0.14.2/CHANGELOG.md
rust-astral-tokio-tar 0.5.6
Fixed a parser desynchronization vulnerability when reading tar archives that
contain mismatched size information in PAX/ustar headers.
This vulnerability is being tracked as GHSA-j5gw-2vrg-8fgx
and CVE-2025-62518.
Initial packages for a number of new dependencies for ruff and uv, and initial
EPEL10 packages for a few of their dependencies.
Update rust-tikv-jemallocator and rust-tikv-jemalloc-sys to 0.6.1.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 23 2025 Benjamin A. Beasley <[email protected]> - 2.0.0-1
- Update to version 2.0.0; Fixes RHBZ#2402442
* Thu Oct 2 2025 Benjamin A. Beasley <[email protected]> - 1.0.0-1
- Initial package (close RHBZ#2400111)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2360699 - ruff-0.14.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2360699
[ 2 ] Bug #2402441 - rust-reqsign-core-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402441
[ 3 ] Bug #2402442 - rust-reqsign-command-execute-tokio-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402442
[ 4 ] Bug #2402443 - rust-reqsign-http-send-reqwest-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402443
[ 5 ] Bug #2402923 - uv-0.9.5 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402923
[ 6 ] Bug #2405468 - CVE-2025-62518 rust-astral-tokio-tar: astral-tokio-tar
Vulnerable to PAX Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405468
[ 7 ] Bug #2405469 - CVE-2025-62518 uv: astral-tokio-tar Vulnerable to PAX
Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405469
[ 8 ] Bug #2406135 - ruff-0.14.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2406135
--------------------------------------------------------------------------------
================================================================================
rust-reqsign-core-2.0.0-1.el10_2 (FEDORA-EPEL-2025-d12b62c436)
Signing API requests without effort
--------------------------------------------------------------------------------
Update Information:
uv 0.9.5
https://github.com/astral-sh/uv/blob/0.9.5/CHANGELOG.md
Since uv was built with astral-tokio-tar 0.5.6, this is a security fix for
CVE-2025-62518.
ruff 0.14.2
https://github.com/astral-sh/ruff/blob/0.14.2/CHANGELOG.md
rust-astral-tokio-tar 0.5.6
Fixed a parser desynchronization vulnerability when reading tar archives that
contain mismatched size information in PAX/ustar headers.
This vulnerability is being tracked as GHSA-j5gw-2vrg-8fgx
and CVE-2025-62518.
Initial packages for a number of new dependencies for ruff and uv, and initial
EPEL10 packages for a few of their dependencies.
Update rust-tikv-jemallocator and rust-tikv-jemalloc-sys to 0.6.1.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 23 2025 Benjamin A. Beasley <[email protected]> - 2.0.0-1
- Update to version 2.0.0; Fixes RHBZ#2402441
* Tue Sep 30 2025 Benjamin A. Beasley <[email protected]> - 1.0.0-1
- Initial package (close RHBZ#2400096)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2360699 - ruff-0.14.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2360699
[ 2 ] Bug #2402441 - rust-reqsign-core-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402441
[ 3 ] Bug #2402442 - rust-reqsign-command-execute-tokio-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402442
[ 4 ] Bug #2402443 - rust-reqsign-http-send-reqwest-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402443
[ 5 ] Bug #2402923 - uv-0.9.5 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402923
[ 6 ] Bug #2405468 - CVE-2025-62518 rust-astral-tokio-tar: astral-tokio-tar
Vulnerable to PAX Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405468
[ 7 ] Bug #2405469 - CVE-2025-62518 uv: astral-tokio-tar Vulnerable to PAX
Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405469
[ 8 ] Bug #2406135 - ruff-0.14.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2406135
--------------------------------------------------------------------------------
================================================================================
rust-reqsign-file-read-tokio-2.0.0-1.el10_2 (FEDORA-EPEL-2025-d12b62c436)
Tokio-based file reader implementation for reqsign
--------------------------------------------------------------------------------
Update Information:
uv 0.9.5
https://github.com/astral-sh/uv/blob/0.9.5/CHANGELOG.md
Since uv was built with astral-tokio-tar 0.5.6, this is a security fix for
CVE-2025-62518.
ruff 0.14.2
https://github.com/astral-sh/ruff/blob/0.14.2/CHANGELOG.md
rust-astral-tokio-tar 0.5.6
Fixed a parser desynchronization vulnerability when reading tar archives that
contain mismatched size information in PAX/ustar headers.
This vulnerability is being tracked as GHSA-j5gw-2vrg-8fgx
and CVE-2025-62518.
Initial packages for a number of new dependencies for ruff and uv, and initial
EPEL10 packages for a few of their dependencies.
Update rust-tikv-jemallocator and rust-tikv-jemalloc-sys to 0.6.1.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 23 2025 Benjamin A. Beasley <[email protected]> - 2.0.0-1
- Update to version 2.0.0
* Wed Oct 8 2025 Benjamin A. Beasley <[email protected]> - 1.0.0-1
- Initial package (close RHBZ#2400101)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2360699 - ruff-0.14.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2360699
[ 2 ] Bug #2402441 - rust-reqsign-core-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402441
[ 3 ] Bug #2402442 - rust-reqsign-command-execute-tokio-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402442
[ 4 ] Bug #2402443 - rust-reqsign-http-send-reqwest-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402443
[ 5 ] Bug #2402923 - uv-0.9.5 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402923
[ 6 ] Bug #2405468 - CVE-2025-62518 rust-astral-tokio-tar: astral-tokio-tar
Vulnerable to PAX Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405468
[ 7 ] Bug #2405469 - CVE-2025-62518 uv: astral-tokio-tar Vulnerable to PAX
Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405469
[ 8 ] Bug #2406135 - ruff-0.14.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2406135
--------------------------------------------------------------------------------
================================================================================
rust-reqsign-http-send-reqwest-2.0.0-1.el10_2 (FEDORA-EPEL-2025-d12b62c436)
Reqwest-based HTTP client implementation for reqsign
--------------------------------------------------------------------------------
Update Information:
uv 0.9.5
https://github.com/astral-sh/uv/blob/0.9.5/CHANGELOG.md
Since uv was built with astral-tokio-tar 0.5.6, this is a security fix for
CVE-2025-62518.
ruff 0.14.2
https://github.com/astral-sh/ruff/blob/0.14.2/CHANGELOG.md
rust-astral-tokio-tar 0.5.6
Fixed a parser desynchronization vulnerability when reading tar archives that
contain mismatched size information in PAX/ustar headers.
This vulnerability is being tracked as GHSA-j5gw-2vrg-8fgx
and CVE-2025-62518.
Initial packages for a number of new dependencies for ruff and uv, and initial
EPEL10 packages for a few of their dependencies.
Update rust-tikv-jemallocator and rust-tikv-jemalloc-sys to 0.6.1.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 23 2025 Benjamin A. Beasley <[email protected]> - 2.0.0-1
- Update to version 2.0.0; Fixes RHBZ#2402443
* Thu Oct 2 2025 Benjamin A. Beasley <[email protected]> - 1.0.0-1
- Initial package (close RHBZ#2400100)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2360699 - ruff-0.14.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2360699
[ 2 ] Bug #2402441 - rust-reqsign-core-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402441
[ 3 ] Bug #2402442 - rust-reqsign-command-execute-tokio-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402442
[ 4 ] Bug #2402443 - rust-reqsign-http-send-reqwest-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402443
[ 5 ] Bug #2402923 - uv-0.9.5 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402923
[ 6 ] Bug #2405468 - CVE-2025-62518 rust-astral-tokio-tar: astral-tokio-tar
Vulnerable to PAX Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405468
[ 7 ] Bug #2405469 - CVE-2025-62518 uv: astral-tokio-tar Vulnerable to PAX
Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405469
[ 8 ] Bug #2406135 - ruff-0.14.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2406135
--------------------------------------------------------------------------------
================================================================================
rust-rust-ini-0.21.3-1.el10_2 (FEDORA-EPEL-2025-d12b62c436)
Ini configuration file parsing library in Rust
--------------------------------------------------------------------------------
Update Information:
uv 0.9.5
https://github.com/astral-sh/uv/blob/0.9.5/CHANGELOG.md
Since uv was built with astral-tokio-tar 0.5.6, this is a security fix for
CVE-2025-62518.
ruff 0.14.2
https://github.com/astral-sh/ruff/blob/0.14.2/CHANGELOG.md
rust-astral-tokio-tar 0.5.6
Fixed a parser desynchronization vulnerability when reading tar archives that
contain mismatched size information in PAX/ustar headers.
This vulnerability is being tracked as GHSA-j5gw-2vrg-8fgx
and CVE-2025-62518.
Initial packages for a number of new dependencies for ruff and uv, and initial
EPEL10 packages for a few of their dependencies.
Update rust-tikv-jemallocator and rust-tikv-jemalloc-sys to 0.6.1.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Oct 22 2025 Fabio Valentini <[email protected]> - 0.21.3-1
- Update to version 0.21.3; Fixes RHBZ#2392154
* Fri Jul 25 2025 Fedora Release Engineering <[email protected]> -
0.21.2-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
* Tue Jul 8 2025 Fabio Valentini <[email protected]> - 0.21.2-1
- Update to version 0.21.2; Fixes RHBZ#2375939
* Thu May 1 2025 Cristian Le <[email protected]> - 0.21.1-1
- Update to version 0.21.1; Fixes RHBZ#2193253
* Sun Jan 19 2025 Fedora Release Engineering <[email protected]> -
0.18.0-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
* Sat Jul 20 2024 Fedora Release Engineering <[email protected]> -
0.18.0-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
* Fri Jan 26 2024 Fedora Release Engineering <[email protected]> -
0.18.0-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2360699 - ruff-0.14.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2360699
[ 2 ] Bug #2402441 - rust-reqsign-core-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402441
[ 3 ] Bug #2402442 - rust-reqsign-command-execute-tokio-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402442
[ 4 ] Bug #2402443 - rust-reqsign-http-send-reqwest-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402443
[ 5 ] Bug #2402923 - uv-0.9.5 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402923
[ 6 ] Bug #2405468 - CVE-2025-62518 rust-astral-tokio-tar: astral-tokio-tar
Vulnerable to PAX Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405468
[ 7 ] Bug #2405469 - CVE-2025-62518 uv: astral-tokio-tar Vulnerable to PAX
Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405469
[ 8 ] Bug #2406135 - ruff-0.14.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2406135
--------------------------------------------------------------------------------
================================================================================
rust-tikv-jemalloc-sys-0.6.1-1.el10_2 (FEDORA-EPEL-2025-d12b62c436)
Rust FFI bindings to jemalloc
--------------------------------------------------------------------------------
Update Information:
uv 0.9.5
https://github.com/astral-sh/uv/blob/0.9.5/CHANGELOG.md
Since uv was built with astral-tokio-tar 0.5.6, this is a security fix for
CVE-2025-62518.
ruff 0.14.2
https://github.com/astral-sh/ruff/blob/0.14.2/CHANGELOG.md
rust-astral-tokio-tar 0.5.6
Fixed a parser desynchronization vulnerability when reading tar archives that
contain mismatched size information in PAX/ustar headers.
This vulnerability is being tracked as GHSA-j5gw-2vrg-8fgx
and CVE-2025-62518.
Initial packages for a number of new dependencies for ruff and uv, and initial
EPEL10 packages for a few of their dependencies.
Update rust-tikv-jemallocator and rust-tikv-jemalloc-sys to 0.6.1.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 16 2025 Benjamin A. Beasley <[email protected]> - 0.6.1-1
- Update to version 0.6.1
* Fri Jul 25 2025 Fedora Release Engineering <[email protected]> -
0.6.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2360699 - ruff-0.14.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2360699
[ 2 ] Bug #2402441 - rust-reqsign-core-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402441
[ 3 ] Bug #2402442 - rust-reqsign-command-execute-tokio-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402442
[ 4 ] Bug #2402443 - rust-reqsign-http-send-reqwest-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402443
[ 5 ] Bug #2402923 - uv-0.9.5 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402923
[ 6 ] Bug #2405468 - CVE-2025-62518 rust-astral-tokio-tar: astral-tokio-tar
Vulnerable to PAX Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405468
[ 7 ] Bug #2405469 - CVE-2025-62518 uv: astral-tokio-tar Vulnerable to PAX
Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405469
[ 8 ] Bug #2406135 - ruff-0.14.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2406135
--------------------------------------------------------------------------------
================================================================================
rust-tikv-jemallocator-0.6.1-1.el10_2 (FEDORA-EPEL-2025-d12b62c436)
Rust allocator backed by jemalloc
--------------------------------------------------------------------------------
Update Information:
uv 0.9.5
https://github.com/astral-sh/uv/blob/0.9.5/CHANGELOG.md
Since uv was built with astral-tokio-tar 0.5.6, this is a security fix for
CVE-2025-62518.
ruff 0.14.2
https://github.com/astral-sh/ruff/blob/0.14.2/CHANGELOG.md
rust-astral-tokio-tar 0.5.6
Fixed a parser desynchronization vulnerability when reading tar archives that
contain mismatched size information in PAX/ustar headers.
This vulnerability is being tracked as GHSA-j5gw-2vrg-8fgx
and CVE-2025-62518.
Initial packages for a number of new dependencies for ruff and uv, and initial
EPEL10 packages for a few of their dependencies.
Update rust-tikv-jemallocator and rust-tikv-jemalloc-sys to 0.6.1.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 16 2025 Benjamin A. Beasley <[email protected]> - 0.6.1-1
- Update to version 0.6.1; Fixes RHBZ#2404523
* Fri Jul 25 2025 Fedora Release Engineering <[email protected]> -
0.6.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2360699 - ruff-0.14.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2360699
[ 2 ] Bug #2402441 - rust-reqsign-core-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402441
[ 3 ] Bug #2402442 - rust-reqsign-command-execute-tokio-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402442
[ 4 ] Bug #2402443 - rust-reqsign-http-send-reqwest-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402443
[ 5 ] Bug #2402923 - uv-0.9.5 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402923
[ 6 ] Bug #2405468 - CVE-2025-62518 rust-astral-tokio-tar: astral-tokio-tar
Vulnerable to PAX Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405468
[ 7 ] Bug #2405469 - CVE-2025-62518 uv: astral-tokio-tar Vulnerable to PAX
Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405469
[ 8 ] Bug #2406135 - ruff-0.14.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2406135
--------------------------------------------------------------------------------
================================================================================
rust-trybuild2-1.2.0-5.el10_2 (FEDORA-EPEL-2025-d12b62c436)
Test harness for ui tests of compiler diagnostics
--------------------------------------------------------------------------------
Update Information:
uv 0.9.5
https://github.com/astral-sh/uv/blob/0.9.5/CHANGELOG.md
Since uv was built with astral-tokio-tar 0.5.6, this is a security fix for
CVE-2025-62518.
ruff 0.14.2
https://github.com/astral-sh/ruff/blob/0.14.2/CHANGELOG.md
rust-astral-tokio-tar 0.5.6
Fixed a parser desynchronization vulnerability when reading tar archives that
contain mismatched size information in PAX/ustar headers.
This vulnerability is being tracked as GHSA-j5gw-2vrg-8fgx
and CVE-2025-62518.
Initial packages for a number of new dependencies for ruff and uv, and initial
EPEL10 packages for a few of their dependencies.
Update rust-tikv-jemallocator and rust-tikv-jemalloc-sys to 0.6.1.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jul 25 2025 Fedora Release Engineering <[email protected]> -
1.2.0-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
* Sun Jan 19 2025 Fedora Release Engineering <[email protected]> -
1.2.0-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
* Sat Jul 20 2024 Fedora Release Engineering <[email protected]> -
1.2.0-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
* Sat Jan 27 2024 Fedora Release Engineering <[email protected]> -
1.2.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Thu Jan 11 2024 Fabio Valentini <[email protected]> - 1.2.0-1
- Update to version 1.2.0; Fixes RHBZ#2253010
* Thu Jul 27 2023 Fabio Valentini <[email protected]> - 1.1.0-1
- Update to version 1.1.0; Fixes RHBZ#2224729
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2360699 - ruff-0.14.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2360699
[ 2 ] Bug #2402441 - rust-reqsign-core-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402441
[ 3 ] Bug #2402442 - rust-reqsign-command-execute-tokio-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402442
[ 4 ] Bug #2402443 - rust-reqsign-http-send-reqwest-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402443
[ 5 ] Bug #2402923 - uv-0.9.5 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402923
[ 6 ] Bug #2405468 - CVE-2025-62518 rust-astral-tokio-tar: astral-tokio-tar
Vulnerable to PAX Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405468
[ 7 ] Bug #2405469 - CVE-2025-62518 uv: astral-tokio-tar Vulnerable to PAX
Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405469
[ 8 ] Bug #2406135 - ruff-0.14.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2406135
--------------------------------------------------------------------------------
================================================================================
uv-0.9.5-1.el10_2 (FEDORA-EPEL-2025-d12b62c436)
An extremely fast Python package installer and resolver, written in Rust
--------------------------------------------------------------------------------
Update Information:
uv 0.9.5
https://github.com/astral-sh/uv/blob/0.9.5/CHANGELOG.md
Since uv was built with astral-tokio-tar 0.5.6, this is a security fix for
CVE-2025-62518.
ruff 0.14.2
https://github.com/astral-sh/ruff/blob/0.14.2/CHANGELOG.md
rust-astral-tokio-tar 0.5.6
Fixed a parser desynchronization vulnerability when reading tar archives that
contain mismatched size information in PAX/ustar headers.
This vulnerability is being tracked as GHSA-j5gw-2vrg-8fgx
and CVE-2025-62518.
Initial packages for a number of new dependencies for ruff and uv, and initial
EPEL10 packages for a few of their dependencies.
Update rust-tikv-jemallocator and rust-tikv-jemalloc-sys to 0.6.1.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Oct 24 2025 Benjamin A. Beasley <[email protected]> - 0.9.5-1
- Update to 0.9.5 (close RHBZ#2402923)
* Fri Oct 24 2025 Benjamin A. Beasley <[email protected]> - 0.9.4-1
- Update to 0.9.4
* Fri Oct 24 2025 Benjamin A. Beasley <[email protected]> - 0.9.3-1
- Update to 0.9.3
* Fri Oct 24 2025 Benjamin A. Beasley <[email protected]> - 0.9.2-1
- Update to 0.9.2
* Fri Oct 24 2025 Benjamin A. Beasley <[email protected]> - 0.9.1-1
- Update to 0.9.1
* Fri Oct 24 2025 Benjamin A. Beasley <[email protected]> - 0.9.0-1
- Update to 0.9.0
* Thu Oct 23 2025 Benjamin A. Beasley <[email protected]> - 0.8.24-4
- Try to work around âtoo many open filesâ on 192-core builders
* Thu Oct 23 2025 Benjamin A. Beasley <[email protected]> - 0.8.24-3
- Revert "Allow hashbrown 0.15 (for EPEL10.1)"
* Thu Oct 23 2025 Benjamin A. Beasley <[email protected]> - 0.8.24-2
- Allow hashbrown 0.15 (for EPEL10.1)
* Wed Oct 22 2025 Benjamin A. Beasley <[email protected]> - 0.8.24-1
- Update to 0.8.24
* Wed Oct 22 2025 Benjamin A. Beasley <[email protected]> - 0.8.23-1
- Update to 0.8.23
* Wed Oct 22 2025 Benjamin A. Beasley <[email protected]> - 0.8.22-1
- Update to 0.8.22
* Wed Oct 22 2025 Benjamin A. Beasley <[email protected]> - 0.8.21-1
- Update to 0.8.21
* Thu Oct 16 2025 Gordon Messmer <[email protected]> - 0.8.20-2
- Use rpm's native resource tunable to limit parallelism.
* Mon Sep 29 2025 Benjamin A. Beasley <[email protected]> - 0.8.20-1
- Update to 0.8.20 (close RHBZ#2389326)
* Mon Sep 29 2025 Benjamin A. Beasley <[email protected]> - 0.8.19-1
- Update to 0.8.19
* Mon Sep 29 2025 Benjamin A. Beasley <[email protected]> - 0.8.18-1
- Update to 0.8.18
* Sun Sep 28 2025 Benjamin A. Beasley <[email protected]> - 0.8.17-1
- Update to 0.8.17
* Sun Sep 28 2025 Benjamin A. Beasley <[email protected]> - 0.8.16-1
- Update to 0.8.16
* Sun Sep 28 2025 Benjamin A. Beasley <[email protected]> - 0.8.15-1
- Update to 0.8.15
* Sun Sep 28 2025 Benjamin A. Beasley <[email protected]> - 0.8.14-1
- Update to 0.8.14
* Sun Sep 28 2025 Benjamin A. Beasley <[email protected]> - 0.8.13-1
- Update to 0.8.13
* Sun Sep 28 2025 Benjamin A. Beasley <[email protected]> - 0.8.12-1
- Update to 0.8.12
* Sun Sep 28 2025 Benjamin A. Beasley <[email protected]> - 0.8.11-5
- Use the bundled reqwest-middleware, too
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2360699 - ruff-0.14.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2360699
[ 2 ] Bug #2402441 - rust-reqsign-core-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402441
[ 3 ] Bug #2402442 - rust-reqsign-command-execute-tokio-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402442
[ 4 ] Bug #2402443 - rust-reqsign-http-send-reqwest-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402443
[ 5 ] Bug #2402923 - uv-0.9.5 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402923
[ 6 ] Bug #2405468 - CVE-2025-62518 rust-astral-tokio-tar: astral-tokio-tar
Vulnerable to PAX Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405468
[ 7 ] Bug #2405469 - CVE-2025-62518 uv: astral-tokio-tar Vulnerable to PAX
Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405469
[ 8 ] Bug #2406135 - ruff-0.14.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2406135
--------------------------------------------------------------------------------
--
_______________________________________________
epel-devel mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/[email protected]
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
