Hi all, The Rust SIG is currently preparing updates to address potential security issues in four Rust crates (and libgit2), and
bytes https://rustsec.org/advisories/RUSTSEC-2026-0007.html git2 https://rustsec.org/advisories/RUSTSEC-2026-0008.html jsonwebtoken https://www.cve.org/CVERecord?id=CVE-2026-25537 time https://rustsec.org/advisories/RUSTSEC-2026-0009.html The "bytes", "git2", and "time" crates are very widely used, so the lists of affected applications are long and have significant overlaps between these three. As such, we decided that it made sense to just handle all four issues simultaneously with one mini-mass-rebuild. The list of affected Rust applications that will be attempted to be rebuilt for the listed issues is included below. Packages that are co-maintained by the Rust SIG will be handled by me. Packages that are not will need to be handled by their respective package maintainers, with provenpackager help, or will be skipped. The following side-tags are used to collect the necessary library updates (already done) and application rebuilds: - f45-build-side-128366 - f44-build-side-128368 - f43-build-side-128370 - f42-build-side-128372 - epel10.2-build-side-128374 - epel9-build-side-128376 Fabio ============================================================ Affected applications: bytes ===== - asciinema - atuin - aw-server-rust - awatcher - bustle - clamav - clevis-pin-trustee - crun-vm - envision - fido-device-onboard - glycin - gotify-desktop - greetd - helix - keylime-agent-rust - librsvg2 - matrix-synapse - mirrorlist-server - nispor - nmstate - ntpd-rs - python-orjson - python-uv-build - rust-afterburn - rust-below - rust-busd - rust-cargo-c - rust-cargo-deny - rust-coreos-installer - rust-crypto-auditing-agent - rust-crypto-auditing-client - rust-crypto-auditing-event-broker - rust-crypto-auditing-log-parser - rust-gst-plugin-dav1d - rust-gst-plugin-reqwest - rust-ingredients - rust-jql - rust-monitord - rust-monitord-exporter - rust-muvm - rust-nu - rust-oo7-cli - rust-podman-sequoia - rust-pore - rust-procs - rust-rbspy - rust-rbw - rust-redlib - rust-routinator - rust-sccache - rust-sequoia-chameleon-gnupg - rust-sequoia-keystore-server - rust-sequoia-octopus-librnp - rust-sequoia-sq - rust-sevctl - rust-sigul-pesign-bridge - rust-snpguest - rust-tealdeer - rust-weezl - rust-ybaas - rustup - sad - selenium-manager - trustee - trustee-guest-components - tuigreet - uv git2 ==== - envision - rust-bat - rust-cargo-c - rust-git-delta - rust-git-interactive-rebase-tool - rust-gitui - rust-heatseeker - rust-lsd - rust-pore - rust-pretty-git-prompt - rust-tokei jsonwebtoken ============ - trustee - uv time ==== - atuin - aw-server-rust - clevis-pin-tpm2 - clevis-pin-trustee - envision - fido-device-onboard - gotify-desktop - keylime-agent-rust - librsvg2 - maturin - nmstate - retis - rust-add-determinism - rust-afterburn - rust-bat - rust-below - rust-btrd - rust-cargo-c - rust-cargo-deny - rust-crypto-auditing-agent - rust-crypto-auditing-client - rust-crypto-auditing-event-broker - rust-crypto-auditing-log-parser - rust-dua-cli - rust-eif_build - rust-git-delta - rust-gitui - rust-gst-plugin-reqwest - rust-nu - rust-onefetch - rust-oo7-cli - rust-pleaser - rust-procs - rust-rd-agent - rust-rd-hashd - rust-rd-util - rust-redlib - rust-resctl-bench - rust-resctl-demo - rust-routinator - rust-scx_layered - rust-scx_rustland - rust-scx_rusty - rust-sequoia-chameleon-gnupg - rust-snpguest - rust-speakersafetyd - rust-wiremix - tbtools - trustee - trustee-guest-components - tuigreet - uv -- _______________________________________________ devel mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/[email protected] Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
