On Sat, Feb 7, 2026 at 4:58 PM Fabio Valentini <[email protected]> wrote: > > bytes https://rustsec.org/advisories/RUSTSEC-2026-0007.html > git2 https://rustsec.org/advisories/RUSTSEC-2026-0008.html > jsonwebtoken https://www.cve.org/CVERecord?id=CVE-2026-25537 > time https://rustsec.org/advisories/RUSTSEC-2026-0009.html
All packages that could easily be rebuilt have been, so in the interest in pushing security updates quickly, I have submitted the updates now. rawhide: https://bodhi.fedoraproject.org/updates/FEDORA-2026-fd61fd216d f44: https://bodhi.fedoraproject.org/updates/FEDORA-2026-1b11ddff94 f43: https://bodhi.fedoraproject.org/updates/FEDORA-2026-f400579a21 f42: https://bodhi.fedoraproject.org/updates/FEDORA-2026-6388b28850 epel10: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-dea517c7d2 epel9: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-5af2dc982d Note that packages that build with vendored Rust dependencies were not updated at all. Maintainers of such packages will need to handle security fixes themselves. Some packages have not been rebuilt, either because they have other updates already in-flight, or because the Rust SIG doesn't have access to build them (or for other reasons): - aw-server-rust - awatcher - clamav - clevis-pin-tpm2 - clevis-pin-trustee - fido-device-onboard - gotify-desktop - librsvg2 - matrix-synapse - nispor - nmstate - python-orjson - python-uv-build - retis - rust-jql - rust-podman-sequoia - selenium-manager - tbtools - trustee - trustee-guest-components - uv These can be rebuilt at any time after the updates listed above are "stable" to pull in the associated fixes. Fabio -- _______________________________________________ devel mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/[email protected] Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
