The following Fedora EPEL 10.0 Security updates need testing:
Age URL
1 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-78c7cd34db
python-nh3-0.2.21-2.el10_0 rust-ammonia-4.0.1-1.el10_0
1 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-b8aaadaa26
bird-3.1.4-1.el10_0
The following builds have been pushed to Fedora EPEL 10.0 updates-testing
rust-astral-tokio-tar-0.5.5-1.el10_0
rust-flate2-1.1.2-1.el10_0
rust-rustls-0.23.23-2.el10_0
uv-0.6.17-2.el10_0
Details about builds:
================================================================================
rust-astral-tokio-tar-0.5.5-1.el10_0 (FEDORA-EPEL-2025-04455338f9)
Rust implementation of an async TAR file reader and writer
--------------------------------------------------------------------------------
Update Information:
Security update for path traversal CVE-2025-59825 / GHSA-3wgq-wrwc-vqmv.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Sep 24 2025 Benjamin A. Beasley <[email protected]> - 0.5.5-1
- Update to version 0.5.5; fixes RHBZ#2397644
- Security fix for CVE-2025-59825 / GHSA-3wgq-wrwc-vqmv
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2397714 - CVE-2025-59825 rust-astral-tokio-tar: astral-tokio-tar
path traversal [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2397714
[ 2 ] Bug #2397715 - CVE-2025-59825 uv: astral-tokio-tar path traversal
[epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2397715
--------------------------------------------------------------------------------
================================================================================
rust-flate2-1.1.2-1.el10_0 (FEDORA-EPEL-2025-04455338f9)
DEFLATE compression and decompression exposed as Read/BufRead/Write streams
--------------------------------------------------------------------------------
Update Information:
Security update for path traversal CVE-2025-59825 / GHSA-3wgq-wrwc-vqmv.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jul 8 2025 Fabio Valentini <[email protected]> - 1.1.2-1
- Update to version 1.1.2; Fixes RHBZ#2370914
* Fri Apr 4 2025 Benjamin A. Beasley <[email protected]> - 1.1.1-1
- Update to version 1.1.1; Fixes RHBZ#2356804
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2397714 - CVE-2025-59825 rust-astral-tokio-tar: astral-tokio-tar
path traversal [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2397714
[ 2 ] Bug #2397715 - CVE-2025-59825 uv: astral-tokio-tar path traversal
[epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2397715
--------------------------------------------------------------------------------
================================================================================
rust-rustls-0.23.23-2.el10_0 (FEDORA-EPEL-2025-04455338f9)
Modern TLS library written in Rust
--------------------------------------------------------------------------------
Update Information:
Security update for path traversal CVE-2025-59825 / GHSA-3wgq-wrwc-vqmv.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Sep 24 2025 Benjamin A. Beasley <[email protected]> - 0.23.23-2
- Update zlib-rs to 0.5
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2397714 - CVE-2025-59825 rust-astral-tokio-tar: astral-tokio-tar
path traversal [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2397714
[ 2 ] Bug #2397715 - CVE-2025-59825 uv: astral-tokio-tar path traversal
[epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2397715
--------------------------------------------------------------------------------
================================================================================
uv-0.6.17-2.el10_0 (FEDORA-EPEL-2025-04455338f9)
An extremely fast Python package installer and resolver, written in Rust
--------------------------------------------------------------------------------
Update Information:
Security update for path traversal CVE-2025-59825 / GHSA-3wgq-wrwc-vqmv.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Sep 24 2025 Benjamin A. Beasley <[email protected]> - 0.6.17-2
- Rebuilt with astral-tokio-tar version 0.5.5
- Security fix for path traversal CVE-2025-59825 / GHSA-3wgq-wrwc-vqmv
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2397714 - CVE-2025-59825 rust-astral-tokio-tar: astral-tokio-tar
path traversal [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2397714
[ 2 ] Bug #2397715 - CVE-2025-59825 uv: astral-tokio-tar path traversal
[epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2397715
--------------------------------------------------------------------------------
--
_______________________________________________
epel-devel mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/[email protected]
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
