The following Fedora EPEL 10.0 Security updates need testing:
Age URL
6 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-0869e5a01a
mbedtls-3.6.5-1.el10_0
The following builds have been pushed to Fedora EPEL 10.0 updates-testing
debmirror-2.47-2.el10_0
rust-astral-tokio-tar-0.5.6-1.el10_0
rust-normpath-1.5.0-1.el10_0
rust-os_pipe-1.2.3-1.el10_0
rust-owo-colors-4.2.3-1.el10_0
rust-pem-3.0.6-1.el10_0
rust-regex-lite-0.1.8-1.el10_0
rust-regex-syntax-0.8.8-1.el10_0
rust-rustls-native-certs-0.8.2-1.el10_0
rust-rusty-fork-0.3.1-1.el10_0
rust-stable_deref_trait-1.2.1-1.el10_0
rust-syn-2.0.107-1.el10_0
rust-unicode-width-0.2.2-1.el10_0
uv-0.6.17-3.el10_0
Details about builds:
================================================================================
debmirror-2.47-2.el10_0 (FEDORA-EPEL-2025-1aaefbc82f)
Debian partial mirror script, with ftp and package pool support
--------------------------------------------------------------------------------
Update Information:
Update to 2.47.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Oct 22 2025 Simone Caronni <[email protected]> - 2.47-2
- Update sources
* Wed Oct 22 2025 Simone Caronni <[email protected]> - 2.47-1
- Update to 2.47
* Wed Jul 23 2025 Fedora Release Engineering <[email protected]> - 2.46-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
rust-astral-tokio-tar-0.5.6-1.el10_0 (FEDORA-EPEL-2025-439963506c)
Rust implementation of an async TAR file reader and writer
--------------------------------------------------------------------------------
Update Information:
Security fix for CVE-2025-62518: update rust-astral-tokio-tar to 0.5.6 and
rebuild uv.
rust-astral-tokio-tar 0.5.6
Fixed a parser desynchronization vulnerability when reading tar archives that
contain mismatched size information in PAX/ustar headers.
This vulnerability is being tracked as GHSA-j5gw-2vrg-8fgx
and CVE-2025-62518.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Oct 21 2025 Benjamin A. Beasley <[email protected]> - 0.5.6-1
- Update to version 0.5.6; Fixes RHBZ#2405351
- Security fix for CVE-2025-62518
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2405468 - CVE-2025-62518 rust-astral-tokio-tar: astral-tokio-tar
Vulnerable to PAX Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405468
[ 2 ] Bug #2405469 - CVE-2025-62518 uv: astral-tokio-tar Vulnerable to PAX
Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405469
--------------------------------------------------------------------------------
================================================================================
rust-normpath-1.5.0-1.el10_0 (FEDORA-EPEL-2025-16df9a8816)
More reliable path manipulation
--------------------------------------------------------------------------------
Update Information:
Update to version 1.5.0.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Oct 22 2025 Fabio Valentini <[email protected]> - 1.5.0-1
- Update to version 1.5.0
--------------------------------------------------------------------------------
================================================================================
rust-os_pipe-1.2.3-1.el10_0 (FEDORA-EPEL-2025-f8954363f6)
Cross-platform library for opening OS pipes
--------------------------------------------------------------------------------
Update Information:
Update to version 1.2.3.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Oct 22 2025 Fabio Valentini <[email protected]> - 1.2.3-1
- Update to version 1.2.3; Fixes RHBZ#2403315
* Fri Jul 25 2025 Fedora Release Engineering <[email protected]> -
1.2.2-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
rust-owo-colors-4.2.3-1.el10_0 (FEDORA-EPEL-2025-192beba3e2)
Zero-allocation terminal colors that'll make people go owo
--------------------------------------------------------------------------------
Update Information:
Update to version 4.2.3.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Oct 22 2025 Fabio Valentini <[email protected]> - 4.2.3-1
- Update to version 4.2.3; Fixes RHBZ#2400178
* Fri Jul 25 2025 Fedora Release Engineering <[email protected]> -
4.2.2-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
rust-pem-3.0.6-1.el10_0 (FEDORA-EPEL-2025-9bd0e124d4)
Parse and encode PEM-encoded data
--------------------------------------------------------------------------------
Update Information:
Update to version 3.0.6.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Oct 22 2025 Fabio Valentini <[email protected]> - 3.0.6-1
- Update to version 3.0.6; Fixes RHBZ#2403116
* Fri Jul 25 2025 Fedora Release Engineering <[email protected]> -
3.0.5-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
rust-regex-lite-0.1.8-1.el10_0 (FEDORA-EPEL-2025-21fa967516)
Lightweight regex engine that optimizes for binary size and compilation time
--------------------------------------------------------------------------------
Update Information:
Update to version 0.1.8.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Oct 22 2025 Fabio Valentini <[email protected]> - 0.1.8-1
- Update to version 0.1.8; Fixes RHBZ#2403246
--------------------------------------------------------------------------------
================================================================================
rust-regex-syntax-0.8.8-1.el10_0 (FEDORA-EPEL-2025-c053b38480)
Regular expression parser
--------------------------------------------------------------------------------
Update Information:
Update to version 0.8.8.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Oct 22 2025 Fabio Valentini <[email protected]> - 0.8.8-1
- Update to version 0.8.8; Fixes RHBZ#2403247
--------------------------------------------------------------------------------
================================================================================
rust-rustls-native-certs-0.8.2-1.el10_0 (FEDORA-EPEL-2025-c9a48e69c5)
Allows rustls to use the platform native certificate store
--------------------------------------------------------------------------------
Update Information:
Update to version 0.8.2.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Oct 22 2025 Fabio Valentini <[email protected]> - 0.8.2-1
- Update to version 0.8.2; Fixes RHBZ#2404132
* Fri Jul 25 2025 Fedora Release Engineering <[email protected]> -
0.8.1-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
* Sun Jan 19 2025 Fedora Release Engineering <[email protected]> -
0.8.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
rust-rusty-fork-0.3.1-1.el10_0 (FEDORA-EPEL-2025-4d3fdd4352)
Library for running Rust tests in sub-processes using a fork-like interface
--------------------------------------------------------------------------------
Update Information:
Update to version 0.3.1.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Oct 22 2025 Fabio Valentini <[email protected]> - 0.3.1-1
- Update to version 0.3.1; Fixes RHBZ#2401611
* Fri Jul 25 2025 Fedora Release Engineering <[email protected]> -
0.3.0-13
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
* Sun Jan 19 2025 Fedora Release Engineering <[email protected]> -
0.3.0-12
- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
rust-stable_deref_trait-1.2.1-1.el10_0 (FEDORA-EPEL-2025-f38e9930b4)
Dereference to a stable address even when moved
--------------------------------------------------------------------------------
Update Information:
Update to version 1.2.1.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Oct 22 2025 Fabio Valentini <[email protected]> - 1.2.1-1
- Update to version 1.2.1; Fixes RHBZ#2402663
* Fri Jul 25 2025 Fedora Release Engineering <[email protected]> -
1.2.0-15
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
* Sun Jan 19 2025 Fedora Release Engineering <[email protected]> -
1.2.0-14
- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
rust-syn-2.0.107-1.el10_0 (FEDORA-EPEL-2025-30b9866286)
Parser for Rust source code
--------------------------------------------------------------------------------
Update Information:
Update to version 2.0.107.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Oct 22 2025 Fabio Valentini <[email protected]> - 2.0.107-1
- Update to version 2.0.107; Fixes RHBZ#2404927
--------------------------------------------------------------------------------
================================================================================
rust-unicode-width-0.2.2-1.el10_0 (FEDORA-EPEL-2025-216fb38ff1)
Determine displayed width of 'char' and 'str' types
--------------------------------------------------------------------------------
Update Information:
Update to version 0.2.2.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Oct 22 2025 Fabio Valentini <[email protected]> - 0.2.2-1
- Update to version 0.2.2; Fixes RHBZ#2401886
* Fri Jul 25 2025 Fedora Release Engineering <[email protected]> -
0.2.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
uv-0.6.17-3.el10_0 (FEDORA-EPEL-2025-439963506c)
An extremely fast Python package installer and resolver, written in Rust
--------------------------------------------------------------------------------
Update Information:
Security fix for CVE-2025-62518: update rust-astral-tokio-tar to 0.5.6 and
rebuild uv.
rust-astral-tokio-tar 0.5.6
Fixed a parser desynchronization vulnerability when reading tar archives that
contain mismatched size information in PAX/ustar headers.
This vulnerability is being tracked as GHSA-j5gw-2vrg-8fgx
and CVE-2025-62518.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Oct 22 2025 Benjamin A. Beasley <[email protected]> - 0.6.17-3
- Rebuilt with rust-astral-tokio-tar 0.5.6
- Security update for CVE-2025-62518; fixes RHBZ#2405469
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2405468 - CVE-2025-62518 rust-astral-tokio-tar: astral-tokio-tar
Vulnerable to PAX Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405468
[ 2 ] Bug #2405469 - CVE-2025-62518 uv: astral-tokio-tar Vulnerable to PAX
Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405469
--------------------------------------------------------------------------------
--
_______________________________________________
epel-devel mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/[email protected]
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
