The following Fedora EPEL 10.2 Security updates need testing:
Age URL
3 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-1fe5205aa6
fluidsynth-2.4.8-2.el10_2
2 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-fd412e2ace
qt5-qtbase-5.15.17-2.el10_2
1 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-ebffab4484
chromium-141.0.7390.122-1.el10_2
1 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-3975babff2
openbao-2.4.3-1.el10_2
The following builds have been pushed to Fedora EPEL 10.2 updates-testing
arpwatch-3.9-1.el10_2
cube-4.9-3.el10_2
java-latest-openjdk-25.0.1.0.8-0.1.el10_2
java-latest-openjdk-portable-25.0.1.0.8-1.rolling.el8
ruff-0.14.2-1.el10_2
rust-astral-tokio-tar-0.5.6-1.el10_2
rust-attribute-derive-0.10.5-1.el10_2
rust-attribute-derive-macro-0.10.5-1.el10_2
rust-backon-1.5.2-2.el10_2
rust-basic-toml-0.1.10-2.el10_2
rust-collection_literals-1.0.3-1.el10_2
rust-derive_more-2.0.1-3.el10_2
rust-derive_more-impl-2.0.1-2.el10_2
rust-dlv-list-0.5.2-2.el10_2
rust-dotenv-0.15.0-16.el10_2
rust-get-size-derive2-0.7.0-1.el10_2
rust-get-size2-0.7.0-2.el10_2
rust-interpolator-0.5.0-3.el10_2
rust-intrusive-collections-0.9.7-3.el10_2
rust-is-terminal-0.4.17-1.el10_2
rust-macro_rules_attribute-0.2.2-2.el10_2
rust-macro_rules_attribute-proc_macro-0.2.2-2.el10_2
rust-manyhow-0.11.4-1.el10_2
rust-manyhow-macros-0.11.4-1.el10_2
rust-ordered-multimap-0.7.3-2.el10_2
rust-proc-macro-utils-0.10.0-1.el10_2
rust-quote-use-0.8.4-2.el10_2
rust-quote-use-macros-0.8.4-1.el10_2
rust-reqsign-0.17.0-1.el10_2
rust-reqsign-aws-v4-1.0.0-1.el10_2
rust-reqsign-command-execute-tokio-1.0.0-1.el10_2
rust-reqsign-core-1.0.0-1.el10_2
rust-reqsign-file-read-tokio-1.0.0-1.el10_2
rust-reqsign-http-send-reqwest-1.0.0-1.el10_2
rust-rust-ini-0.21.3-1.el10_2
rust-tikv-jemalloc-sys-0.6.1-1.el10_2
rust-tikv-jemallocator-0.6.1-1.el10_2
rust-trybuild2-1.2.0-5.el10_2
tmt-1.60.0-1.el10_2
uv-0.8.24-3.el10_2
Details about builds:
================================================================================
arpwatch-3.9-1.el10_2 (FEDORA-EPEL-2025-7c1fb26fcd)
Network monitoring tools for tracking IP addresses on a network
--------------------------------------------------------------------------------
Update Information:
Update to 3.9 (close RHBZ#2406123)
This release contained a fix for a TOCTOU race condition in a shell script
that we do not package; it therefore should be indistinguishable from version
3.8.
Generate ethercodes.dat from latest oui.csv
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 23 2025 Benjamin A. Beasley <[email protected]> - 14:3.9-1
- Update to 3.9 (close RHBZ#2406123)
* Thu Oct 23 2025 Benjamin A. Beasley <[email protected]> - 14:3.8-8
- Generate ethercodes.dat from latest oui.csv
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2406123 - arpwatch-3.9 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2406123
--------------------------------------------------------------------------------
================================================================================
cube-4.9-3.el10_2 (FEDORA-EPEL-2025-30f6dce3a5)
CUBE Uniform Behavioral Encoding generic presentation component
--------------------------------------------------------------------------------
Update Information:
Build cube-devel again
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 23 2025 Dave Love <[email protected]> - 4.9-3
- Reinstate cube-devel package (#2406039)
* Wed Jul 23 2025 Fedora Release Engineering <[email protected]> - 4.9-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
java-latest-openjdk-25.0.1.0.8-0.1.el10_2 (FEDORA-EPEL-2025-d30e7dd27a)
OpenJDK 25 Runtime Environment
--------------------------------------------------------------------------------
Update Information:
openjdk CPU October 2025 epel editions of java-latest-openjdk (still in version
25)
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 23 2025 Jiri Vanek <[email protected]> - 1:25.0.1.0.8-1
- Updated to October 2025 cpu
--------------------------------------------------------------------------------
================================================================================
java-latest-openjdk-portable-25.0.1.0.8-1.rolling.el8
(FEDORA-EPEL-2025-86371a4650)
OpenJDK 25 Runtime Environment portable edition
--------------------------------------------------------------------------------
Update Information:
portables built on el8 to be el10 update and to be repacekd by all rpms for
epels. Main reason for this update is that they persists and are not GC from
koji. The update contains October 2025 java CPU
--------------------------------------------------------------------------------
ChangeLog:
* Wed Oct 22 2025 Jiri Vanek <[email protected]> - 1:25.0.1.0.8-1
- BUmped to October 2025 CPU and made to build by itslef
* Tue Oct 7 2025 Jiri Vanek <[email protected]> - 1:25.0.0.0.36-6
- BUmped release
* Tue Oct 7 2025 Jiri Vanek <[email protected]> - 1:25.0.0.0.36-5
- Moved to build by itslef - jdk25
--------------------------------------------------------------------------------
================================================================================
ruff-0.14.2-1.el10_2 (FEDORA-EPEL-2025-d12b62c436)
Extremely fast Python linter and code formatter
--------------------------------------------------------------------------------
Update Information:
uv 0.8.24
https://github.com/astral-sh/uv/blob/0.8.24/CHANGELOG.md
Since uv was built with astral-tokio-tar 0.5.6, this is a security fix for
CVE-2025-62518.
ruff 0.14.2
https://github.com/astral-sh/ruff/blob/0.14.2/CHANGELOG.md
rust-astral-tokio-tar 0.5.6
Fixed a parser desynchronization vulnerability when reading tar archives that
contain mismatched size information in PAX/ustar headers.
This vulnerability is being tracked as GHSA-j5gw-2vrg-8fgx
and CVE-2025-62518.
Initial packages for a number of new dependencies for ruff and uv, and initial
EPEL10 packages for a few of their dependencies.
Update rust-tikv-jemallocator and rust-tikv-jemalloc-sys to 0.6.1.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 23 2025 Benjamin A. Beasley <[email protected]> - 0.14.2-1
- Update to version 0.14.2; Fixes RHBZ#2406135
* Wed Oct 22 2025 Benjamin A. Beasley <[email protected]> - 0.14.1-2
- Double _smp_tasksize_proc again
- Builds for F41 were failing consistently on s390x
* Mon Oct 20 2025 Benjamin A. Beasley <[email protected]> - 0.14.1-1
- Update to 0.14.1 (close RHBZ#2360699)
* Mon Oct 20 2025 Benjamin A. Beasley <[email protected]> - 0.14.0-2
- Skip salsaâs execute_cancellation tests on all architectures
* Mon Oct 20 2025 Benjamin A. Beasley <[email protected]> - 0.14.0-1
- Update to 0.14.0
* Mon Oct 20 2025 Benjamin A. Beasley <[email protected]> - 0.13.3-1
- Update to 0.13.3
* Mon Oct 20 2025 Benjamin A. Beasley <[email protected]> - 0.13.2-1
- Update to 0.13.2
* Thu Oct 16 2025 Gordon Messmer <[email protected]> - 0.12.1-2
- Use rpm's native resource tunable to limit parallelism.
* Wed Sep 24 2025 Benjamin A. Beasley <[email protected]> - 0.12.1-1
- Update to 0.12.1
* Wed Sep 24 2025 Benjamin A. Beasley <[email protected]> - 0.12.0-1
- Update to 0.12.0
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2360699 - ruff-0.14.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2360699
[ 2 ] Bug #2405468 - CVE-2025-62518 rust-astral-tokio-tar: astral-tokio-tar
Vulnerable to PAX Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405468
[ 3 ] Bug #2405469 - CVE-2025-62518 uv: astral-tokio-tar Vulnerable to PAX
Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405469
[ 4 ] Bug #2406135 - ruff-0.14.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2406135
--------------------------------------------------------------------------------
================================================================================
rust-astral-tokio-tar-0.5.6-1.el10_2 (FEDORA-EPEL-2025-d12b62c436)
Rust implementation of an async TAR file reader and writer
--------------------------------------------------------------------------------
Update Information:
uv 0.8.24
https://github.com/astral-sh/uv/blob/0.8.24/CHANGELOG.md
Since uv was built with astral-tokio-tar 0.5.6, this is a security fix for
CVE-2025-62518.
ruff 0.14.2
https://github.com/astral-sh/ruff/blob/0.14.2/CHANGELOG.md
rust-astral-tokio-tar 0.5.6
Fixed a parser desynchronization vulnerability when reading tar archives that
contain mismatched size information in PAX/ustar headers.
This vulnerability is being tracked as GHSA-j5gw-2vrg-8fgx
and CVE-2025-62518.
Initial packages for a number of new dependencies for ruff and uv, and initial
EPEL10 packages for a few of their dependencies.
Update rust-tikv-jemallocator and rust-tikv-jemalloc-sys to 0.6.1.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Oct 21 2025 Benjamin A. Beasley <[email protected]> - 0.5.6-1
- Update to version 0.5.6; Fixes RHBZ#2405351
- Security fix for CVE-2025-62518
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2360699 - ruff-0.14.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2360699
[ 2 ] Bug #2405468 - CVE-2025-62518 rust-astral-tokio-tar: astral-tokio-tar
Vulnerable to PAX Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405468
[ 3 ] Bug #2405469 - CVE-2025-62518 uv: astral-tokio-tar Vulnerable to PAX
Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405469
[ 4 ] Bug #2406135 - ruff-0.14.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2406135
--------------------------------------------------------------------------------
================================================================================
rust-attribute-derive-0.10.5-1.el10_2 (FEDORA-EPEL-2025-d12b62c436)
Clap like parsing for attributes in proc-macros
--------------------------------------------------------------------------------
Update Information:
uv 0.8.24
https://github.com/astral-sh/uv/blob/0.8.24/CHANGELOG.md
Since uv was built with astral-tokio-tar 0.5.6, this is a security fix for
CVE-2025-62518.
ruff 0.14.2
https://github.com/astral-sh/ruff/blob/0.14.2/CHANGELOG.md
rust-astral-tokio-tar 0.5.6
Fixed a parser desynchronization vulnerability when reading tar archives that
contain mismatched size information in PAX/ustar headers.
This vulnerability is being tracked as GHSA-j5gw-2vrg-8fgx
and CVE-2025-62518.
Initial packages for a number of new dependencies for ruff and uv, and initial
EPEL10 packages for a few of their dependencies.
Update rust-tikv-jemallocator and rust-tikv-jemalloc-sys to 0.6.1.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Oct 15 2025 Benjamin A. Beasley <[email protected]> - 0.10.5-1
- Initial package (close RHBZ#2398133)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2360699 - ruff-0.14.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2360699
[ 2 ] Bug #2405468 - CVE-2025-62518 rust-astral-tokio-tar: astral-tokio-tar
Vulnerable to PAX Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405468
[ 3 ] Bug #2405469 - CVE-2025-62518 uv: astral-tokio-tar Vulnerable to PAX
Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405469
[ 4 ] Bug #2406135 - ruff-0.14.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2406135
--------------------------------------------------------------------------------
================================================================================
rust-attribute-derive-macro-0.10.5-1.el10_2 (FEDORA-EPEL-2025-d12b62c436)
Clap for proc macro attributes
--------------------------------------------------------------------------------
Update Information:
uv 0.8.24
https://github.com/astral-sh/uv/blob/0.8.24/CHANGELOG.md
Since uv was built with astral-tokio-tar 0.5.6, this is a security fix for
CVE-2025-62518.
ruff 0.14.2
https://github.com/astral-sh/ruff/blob/0.14.2/CHANGELOG.md
rust-astral-tokio-tar 0.5.6
Fixed a parser desynchronization vulnerability when reading tar archives that
contain mismatched size information in PAX/ustar headers.
This vulnerability is being tracked as GHSA-j5gw-2vrg-8fgx
and CVE-2025-62518.
Initial packages for a number of new dependencies for ruff and uv, and initial
EPEL10 packages for a few of their dependencies.
Update rust-tikv-jemallocator and rust-tikv-jemalloc-sys to 0.6.1.
--------------------------------------------------------------------------------
ChangeLog:
* Sat Oct 11 2025 Benjamin A. Beasley <[email protected]> - 0.10.5-1
- Initial package (close RHBZ#2398120)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2360699 - ruff-0.14.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2360699
[ 2 ] Bug #2405468 - CVE-2025-62518 rust-astral-tokio-tar: astral-tokio-tar
Vulnerable to PAX Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405468
[ 3 ] Bug #2405469 - CVE-2025-62518 uv: astral-tokio-tar Vulnerable to PAX
Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405469
[ 4 ] Bug #2406135 - ruff-0.14.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2406135
--------------------------------------------------------------------------------
================================================================================
rust-backon-1.5.2-2.el10_2 (FEDORA-EPEL-2025-d12b62c436)
Make retry like a built-in feature provided by Rust
--------------------------------------------------------------------------------
Update Information:
uv 0.8.24
https://github.com/astral-sh/uv/blob/0.8.24/CHANGELOG.md
Since uv was built with astral-tokio-tar 0.5.6, this is a security fix for
CVE-2025-62518.
ruff 0.14.2
https://github.com/astral-sh/ruff/blob/0.14.2/CHANGELOG.md
rust-astral-tokio-tar 0.5.6
Fixed a parser desynchronization vulnerability when reading tar archives that
contain mismatched size information in PAX/ustar headers.
This vulnerability is being tracked as GHSA-j5gw-2vrg-8fgx
and CVE-2025-62518.
Initial packages for a number of new dependencies for ruff and uv, and initial
EPEL10 packages for a few of their dependencies.
Update rust-tikv-jemallocator and rust-tikv-jemalloc-sys to 0.6.1.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Aug 21 2025 Benjamin A. Beasley <[email protected]> - 1.5.2-2
- Drop unnecessary sqlx dev-dependency
* Wed Jul 30 2025 Fabio Valentini <[email protected]> - 1.5.2-1
- Update to version 1.5.2; Fixes RHBZ#2384769
* Fri Jul 25 2025 Fedora Release Engineering <[email protected]> -
1.5.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
* Thu Jun 19 2025 Fabio Valentini <[email protected]> - 1.5.1-1
- Update to version 1.5.1
* Wed Apr 23 2025 Fabio Valentini <[email protected]> - 1.5.0-3
- Drop WASM-specific features
* Tue Apr 22 2025 Fabio Valentini <[email protected]> - 1.5.0-2
- Fix invalid rust2rpm.toml, regenerate spec, relax spin dependency
* Sun Apr 20 2025 Andreas Schneider <[email protected]> - 1.5.0-1
- New package version 1.5.0
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2360699 - ruff-0.14.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2360699
[ 2 ] Bug #2405468 - CVE-2025-62518 rust-astral-tokio-tar: astral-tokio-tar
Vulnerable to PAX Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405468
[ 3 ] Bug #2405469 - CVE-2025-62518 uv: astral-tokio-tar Vulnerable to PAX
Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405469
[ 4 ] Bug #2406135 - ruff-0.14.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2406135
--------------------------------------------------------------------------------
================================================================================
rust-basic-toml-0.1.10-2.el10_2 (FEDORA-EPEL-2025-d12b62c436)
Minimal TOML library with few dependencies
--------------------------------------------------------------------------------
Update Information:
uv 0.8.24
https://github.com/astral-sh/uv/blob/0.8.24/CHANGELOG.md
Since uv was built with astral-tokio-tar 0.5.6, this is a security fix for
CVE-2025-62518.
ruff 0.14.2
https://github.com/astral-sh/ruff/blob/0.14.2/CHANGELOG.md
rust-astral-tokio-tar 0.5.6
Fixed a parser desynchronization vulnerability when reading tar archives that
contain mismatched size information in PAX/ustar headers.
This vulnerability is being tracked as GHSA-j5gw-2vrg-8fgx
and CVE-2025-62518.
Initial packages for a number of new dependencies for ruff and uv, and initial
EPEL10 packages for a few of their dependencies.
Update rust-tikv-jemallocator and rust-tikv-jemalloc-sys to 0.6.1.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jul 25 2025 Fedora Release Engineering <[email protected]> -
0.1.10-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
* Mon Mar 3 2025 Fabio Valentini <[email protected]> - 0.1.10-1
- Update to version 0.1.10; Fixes RHBZ#2349381
* Sun Jan 19 2025 Fedora Release Engineering <[email protected]> -
0.1.9-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
* Fri Jul 19 2024 Fedora Release Engineering <[email protected]> -
0.1.9-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
* Thu Apr 25 2024 Fabio Valentini <[email protected]> - 0.1.9-1
- Update to version 0.1.9; Fixes RHBZ#2269097
* Fri Jan 26 2024 Fedora Release Engineering <[email protected]> -
0.1.8-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Wed Jan 3 2024 Fabio Valentini <[email protected]> - 0.1.8-1
- Update to version 0.1.8; Fixes RHBZ#2256493
* Sun Nov 12 2023 Fabio Valentini <[email protected]> - 0.1.7-1
- Update to version 0.1.7; Fixes RHBZ#2246261
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2360699 - ruff-0.14.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2360699
[ 2 ] Bug #2405468 - CVE-2025-62518 rust-astral-tokio-tar: astral-tokio-tar
Vulnerable to PAX Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405468
[ 3 ] Bug #2405469 - CVE-2025-62518 uv: astral-tokio-tar Vulnerable to PAX
Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405469
[ 4 ] Bug #2406135 - ruff-0.14.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2406135
--------------------------------------------------------------------------------
================================================================================
rust-collection_literals-1.0.3-1.el10_2 (FEDORA-EPEL-2025-d12b62c436)
Easy-to-use macros for initializing any collection
--------------------------------------------------------------------------------
Update Information:
uv 0.8.24
https://github.com/astral-sh/uv/blob/0.8.24/CHANGELOG.md
Since uv was built with astral-tokio-tar 0.5.6, this is a security fix for
CVE-2025-62518.
ruff 0.14.2
https://github.com/astral-sh/ruff/blob/0.14.2/CHANGELOG.md
rust-astral-tokio-tar 0.5.6
Fixed a parser desynchronization vulnerability when reading tar archives that
contain mismatched size information in PAX/ustar headers.
This vulnerability is being tracked as GHSA-j5gw-2vrg-8fgx
and CVE-2025-62518.
Initial packages for a number of new dependencies for ruff and uv, and initial
EPEL10 packages for a few of their dependencies.
Update rust-tikv-jemallocator and rust-tikv-jemalloc-sys to 0.6.1.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Oct 1 2025 Benjamin A. Beasley <[email protected]> - 1.0.3-1
- Update to version 1.0.3; Fixes RHBZ#2400587
- Upstream now provides a LICENSE file
* Mon Sep 29 2025 Benjamin A. Beasley <[email protected]> - 1.0.2-1
- Initial package (close RHBZ#2398064)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2360699 - ruff-0.14.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2360699
[ 2 ] Bug #2405468 - CVE-2025-62518 rust-astral-tokio-tar: astral-tokio-tar
Vulnerable to PAX Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405468
[ 3 ] Bug #2405469 - CVE-2025-62518 uv: astral-tokio-tar Vulnerable to PAX
Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405469
[ 4 ] Bug #2406135 - ruff-0.14.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2406135
--------------------------------------------------------------------------------
================================================================================
rust-derive_more-2.0.1-3.el10_2 (FEDORA-EPEL-2025-d12b62c436)
Adds #[derive(x)] macros for more traits
--------------------------------------------------------------------------------
Update Information:
uv 0.8.24
https://github.com/astral-sh/uv/blob/0.8.24/CHANGELOG.md
Since uv was built with astral-tokio-tar 0.5.6, this is a security fix for
CVE-2025-62518.
ruff 0.14.2
https://github.com/astral-sh/ruff/blob/0.14.2/CHANGELOG.md
rust-astral-tokio-tar 0.5.6
Fixed a parser desynchronization vulnerability when reading tar archives that
contain mismatched size information in PAX/ustar headers.
This vulnerability is being tracked as GHSA-j5gw-2vrg-8fgx
and CVE-2025-62518.
Initial packages for a number of new dependencies for ruff and uv, and initial
EPEL10 packages for a few of their dependencies.
Update rust-tikv-jemallocator and rust-tikv-jemalloc-sys to 0.6.1.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jul 25 2025 Fedora Release Engineering <[email protected]> -
2.0.1-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
* Tue Mar 25 2025 Fabio Valentini <[email protected]> - 2.0.1-2
- Skip three tests that fail on big-endian architectures
* Sat Mar 22 2025 Fabio Valentini <[email protected]> - 2.0.1-1
- Update to version 2.0.1; Fixes RHBZ#2343601
* Sun Jan 19 2025 Fedora Release Engineering <[email protected]> -
1.0.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
* Mon Sep 2 2024 Fabio Valentini <[email protected]> - 1.0.0-1
- Update to version 1.0.0; Fixes RHBZ#2303544
* Fri Jul 19 2024 Fedora Release Engineering <[email protected]> -
0.99.17-8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
* Fri Jan 26 2024 Fedora Release Engineering <[email protected]> -
0.99.17-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Sat Aug 5 2023 Fabio Valentini <[email protected]> - 0.99.17-6
- Regenerate with rust2rpm v24
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2360699 - ruff-0.14.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2360699
[ 2 ] Bug #2405468 - CVE-2025-62518 rust-astral-tokio-tar: astral-tokio-tar
Vulnerable to PAX Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405468
[ 3 ] Bug #2405469 - CVE-2025-62518 uv: astral-tokio-tar Vulnerable to PAX
Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405469
[ 4 ] Bug #2406135 - ruff-0.14.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2406135
--------------------------------------------------------------------------------
================================================================================
rust-derive_more-impl-2.0.1-2.el10_2 (FEDORA-EPEL-2025-d12b62c436)
Internal implementation of derive_more crate
--------------------------------------------------------------------------------
Update Information:
uv 0.8.24
https://github.com/astral-sh/uv/blob/0.8.24/CHANGELOG.md
Since uv was built with astral-tokio-tar 0.5.6, this is a security fix for
CVE-2025-62518.
ruff 0.14.2
https://github.com/astral-sh/ruff/blob/0.14.2/CHANGELOG.md
rust-astral-tokio-tar 0.5.6
Fixed a parser desynchronization vulnerability when reading tar archives that
contain mismatched size information in PAX/ustar headers.
This vulnerability is being tracked as GHSA-j5gw-2vrg-8fgx
and CVE-2025-62518.
Initial packages for a number of new dependencies for ruff and uv, and initial
EPEL10 packages for a few of their dependencies.
Update rust-tikv-jemallocator and rust-tikv-jemalloc-sys to 0.6.1.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jul 25 2025 Fedora Release Engineering <[email protected]> -
2.0.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
* Sat Mar 22 2025 Fabio Valentini <[email protected]> - 2.0.1-1
- Update to version 2.0.1; Fixes RHBZ#2343600
* Sun Jan 19 2025 Fedora Release Engineering <[email protected]> -
1.0.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
* Sun Sep 8 2024 Fabio Valentini <[email protected]> - 1.0.0-1
- Initial import (#2309192)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2360699 - ruff-0.14.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2360699
[ 2 ] Bug #2405468 - CVE-2025-62518 rust-astral-tokio-tar: astral-tokio-tar
Vulnerable to PAX Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405468
[ 3 ] Bug #2405469 - CVE-2025-62518 uv: astral-tokio-tar Vulnerable to PAX
Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405469
[ 4 ] Bug #2406135 - ruff-0.14.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2406135
--------------------------------------------------------------------------------
================================================================================
rust-dlv-list-0.5.2-2.el10_2 (FEDORA-EPEL-2025-d12b62c436)
Semi-doubly linked list implemented using a vector
--------------------------------------------------------------------------------
Update Information:
uv 0.8.24
https://github.com/astral-sh/uv/blob/0.8.24/CHANGELOG.md
Since uv was built with astral-tokio-tar 0.5.6, this is a security fix for
CVE-2025-62518.
ruff 0.14.2
https://github.com/astral-sh/ruff/blob/0.14.2/CHANGELOG.md
rust-astral-tokio-tar 0.5.6
Fixed a parser desynchronization vulnerability when reading tar archives that
contain mismatched size information in PAX/ustar headers.
This vulnerability is being tracked as GHSA-j5gw-2vrg-8fgx
and CVE-2025-62518.
Initial packages for a number of new dependencies for ruff and uv, and initial
EPEL10 packages for a few of their dependencies.
Update rust-tikv-jemallocator and rust-tikv-jemalloc-sys to 0.6.1.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jul 25 2025 Fedora Release Engineering <[email protected]> -
0.5.2-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
* Fri May 2 2025 Cristian Le <[email protected]> - 0.5.2-1
- Update to version 0.5.2; Fixes RHBZ#1989392
* Sun Jan 19 2025 Fedora Release Engineering <[email protected]> -
0.3.0-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
* Fri Jul 19 2024 Fedora Release Engineering <[email protected]> -
0.3.0-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
* Fri Jan 26 2024 Fedora Release Engineering <[email protected]> -
0.3.0-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2360699 - ruff-0.14.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2360699
[ 2 ] Bug #2405468 - CVE-2025-62518 rust-astral-tokio-tar: astral-tokio-tar
Vulnerable to PAX Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405468
[ 3 ] Bug #2405469 - CVE-2025-62518 uv: astral-tokio-tar Vulnerable to PAX
Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405469
[ 4 ] Bug #2406135 - ruff-0.14.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2406135
--------------------------------------------------------------------------------
================================================================================
rust-dotenv-0.15.0-16.el10_2 (FEDORA-EPEL-2025-d12b62c436)
Dotenv implementation for Rust
--------------------------------------------------------------------------------
Update Information:
uv 0.8.24
https://github.com/astral-sh/uv/blob/0.8.24/CHANGELOG.md
Since uv was built with astral-tokio-tar 0.5.6, this is a security fix for
CVE-2025-62518.
ruff 0.14.2
https://github.com/astral-sh/ruff/blob/0.14.2/CHANGELOG.md
rust-astral-tokio-tar 0.5.6
Fixed a parser desynchronization vulnerability when reading tar archives that
contain mismatched size information in PAX/ustar headers.
This vulnerability is being tracked as GHSA-j5gw-2vrg-8fgx
and CVE-2025-62518.
Initial packages for a number of new dependencies for ruff and uv, and initial
EPEL10 packages for a few of their dependencies.
Update rust-tikv-jemallocator and rust-tikv-jemalloc-sys to 0.6.1.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jul 25 2025 Fedora Release Engineering <[email protected]> -
0.15.0-16
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
* Sun Jan 19 2025 Fedora Release Engineering <[email protected]> -
0.15.0-15
- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
* Fri Sep 13 2024 Fabio Valentini <[email protected]> - 0.15.0-14
- Remove reference to readme file that is not included in published crates
* Fri Jul 19 2024 Fedora Release Engineering <[email protected]> -
0.15.0-13
- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
* Fri Jan 26 2024 Fedora Release Engineering <[email protected]> -
0.15.0-12
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2360699 - ruff-0.14.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2360699
[ 2 ] Bug #2405468 - CVE-2025-62518 rust-astral-tokio-tar: astral-tokio-tar
Vulnerable to PAX Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405468
[ 3 ] Bug #2405469 - CVE-2025-62518 uv: astral-tokio-tar Vulnerable to PAX
Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405469
[ 4 ] Bug #2406135 - ruff-0.14.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2406135
--------------------------------------------------------------------------------
================================================================================
rust-get-size-derive2-0.7.0-1.el10_2 (FEDORA-EPEL-2025-d12b62c436)
Derives the GetSize trait
--------------------------------------------------------------------------------
Update Information:
uv 0.8.24
https://github.com/astral-sh/uv/blob/0.8.24/CHANGELOG.md
Since uv was built with astral-tokio-tar 0.5.6, this is a security fix for
CVE-2025-62518.
ruff 0.14.2
https://github.com/astral-sh/ruff/blob/0.14.2/CHANGELOG.md
rust-astral-tokio-tar 0.5.6
Fixed a parser desynchronization vulnerability when reading tar archives that
contain mismatched size information in PAX/ustar headers.
This vulnerability is being tracked as GHSA-j5gw-2vrg-8fgx
and CVE-2025-62518.
Initial packages for a number of new dependencies for ruff and uv, and initial
EPEL10 packages for a few of their dependencies.
Update rust-tikv-jemallocator and rust-tikv-jemalloc-sys to 0.6.1.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Oct 20 2025 Benjamin A. Beasley <[email protected]> - 0.7.0-1
- Initial package (close RHBZ#2398141)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2360699 - ruff-0.14.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2360699
[ 2 ] Bug #2405468 - CVE-2025-62518 rust-astral-tokio-tar: astral-tokio-tar
Vulnerable to PAX Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405468
[ 3 ] Bug #2405469 - CVE-2025-62518 uv: astral-tokio-tar Vulnerable to PAX
Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405469
[ 4 ] Bug #2406135 - ruff-0.14.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2406135
--------------------------------------------------------------------------------
================================================================================
rust-get-size2-0.7.0-2.el10_2 (FEDORA-EPEL-2025-d12b62c436)
Determine the size in bytes an object occupies inside RAM
--------------------------------------------------------------------------------
Update Information:
uv 0.8.24
https://github.com/astral-sh/uv/blob/0.8.24/CHANGELOG.md
Since uv was built with astral-tokio-tar 0.5.6, this is a security fix for
CVE-2025-62518.
ruff 0.14.2
https://github.com/astral-sh/ruff/blob/0.14.2/CHANGELOG.md
rust-astral-tokio-tar 0.5.6
Fixed a parser desynchronization vulnerability when reading tar archives that
contain mismatched size information in PAX/ustar headers.
This vulnerability is being tracked as GHSA-j5gw-2vrg-8fgx
and CVE-2025-62518.
Initial packages for a number of new dependencies for ruff and uv, and initial
EPEL10 packages for a few of their dependencies.
Update rust-tikv-jemallocator and rust-tikv-jemalloc-sys to 0.6.1.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Oct 20 2025 Benjamin A. Beasley <[email protected]> - 0.7.0-2
- Add missing rust2rpm.toml file
* Mon Oct 20 2025 Benjamin A. Beasley <[email protected]> - 0.7.0-1
- Initial package (close RHBZ#2398235)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2360699 - ruff-0.14.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2360699
[ 2 ] Bug #2405468 - CVE-2025-62518 rust-astral-tokio-tar: astral-tokio-tar
Vulnerable to PAX Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405468
[ 3 ] Bug #2405469 - CVE-2025-62518 uv: astral-tokio-tar Vulnerable to PAX
Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405469
[ 4 ] Bug #2406135 - ruff-0.14.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2406135
--------------------------------------------------------------------------------
================================================================================
rust-interpolator-0.5.0-3.el10_2 (FEDORA-EPEL-2025-d12b62c436)
Runtime format strings, fully compatible with std's macros
--------------------------------------------------------------------------------
Update Information:
uv 0.8.24
https://github.com/astral-sh/uv/blob/0.8.24/CHANGELOG.md
Since uv was built with astral-tokio-tar 0.5.6, this is a security fix for
CVE-2025-62518.
ruff 0.14.2
https://github.com/astral-sh/ruff/blob/0.14.2/CHANGELOG.md
rust-astral-tokio-tar 0.5.6
Fixed a parser desynchronization vulnerability when reading tar archives that
contain mismatched size information in PAX/ustar headers.
This vulnerability is being tracked as GHSA-j5gw-2vrg-8fgx
and CVE-2025-62518.
Initial packages for a number of new dependencies for ruff and uv, and initial
EPEL10 packages for a few of their dependencies.
Update rust-tikv-jemallocator and rust-tikv-jemalloc-sys to 0.6.1.
--------------------------------------------------------------------------------
ChangeLog:
* Sat Oct 4 2025 Benjamin A. Beasley <[email protected]> - 0.5.0-3
- Omit some unnecessary dev-dependencies
* Sat Oct 4 2025 Benjamin A. Beasley <[email protected]> - 0.5.0-2
- No longer allow proptest-derive 0.5
* Thu Oct 2 2025 Benjamin A. Beasley <[email protected]> - 0.5.0-1
- Initial package (close RHBZ#2398112)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2360699 - ruff-0.14.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2360699
[ 2 ] Bug #2405468 - CVE-2025-62518 rust-astral-tokio-tar: astral-tokio-tar
Vulnerable to PAX Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405468
[ 3 ] Bug #2405469 - CVE-2025-62518 uv: astral-tokio-tar Vulnerable to PAX
Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405469
[ 4 ] Bug #2406135 - ruff-0.14.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2406135
--------------------------------------------------------------------------------
================================================================================
rust-intrusive-collections-0.9.7-3.el10_2 (FEDORA-EPEL-2025-d12b62c436)
Intrusive collections for Rust (linked list and red-black tree)
--------------------------------------------------------------------------------
Update Information:
uv 0.8.24
https://github.com/astral-sh/uv/blob/0.8.24/CHANGELOG.md
Since uv was built with astral-tokio-tar 0.5.6, this is a security fix for
CVE-2025-62518.
ruff 0.14.2
https://github.com/astral-sh/ruff/blob/0.14.2/CHANGELOG.md
rust-astral-tokio-tar 0.5.6
Fixed a parser desynchronization vulnerability when reading tar archives that
contain mismatched size information in PAX/ustar headers.
This vulnerability is being tracked as GHSA-j5gw-2vrg-8fgx
and CVE-2025-62518.
Initial packages for a number of new dependencies for ruff and uv, and initial
EPEL10 packages for a few of their dependencies.
Update rust-tikv-jemallocator and rust-tikv-jemalloc-sys to 0.6.1.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jul 25 2025 Fedora Release Engineering <[email protected]> -
0.9.7-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
* Sun Jan 19 2025 Fedora Release Engineering <[email protected]> -
0.9.7-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
* Tue Sep 17 2024 Fabio Valentini <[email protected]> - 0.9.7-1
- Update to version 0.9.7; Fixes RHBZ#2310229
* Fri Jul 19 2024 Fedora Release Engineering <[email protected]> -
0.9.6-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
* Wed Jul 10 2024 Oliver Steffen <[email protected]> - 0.9.6-1
- Initial import (fedora#2290692).
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2360699 - ruff-0.14.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2360699
[ 2 ] Bug #2405468 - CVE-2025-62518 rust-astral-tokio-tar: astral-tokio-tar
Vulnerable to PAX Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405468
[ 3 ] Bug #2405469 - CVE-2025-62518 uv: astral-tokio-tar Vulnerable to PAX
Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405469
[ 4 ] Bug #2406135 - ruff-0.14.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2406135
--------------------------------------------------------------------------------
================================================================================
rust-is-terminal-0.4.17-1.el10_2 (FEDORA-EPEL-2025-deab1ff788)
Test whether a given stream is a terminal
--------------------------------------------------------------------------------
Update Information:
Update to version 0.4.17.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Oct 24 2025 Fabio Valentini <[email protected]> - 0.4.17-1
- Update to version 0.4.17; Fixes RHBZ#2406099
* Fri Jul 25 2025 Fedora Release Engineering <[email protected]> -
0.4.16-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
rust-macro_rules_attribute-0.2.2-2.el10_2 (FEDORA-EPEL-2025-d12b62c436)
Use declarative macros in attribute or derive position
--------------------------------------------------------------------------------
Update Information:
uv 0.8.24
https://github.com/astral-sh/uv/blob/0.8.24/CHANGELOG.md
Since uv was built with astral-tokio-tar 0.5.6, this is a security fix for
CVE-2025-62518.
ruff 0.14.2
https://github.com/astral-sh/ruff/blob/0.14.2/CHANGELOG.md
rust-astral-tokio-tar 0.5.6
Fixed a parser desynchronization vulnerability when reading tar archives that
contain mismatched size information in PAX/ustar headers.
This vulnerability is being tracked as GHSA-j5gw-2vrg-8fgx
and CVE-2025-62518.
Initial packages for a number of new dependencies for ruff and uv, and initial
EPEL10 packages for a few of their dependencies.
Update rust-tikv-jemallocator and rust-tikv-jemalloc-sys to 0.6.1.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jul 25 2025 Fedora Release Engineering <[email protected]> -
0.2.2-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
* Tue Jun 10 2025 Alexander F. Lent <[email protected]> - 0.2.2-1
- Initial Import (rhbz#2358542).
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2360699 - ruff-0.14.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2360699
[ 2 ] Bug #2405468 - CVE-2025-62518 rust-astral-tokio-tar: astral-tokio-tar
Vulnerable to PAX Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405468
[ 3 ] Bug #2405469 - CVE-2025-62518 uv: astral-tokio-tar Vulnerable to PAX
Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405469
[ 4 ] Bug #2406135 - ruff-0.14.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2406135
--------------------------------------------------------------------------------
================================================================================
rust-macro_rules_attribute-proc_macro-0.2.2-2.el10_2
(FEDORA-EPEL-2025-d12b62c436)
Use declarative macros as proc_macro attributes or derives
--------------------------------------------------------------------------------
Update Information:
uv 0.8.24
https://github.com/astral-sh/uv/blob/0.8.24/CHANGELOG.md
Since uv was built with astral-tokio-tar 0.5.6, this is a security fix for
CVE-2025-62518.
ruff 0.14.2
https://github.com/astral-sh/ruff/blob/0.14.2/CHANGELOG.md
rust-astral-tokio-tar 0.5.6
Fixed a parser desynchronization vulnerability when reading tar archives that
contain mismatched size information in PAX/ustar headers.
This vulnerability is being tracked as GHSA-j5gw-2vrg-8fgx
and CVE-2025-62518.
Initial packages for a number of new dependencies for ruff and uv, and initial
EPEL10 packages for a few of their dependencies.
Update rust-tikv-jemallocator and rust-tikv-jemalloc-sys to 0.6.1.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jul 25 2025 Fedora Release Engineering <[email protected]> -
0.2.2-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
* Tue Jun 3 2025 Alexander F. Lent <[email protected]> - 0.2.2-1
- Update macro_rules_attribute-proc_macro to 0.2.2
* Tue Jun 3 2025 Alexander F. Lent <[email protected]> - 0.2.0-1
- Initial Import (rhbz#2358541).
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2360699 - ruff-0.14.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2360699
[ 2 ] Bug #2405468 - CVE-2025-62518 rust-astral-tokio-tar: astral-tokio-tar
Vulnerable to PAX Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405468
[ 3 ] Bug #2405469 - CVE-2025-62518 uv: astral-tokio-tar Vulnerable to PAX
Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405469
[ 4 ] Bug #2406135 - ruff-0.14.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2406135
--------------------------------------------------------------------------------
================================================================================
rust-manyhow-0.11.4-1.el10_2 (FEDORA-EPEL-2025-d12b62c436)
Proc macro error handling à la anyhow x proc-macro-error
--------------------------------------------------------------------------------
Update Information:
uv 0.8.24
https://github.com/astral-sh/uv/blob/0.8.24/CHANGELOG.md
Since uv was built with astral-tokio-tar 0.5.6, this is a security fix for
CVE-2025-62518.
ruff 0.14.2
https://github.com/astral-sh/ruff/blob/0.14.2/CHANGELOG.md
rust-astral-tokio-tar 0.5.6
Fixed a parser desynchronization vulnerability when reading tar archives that
contain mismatched size information in PAX/ustar headers.
This vulnerability is being tracked as GHSA-j5gw-2vrg-8fgx
and CVE-2025-62518.
Initial packages for a number of new dependencies for ruff and uv, and initial
EPEL10 packages for a few of their dependencies.
Update rust-tikv-jemallocator and rust-tikv-jemalloc-sys to 0.6.1.
--------------------------------------------------------------------------------
ChangeLog:
* Sat Oct 4 2025 Benjamin A. Beasley <[email protected]> - 0.11.4-1
- Initial package (close RHBZ#2398062)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2360699 - ruff-0.14.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2360699
[ 2 ] Bug #2405468 - CVE-2025-62518 rust-astral-tokio-tar: astral-tokio-tar
Vulnerable to PAX Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405468
[ 3 ] Bug #2405469 - CVE-2025-62518 uv: astral-tokio-tar Vulnerable to PAX
Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405469
[ 4 ] Bug #2406135 - ruff-0.14.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2406135
--------------------------------------------------------------------------------
================================================================================
rust-manyhow-macros-0.11.4-1.el10_2 (FEDORA-EPEL-2025-d12b62c436)
Macro for manyhow
--------------------------------------------------------------------------------
Update Information:
uv 0.8.24
https://github.com/astral-sh/uv/blob/0.8.24/CHANGELOG.md
Since uv was built with astral-tokio-tar 0.5.6, this is a security fix for
CVE-2025-62518.
ruff 0.14.2
https://github.com/astral-sh/ruff/blob/0.14.2/CHANGELOG.md
rust-astral-tokio-tar 0.5.6
Fixed a parser desynchronization vulnerability when reading tar archives that
contain mismatched size information in PAX/ustar headers.
This vulnerability is being tracked as GHSA-j5gw-2vrg-8fgx
and CVE-2025-62518.
Initial packages for a number of new dependencies for ruff and uv, and initial
EPEL10 packages for a few of their dependencies.
Update rust-tikv-jemallocator and rust-tikv-jemalloc-sys to 0.6.1.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 2 2025 Benjamin A. Beasley <[email protected]> - 0.11.4-1
- Initial package (close RHBZ#2398059)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2360699 - ruff-0.14.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2360699
[ 2 ] Bug #2405468 - CVE-2025-62518 rust-astral-tokio-tar: astral-tokio-tar
Vulnerable to PAX Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405468
[ 3 ] Bug #2405469 - CVE-2025-62518 uv: astral-tokio-tar Vulnerable to PAX
Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405469
[ 4 ] Bug #2406135 - ruff-0.14.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2406135
--------------------------------------------------------------------------------
================================================================================
rust-ordered-multimap-0.7.3-2.el10_2 (FEDORA-EPEL-2025-d12b62c436)
Insertion ordered multimap
--------------------------------------------------------------------------------
Update Information:
uv 0.8.24
https://github.com/astral-sh/uv/blob/0.8.24/CHANGELOG.md
Since uv was built with astral-tokio-tar 0.5.6, this is a security fix for
CVE-2025-62518.
ruff 0.14.2
https://github.com/astral-sh/ruff/blob/0.14.2/CHANGELOG.md
rust-astral-tokio-tar 0.5.6
Fixed a parser desynchronization vulnerability when reading tar archives that
contain mismatched size information in PAX/ustar headers.
This vulnerability is being tracked as GHSA-j5gw-2vrg-8fgx
and CVE-2025-62518.
Initial packages for a number of new dependencies for ruff and uv, and initial
EPEL10 packages for a few of their dependencies.
Update rust-tikv-jemallocator and rust-tikv-jemalloc-sys to 0.6.1.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jul 25 2025 Fedora Release Engineering <[email protected]> -
0.7.3-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
* Thu May 1 2025 Cristian Le <[email protected]> - 0.7.3-1
- Update to version 0.7.3; Fixes RHBZ#1976416
* Sun Jan 19 2025 Fedora Release Engineering <[email protected]> -
0.4.3-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
* Sat Jul 20 2024 Fedora Release Engineering <[email protected]> -
0.4.3-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
* Fri Jan 26 2024 Fedora Release Engineering <[email protected]> -
0.4.3-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2360699 - ruff-0.14.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2360699
[ 2 ] Bug #2405468 - CVE-2025-62518 rust-astral-tokio-tar: astral-tokio-tar
Vulnerable to PAX Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405468
[ 3 ] Bug #2405469 - CVE-2025-62518 uv: astral-tokio-tar Vulnerable to PAX
Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405469
[ 4 ] Bug #2406135 - ruff-0.14.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2406135
--------------------------------------------------------------------------------
================================================================================
rust-proc-macro-utils-0.10.0-1.el10_2 (FEDORA-EPEL-2025-d12b62c436)
Low-level utilities on proc-macro and proc-macro2 types
--------------------------------------------------------------------------------
Update Information:
uv 0.8.24
https://github.com/astral-sh/uv/blob/0.8.24/CHANGELOG.md
Since uv was built with astral-tokio-tar 0.5.6, this is a security fix for
CVE-2025-62518.
ruff 0.14.2
https://github.com/astral-sh/ruff/blob/0.14.2/CHANGELOG.md
rust-astral-tokio-tar 0.5.6
Fixed a parser desynchronization vulnerability when reading tar archives that
contain mismatched size information in PAX/ustar headers.
This vulnerability is being tracked as GHSA-j5gw-2vrg-8fgx
and CVE-2025-62518.
Initial packages for a number of new dependencies for ruff and uv, and initial
EPEL10 packages for a few of their dependencies.
Update rust-tikv-jemallocator and rust-tikv-jemalloc-sys to 0.6.1.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Sep 29 2025 Benjamin A. Beasley <[email protected]> - 0.10.0-1
- Initial package (close RHBZ#2398050)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2360699 - ruff-0.14.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2360699
[ 2 ] Bug #2405468 - CVE-2025-62518 rust-astral-tokio-tar: astral-tokio-tar
Vulnerable to PAX Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405468
[ 3 ] Bug #2405469 - CVE-2025-62518 uv: astral-tokio-tar Vulnerable to PAX
Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405469
[ 4 ] Bug #2406135 - ruff-0.14.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2406135
--------------------------------------------------------------------------------
================================================================================
rust-quote-use-0.8.4-2.el10_2 (FEDORA-EPEL-2025-d12b62c436)
Support use in procmacros hygienically
--------------------------------------------------------------------------------
Update Information:
uv 0.8.24
https://github.com/astral-sh/uv/blob/0.8.24/CHANGELOG.md
Since uv was built with astral-tokio-tar 0.5.6, this is a security fix for
CVE-2025-62518.
ruff 0.14.2
https://github.com/astral-sh/ruff/blob/0.14.2/CHANGELOG.md
rust-astral-tokio-tar 0.5.6
Fixed a parser desynchronization vulnerability when reading tar archives that
contain mismatched size information in PAX/ustar headers.
This vulnerability is being tracked as GHSA-j5gw-2vrg-8fgx
and CVE-2025-62518.
Initial packages for a number of new dependencies for ruff and uv, and initial
EPEL10 packages for a few of their dependencies.
Update rust-tikv-jemallocator and rust-tikv-jemalloc-sys to 0.6.1.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Oct 7 2025 Benjamin A. Beasley <[email protected]> - 0.8.4-2
- Omit several unused dev-dependencies
* Sat Oct 4 2025 Benjamin A. Beasley <[email protected]> - 0.8.4-1
- Initial package (close RHBZ#2398057)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2360699 - ruff-0.14.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2360699
[ 2 ] Bug #2405468 - CVE-2025-62518 rust-astral-tokio-tar: astral-tokio-tar
Vulnerable to PAX Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405468
[ 3 ] Bug #2405469 - CVE-2025-62518 uv: astral-tokio-tar Vulnerable to PAX
Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405469
[ 4 ] Bug #2406135 - ruff-0.14.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2406135
--------------------------------------------------------------------------------
================================================================================
rust-quote-use-macros-0.8.4-1.el10_2 (FEDORA-EPEL-2025-d12b62c436)
Support use in procmacros hygienically
--------------------------------------------------------------------------------
Update Information:
uv 0.8.24
https://github.com/astral-sh/uv/blob/0.8.24/CHANGELOG.md
Since uv was built with astral-tokio-tar 0.5.6, this is a security fix for
CVE-2025-62518.
ruff 0.14.2
https://github.com/astral-sh/ruff/blob/0.14.2/CHANGELOG.md
rust-astral-tokio-tar 0.5.6
Fixed a parser desynchronization vulnerability when reading tar archives that
contain mismatched size information in PAX/ustar headers.
This vulnerability is being tracked as GHSA-j5gw-2vrg-8fgx
and CVE-2025-62518.
Initial packages for a number of new dependencies for ruff and uv, and initial
EPEL10 packages for a few of their dependencies.
Update rust-tikv-jemallocator and rust-tikv-jemalloc-sys to 0.6.1.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 2 2025 Benjamin A. Beasley <[email protected]> - 0.8.4-1
- Initial package (close RHBZ#2398054)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2360699 - ruff-0.14.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2360699
[ 2 ] Bug #2405468 - CVE-2025-62518 rust-astral-tokio-tar: astral-tokio-tar
Vulnerable to PAX Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405468
[ 3 ] Bug #2405469 - CVE-2025-62518 uv: astral-tokio-tar Vulnerable to PAX
Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405469
[ 4 ] Bug #2406135 - ruff-0.14.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2406135
--------------------------------------------------------------------------------
================================================================================
rust-reqsign-0.17.0-1.el10_2 (FEDORA-EPEL-2025-d12b62c436)
Signing HTTP requests for popular cloud services
--------------------------------------------------------------------------------
Update Information:
uv 0.8.24
https://github.com/astral-sh/uv/blob/0.8.24/CHANGELOG.md
Since uv was built with astral-tokio-tar 0.5.6, this is a security fix for
CVE-2025-62518.
ruff 0.14.2
https://github.com/astral-sh/ruff/blob/0.14.2/CHANGELOG.md
rust-astral-tokio-tar 0.5.6
Fixed a parser desynchronization vulnerability when reading tar archives that
contain mismatched size information in PAX/ustar headers.
This vulnerability is being tracked as GHSA-j5gw-2vrg-8fgx
and CVE-2025-62518.
Initial packages for a number of new dependencies for ruff and uv, and initial
EPEL10 packages for a few of their dependencies.
Update rust-tikv-jemallocator and rust-tikv-jemalloc-sys to 0.6.1.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Oct 22 2025 Benjamin A. Beasley <[email protected]> - 0.17.0-1
- Initial package (close RHBZ#2400218)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2360699 - ruff-0.14.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2360699
[ 2 ] Bug #2405468 - CVE-2025-62518 rust-astral-tokio-tar: astral-tokio-tar
Vulnerable to PAX Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405468
[ 3 ] Bug #2405469 - CVE-2025-62518 uv: astral-tokio-tar Vulnerable to PAX
Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405469
[ 4 ] Bug #2406135 - ruff-0.14.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2406135
--------------------------------------------------------------------------------
================================================================================
rust-reqsign-aws-v4-1.0.0-1.el10_2 (FEDORA-EPEL-2025-d12b62c436)
Signing API requests without effort
--------------------------------------------------------------------------------
Update Information:
uv 0.8.24
https://github.com/astral-sh/uv/blob/0.8.24/CHANGELOG.md
Since uv was built with astral-tokio-tar 0.5.6, this is a security fix for
CVE-2025-62518.
ruff 0.14.2
https://github.com/astral-sh/ruff/blob/0.14.2/CHANGELOG.md
rust-astral-tokio-tar 0.5.6
Fixed a parser desynchronization vulnerability when reading tar archives that
contain mismatched size information in PAX/ustar headers.
This vulnerability is being tracked as GHSA-j5gw-2vrg-8fgx
and CVE-2025-62518.
Initial packages for a number of new dependencies for ruff and uv, and initial
EPEL10 packages for a few of their dependencies.
Update rust-tikv-jemallocator and rust-tikv-jemalloc-sys to 0.6.1.
--------------------------------------------------------------------------------
ChangeLog:
* Sat Oct 11 2025 Benjamin A. Beasley <[email protected]> - 1.0.0-1
- Initial package (close RHBZ#2400195)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2360699 - ruff-0.14.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2360699
[ 2 ] Bug #2405468 - CVE-2025-62518 rust-astral-tokio-tar: astral-tokio-tar
Vulnerable to PAX Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405468
[ 3 ] Bug #2405469 - CVE-2025-62518 uv: astral-tokio-tar Vulnerable to PAX
Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405469
[ 4 ] Bug #2406135 - ruff-0.14.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2406135
--------------------------------------------------------------------------------
================================================================================
rust-reqsign-command-execute-tokio-1.0.0-1.el10_2 (FEDORA-EPEL-2025-d12b62c436)
Tokio-based command execution implementation for reqsign
--------------------------------------------------------------------------------
Update Information:
uv 0.8.24
https://github.com/astral-sh/uv/blob/0.8.24/CHANGELOG.md
Since uv was built with astral-tokio-tar 0.5.6, this is a security fix for
CVE-2025-62518.
ruff 0.14.2
https://github.com/astral-sh/ruff/blob/0.14.2/CHANGELOG.md
rust-astral-tokio-tar 0.5.6
Fixed a parser desynchronization vulnerability when reading tar archives that
contain mismatched size information in PAX/ustar headers.
This vulnerability is being tracked as GHSA-j5gw-2vrg-8fgx
and CVE-2025-62518.
Initial packages for a number of new dependencies for ruff and uv, and initial
EPEL10 packages for a few of their dependencies.
Update rust-tikv-jemallocator and rust-tikv-jemalloc-sys to 0.6.1.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 2 2025 Benjamin A. Beasley <[email protected]> - 1.0.0-1
- Initial package (close RHBZ#2400111)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2360699 - ruff-0.14.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2360699
[ 2 ] Bug #2405468 - CVE-2025-62518 rust-astral-tokio-tar: astral-tokio-tar
Vulnerable to PAX Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405468
[ 3 ] Bug #2405469 - CVE-2025-62518 uv: astral-tokio-tar Vulnerable to PAX
Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405469
[ 4 ] Bug #2406135 - ruff-0.14.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2406135
--------------------------------------------------------------------------------
================================================================================
rust-reqsign-core-1.0.0-1.el10_2 (FEDORA-EPEL-2025-d12b62c436)
Signing API requests without effort
--------------------------------------------------------------------------------
Update Information:
uv 0.8.24
https://github.com/astral-sh/uv/blob/0.8.24/CHANGELOG.md
Since uv was built with astral-tokio-tar 0.5.6, this is a security fix for
CVE-2025-62518.
ruff 0.14.2
https://github.com/astral-sh/ruff/blob/0.14.2/CHANGELOG.md
rust-astral-tokio-tar 0.5.6
Fixed a parser desynchronization vulnerability when reading tar archives that
contain mismatched size information in PAX/ustar headers.
This vulnerability is being tracked as GHSA-j5gw-2vrg-8fgx
and CVE-2025-62518.
Initial packages for a number of new dependencies for ruff and uv, and initial
EPEL10 packages for a few of their dependencies.
Update rust-tikv-jemallocator and rust-tikv-jemalloc-sys to 0.6.1.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Sep 30 2025 Benjamin A. Beasley <[email protected]> - 1.0.0-1
- Initial package (close RHBZ#2400096)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2360699 - ruff-0.14.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2360699
[ 2 ] Bug #2405468 - CVE-2025-62518 rust-astral-tokio-tar: astral-tokio-tar
Vulnerable to PAX Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405468
[ 3 ] Bug #2405469 - CVE-2025-62518 uv: astral-tokio-tar Vulnerable to PAX
Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405469
[ 4 ] Bug #2406135 - ruff-0.14.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2406135
--------------------------------------------------------------------------------
================================================================================
rust-reqsign-file-read-tokio-1.0.0-1.el10_2 (FEDORA-EPEL-2025-d12b62c436)
Signing API requests without effort
--------------------------------------------------------------------------------
Update Information:
uv 0.8.24
https://github.com/astral-sh/uv/blob/0.8.24/CHANGELOG.md
Since uv was built with astral-tokio-tar 0.5.6, this is a security fix for
CVE-2025-62518.
ruff 0.14.2
https://github.com/astral-sh/ruff/blob/0.14.2/CHANGELOG.md
rust-astral-tokio-tar 0.5.6
Fixed a parser desynchronization vulnerability when reading tar archives that
contain mismatched size information in PAX/ustar headers.
This vulnerability is being tracked as GHSA-j5gw-2vrg-8fgx
and CVE-2025-62518.
Initial packages for a number of new dependencies for ruff and uv, and initial
EPEL10 packages for a few of their dependencies.
Update rust-tikv-jemallocator and rust-tikv-jemalloc-sys to 0.6.1.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Oct 8 2025 Benjamin A. Beasley <[email protected]> - 1.0.0-1
- Initial package (close RHBZ#2400101)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2360699 - ruff-0.14.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2360699
[ 2 ] Bug #2405468 - CVE-2025-62518 rust-astral-tokio-tar: astral-tokio-tar
Vulnerable to PAX Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405468
[ 3 ] Bug #2405469 - CVE-2025-62518 uv: astral-tokio-tar Vulnerable to PAX
Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405469
[ 4 ] Bug #2406135 - ruff-0.14.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2406135
--------------------------------------------------------------------------------
================================================================================
rust-reqsign-http-send-reqwest-1.0.0-1.el10_2 (FEDORA-EPEL-2025-d12b62c436)
Signing API requests without effort
--------------------------------------------------------------------------------
Update Information:
uv 0.8.24
https://github.com/astral-sh/uv/blob/0.8.24/CHANGELOG.md
Since uv was built with astral-tokio-tar 0.5.6, this is a security fix for
CVE-2025-62518.
ruff 0.14.2
https://github.com/astral-sh/ruff/blob/0.14.2/CHANGELOG.md
rust-astral-tokio-tar 0.5.6
Fixed a parser desynchronization vulnerability when reading tar archives that
contain mismatched size information in PAX/ustar headers.
This vulnerability is being tracked as GHSA-j5gw-2vrg-8fgx
and CVE-2025-62518.
Initial packages for a number of new dependencies for ruff and uv, and initial
EPEL10 packages for a few of their dependencies.
Update rust-tikv-jemallocator and rust-tikv-jemalloc-sys to 0.6.1.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 2 2025 Benjamin A. Beasley <[email protected]> - 1.0.0-1
- Initial package (close RHBZ#2400100)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2360699 - ruff-0.14.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2360699
[ 2 ] Bug #2405468 - CVE-2025-62518 rust-astral-tokio-tar: astral-tokio-tar
Vulnerable to PAX Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405468
[ 3 ] Bug #2405469 - CVE-2025-62518 uv: astral-tokio-tar Vulnerable to PAX
Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405469
[ 4 ] Bug #2406135 - ruff-0.14.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2406135
--------------------------------------------------------------------------------
================================================================================
rust-rust-ini-0.21.3-1.el10_2 (FEDORA-EPEL-2025-d12b62c436)
Ini configuration file parsing library in Rust
--------------------------------------------------------------------------------
Update Information:
uv 0.8.24
https://github.com/astral-sh/uv/blob/0.8.24/CHANGELOG.md
Since uv was built with astral-tokio-tar 0.5.6, this is a security fix for
CVE-2025-62518.
ruff 0.14.2
https://github.com/astral-sh/ruff/blob/0.14.2/CHANGELOG.md
rust-astral-tokio-tar 0.5.6
Fixed a parser desynchronization vulnerability when reading tar archives that
contain mismatched size information in PAX/ustar headers.
This vulnerability is being tracked as GHSA-j5gw-2vrg-8fgx
and CVE-2025-62518.
Initial packages for a number of new dependencies for ruff and uv, and initial
EPEL10 packages for a few of their dependencies.
Update rust-tikv-jemallocator and rust-tikv-jemalloc-sys to 0.6.1.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Oct 22 2025 Fabio Valentini <[email protected]> - 0.21.3-1
- Update to version 0.21.3; Fixes RHBZ#2392154
* Fri Jul 25 2025 Fedora Release Engineering <[email protected]> -
0.21.2-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
* Tue Jul 8 2025 Fabio Valentini <[email protected]> - 0.21.2-1
- Update to version 0.21.2; Fixes RHBZ#2375939
* Thu May 1 2025 Cristian Le <[email protected]> - 0.21.1-1
- Update to version 0.21.1; Fixes RHBZ#2193253
* Sun Jan 19 2025 Fedora Release Engineering <[email protected]> -
0.18.0-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
* Sat Jul 20 2024 Fedora Release Engineering <[email protected]> -
0.18.0-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
* Fri Jan 26 2024 Fedora Release Engineering <[email protected]> -
0.18.0-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2360699 - ruff-0.14.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2360699
[ 2 ] Bug #2405468 - CVE-2025-62518 rust-astral-tokio-tar: astral-tokio-tar
Vulnerable to PAX Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405468
[ 3 ] Bug #2405469 - CVE-2025-62518 uv: astral-tokio-tar Vulnerable to PAX
Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405469
[ 4 ] Bug #2406135 - ruff-0.14.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2406135
--------------------------------------------------------------------------------
================================================================================
rust-tikv-jemalloc-sys-0.6.1-1.el10_2 (FEDORA-EPEL-2025-d12b62c436)
Rust FFI bindings to jemalloc
--------------------------------------------------------------------------------
Update Information:
uv 0.8.24
https://github.com/astral-sh/uv/blob/0.8.24/CHANGELOG.md
Since uv was built with astral-tokio-tar 0.5.6, this is a security fix for
CVE-2025-62518.
ruff 0.14.2
https://github.com/astral-sh/ruff/blob/0.14.2/CHANGELOG.md
rust-astral-tokio-tar 0.5.6
Fixed a parser desynchronization vulnerability when reading tar archives that
contain mismatched size information in PAX/ustar headers.
This vulnerability is being tracked as GHSA-j5gw-2vrg-8fgx
and CVE-2025-62518.
Initial packages for a number of new dependencies for ruff and uv, and initial
EPEL10 packages for a few of their dependencies.
Update rust-tikv-jemallocator and rust-tikv-jemalloc-sys to 0.6.1.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 16 2025 Benjamin A. Beasley <[email protected]> - 0.6.1-1
- Update to version 0.6.1
* Fri Jul 25 2025 Fedora Release Engineering <[email protected]> -
0.6.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2360699 - ruff-0.14.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2360699
[ 2 ] Bug #2405468 - CVE-2025-62518 rust-astral-tokio-tar: astral-tokio-tar
Vulnerable to PAX Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405468
[ 3 ] Bug #2405469 - CVE-2025-62518 uv: astral-tokio-tar Vulnerable to PAX
Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405469
[ 4 ] Bug #2406135 - ruff-0.14.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2406135
--------------------------------------------------------------------------------
================================================================================
rust-tikv-jemallocator-0.6.1-1.el10_2 (FEDORA-EPEL-2025-d12b62c436)
Rust allocator backed by jemalloc
--------------------------------------------------------------------------------
Update Information:
uv 0.8.24
https://github.com/astral-sh/uv/blob/0.8.24/CHANGELOG.md
Since uv was built with astral-tokio-tar 0.5.6, this is a security fix for
CVE-2025-62518.
ruff 0.14.2
https://github.com/astral-sh/ruff/blob/0.14.2/CHANGELOG.md
rust-astral-tokio-tar 0.5.6
Fixed a parser desynchronization vulnerability when reading tar archives that
contain mismatched size information in PAX/ustar headers.
This vulnerability is being tracked as GHSA-j5gw-2vrg-8fgx
and CVE-2025-62518.
Initial packages for a number of new dependencies for ruff and uv, and initial
EPEL10 packages for a few of their dependencies.
Update rust-tikv-jemallocator and rust-tikv-jemalloc-sys to 0.6.1.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 16 2025 Benjamin A. Beasley <[email protected]> - 0.6.1-1
- Update to version 0.6.1; Fixes RHBZ#2404523
* Fri Jul 25 2025 Fedora Release Engineering <[email protected]> -
0.6.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2360699 - ruff-0.14.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2360699
[ 2 ] Bug #2405468 - CVE-2025-62518 rust-astral-tokio-tar: astral-tokio-tar
Vulnerable to PAX Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405468
[ 3 ] Bug #2405469 - CVE-2025-62518 uv: astral-tokio-tar Vulnerable to PAX
Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405469
[ 4 ] Bug #2406135 - ruff-0.14.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2406135
--------------------------------------------------------------------------------
================================================================================
rust-trybuild2-1.2.0-5.el10_2 (FEDORA-EPEL-2025-d12b62c436)
Test harness for ui tests of compiler diagnostics
--------------------------------------------------------------------------------
Update Information:
uv 0.8.24
https://github.com/astral-sh/uv/blob/0.8.24/CHANGELOG.md
Since uv was built with astral-tokio-tar 0.5.6, this is a security fix for
CVE-2025-62518.
ruff 0.14.2
https://github.com/astral-sh/ruff/blob/0.14.2/CHANGELOG.md
rust-astral-tokio-tar 0.5.6
Fixed a parser desynchronization vulnerability when reading tar archives that
contain mismatched size information in PAX/ustar headers.
This vulnerability is being tracked as GHSA-j5gw-2vrg-8fgx
and CVE-2025-62518.
Initial packages for a number of new dependencies for ruff and uv, and initial
EPEL10 packages for a few of their dependencies.
Update rust-tikv-jemallocator and rust-tikv-jemalloc-sys to 0.6.1.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jul 25 2025 Fedora Release Engineering <[email protected]> -
1.2.0-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
* Sun Jan 19 2025 Fedora Release Engineering <[email protected]> -
1.2.0-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
* Sat Jul 20 2024 Fedora Release Engineering <[email protected]> -
1.2.0-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
* Sat Jan 27 2024 Fedora Release Engineering <[email protected]> -
1.2.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Thu Jan 11 2024 Fabio Valentini <[email protected]> - 1.2.0-1
- Update to version 1.2.0; Fixes RHBZ#2253010
* Thu Jul 27 2023 Fabio Valentini <[email protected]> - 1.1.0-1
- Update to version 1.1.0; Fixes RHBZ#2224729
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2360699 - ruff-0.14.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2360699
[ 2 ] Bug #2405468 - CVE-2025-62518 rust-astral-tokio-tar: astral-tokio-tar
Vulnerable to PAX Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405468
[ 3 ] Bug #2405469 - CVE-2025-62518 uv: astral-tokio-tar Vulnerable to PAX
Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405469
[ 4 ] Bug #2406135 - ruff-0.14.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2406135
--------------------------------------------------------------------------------
================================================================================
tmt-1.60.0-1.el10_2 (FEDORA-EPEL-2025-dcd7b1820e)
Test Management Tool
--------------------------------------------------------------------------------
Update Information:
Automatic update for tmt-1.60.0-1.el10_2.
Changelog for tmt
* Thu Oct 23 2025 Packit <[email protected]> - 1.60.0-1
- Update to version 1.60.0
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 23 2025 Packit <[email protected]> - 1.60.0-1
- Update to version 1.60.0
--------------------------------------------------------------------------------
================================================================================
uv-0.8.24-3.el10_2 (FEDORA-EPEL-2025-d12b62c436)
An extremely fast Python package installer and resolver, written in Rust
--------------------------------------------------------------------------------
Update Information:
uv 0.8.24
https://github.com/astral-sh/uv/blob/0.8.24/CHANGELOG.md
Since uv was built with astral-tokio-tar 0.5.6, this is a security fix for
CVE-2025-62518.
ruff 0.14.2
https://github.com/astral-sh/ruff/blob/0.14.2/CHANGELOG.md
rust-astral-tokio-tar 0.5.6
Fixed a parser desynchronization vulnerability when reading tar archives that
contain mismatched size information in PAX/ustar headers.
This vulnerability is being tracked as GHSA-j5gw-2vrg-8fgx
and CVE-2025-62518.
Initial packages for a number of new dependencies for ruff and uv, and initial
EPEL10 packages for a few of their dependencies.
Update rust-tikv-jemallocator and rust-tikv-jemalloc-sys to 0.6.1.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 23 2025 Benjamin A. Beasley <[email protected]> - 0.8.24-3
- Revert "Allow hashbrown 0.15 (for EPEL10.1)"
* Thu Oct 23 2025 Benjamin A. Beasley <[email protected]> - 0.8.24-2
- Allow hashbrown 0.15 (for EPEL10.1)
* Wed Oct 22 2025 Benjamin A. Beasley <[email protected]> - 0.8.24-1
- Update to 0.8.24
* Wed Oct 22 2025 Benjamin A. Beasley <[email protected]> - 0.8.23-1
- Update to 0.8.23
* Wed Oct 22 2025 Benjamin A. Beasley <[email protected]> - 0.8.22-1
- Update to 0.8.22
* Wed Oct 22 2025 Benjamin A. Beasley <[email protected]> - 0.8.21-1
- Update to 0.8.21
* Thu Oct 16 2025 Gordon Messmer <[email protected]> - 0.8.20-2
- Use rpm's native resource tunable to limit parallelism.
* Mon Sep 29 2025 Benjamin A. Beasley <[email protected]> - 0.8.20-1
- Update to 0.8.20 (close RHBZ#2389326)
* Mon Sep 29 2025 Benjamin A. Beasley <[email protected]> - 0.8.19-1
- Update to 0.8.19
* Mon Sep 29 2025 Benjamin A. Beasley <[email protected]> - 0.8.18-1
- Update to 0.8.18
* Sun Sep 28 2025 Benjamin A. Beasley <[email protected]> - 0.8.17-1
- Update to 0.8.17
* Sun Sep 28 2025 Benjamin A. Beasley <[email protected]> - 0.8.16-1
- Update to 0.8.16
* Sun Sep 28 2025 Benjamin A. Beasley <[email protected]> - 0.8.15-1
- Update to 0.8.15
* Sun Sep 28 2025 Benjamin A. Beasley <[email protected]> - 0.8.14-1
- Update to 0.8.14
* Sun Sep 28 2025 Benjamin A. Beasley <[email protected]> - 0.8.13-1
- Update to 0.8.13
* Sun Sep 28 2025 Benjamin A. Beasley <[email protected]> - 0.8.12-1
- Update to 0.8.12
* Sun Sep 28 2025 Benjamin A. Beasley <[email protected]> - 0.8.11-5
- Use the bundled reqwest-middleware, too
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2360699 - ruff-0.14.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2360699
[ 2 ] Bug #2405468 - CVE-2025-62518 rust-astral-tokio-tar: astral-tokio-tar
Vulnerable to PAX Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405468
[ 3 ] Bug #2405469 - CVE-2025-62518 uv: astral-tokio-tar Vulnerable to PAX
Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405469
[ 4 ] Bug #2406135 - ruff-0.14.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2406135
--------------------------------------------------------------------------------
--
_______________________________________________
epel-devel mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/[email protected]
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
