The following builds have been pushed to Fedora EPEL 10.2 updates-testing
ascii-3.31-1.el10_2
baresip-4.5.0-1.el10_2
fcitx5-gtk-5.1.5-2.el10_2
helix-25.07.1-7.el10_2
libre-4.5.0-1.el10_2
maturin-1.9.6-3.el10_2
ntpd-rs-1.6.2-3.el10_2
partclone-0.3.45-1.el10_2
rust-ambient-id-0.0.8-1.el10_2
rust-bat-0.24.0-13.el10_2
rust-below-0.9.0-6.el10_2
rust-bytes-1.11.1-1.el10_2
rust-cargo-c-0.10.18-3.el10_2
rust-git2-0.20.4-1.el10_2
rust-jsonwebtoken-9.3.1-4.el10_2
rust-libdeflate-sys-1.25.2-1.el10_2
rust-libdeflater-1.25.2-1.el10_2
rust-num-conv-0.2.0-1.el10_2
rust-onefetch-2.26.1-7.el10_2
rust-rbw-1.13.2-5.el10_2
rust-routinator-0.14.2-4.el10_2
rust-speakersafetyd-1.0.2-6.el10_2
rust-time-0.3.47-1.el10_2
rust-time-core-0.1.8-1.el10_2
rust-time-macros-0.2.27-1.el10_2
rust-tokei-14.0.0-4.el10_2
rust-weezl-0.1.12-3.el10_2
tegrarcm-1.9-1.el10_2
uv-0.9.30-2.el10_2
xcb-imdkit-1.0.9-6.el10_2
Details about builds:
================================================================================
ascii-3.31-1.el10_2 (FEDORA-EPEL-2026-a31108b12c)
Interactive ascii name and synonym chart
--------------------------------------------------------------------------------
Update Information:
Update from upstream.
--------------------------------------------------------------------------------
ChangeLog:
* Sun Feb 8 2026 Didier Fabert <[email protected]> - 3.31-1
- Update to 3.31 version
* Fri Jan 16 2026 Fedora Release Engineering <[email protected]> - 3.30-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
* Fri Jan 16 2026 Fedora Release Engineering <[email protected]> - 3.30-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2437581 - ascii-3.31 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2437581
--------------------------------------------------------------------------------
================================================================================
baresip-4.5.0-1.el10_2 (FEDORA-EPEL-2026-c33b10af47)
Modular SIP user-agent with audio and video support
--------------------------------------------------------------------------------
Update Information:
Baresip v4.5.0 (2026-01-28)
rtprecv: fix race condition after video-display was closed
account: added ;check_origin parameter and API functions to get and set it
peerconn: always call close handler on destruct
account: misc improvements in core and test
rtprecv: fix tmr_cancel decode data race
audio: remove audio_txtelev_empty() -- unused
rtprecv: check re_thread_init() return value
test: use insecure warning (not needed for tests)
readme,license: update for new year
audio: remove audio_set_hold() -- unused
test: split test/call.c
test: add peer-connection test cases
uag: uag_filter_calls() support unlink in listh
mixausrc: rework
test: use audio_txtelev_empty() to check if DTMF was sent
test: add usage of more audio_xxx() functions in peerconn-test
audio: optimize source mutex handling
mixausrc sanitizer and EOS fixes
test mixausrc
httpd: print err instead of no reply
test: disable DNS-client cache in test_call_sni -- ref #3620
libre v4.5.0 (2026-01-28)
net: remove net_if_getaddr4() -- deprecated
test: add testing of dtls_set_handlers() api
h265: use h264_find_startcode() -- duplicated code
fmt: str_bool: reuse similar logic in pl_bool()
net: cleanup fallback return
fmt/print: add backtrace for incompatible format arguments
btrace: fix for linux addr2line
rtp: add RTP listen on single port
copyright: update for new year
async: do not hold lock during cb call
docs: fix README.md document include
tmr: improve thread list lock handling
aumix: add aumix_source_put_auframe and deprecate aumix_source_put
rtp/sess: fix ts_arrive calculation
--------------------------------------------------------------------------------
ChangeLog:
* Sun Feb 8 2026 Robert Scheck <[email protected]> 4.5.0-1
- Upgrade to 4.5.0 (#2433734)
* Fri Jan 16 2026 Fedora Release Engineering <[email protected]> -
4.4.0-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
* Fri Jan 16 2026 Fedora Release Engineering <[email protected]> -
4.4.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2433715 - libre-4.5.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2433715
[ 2 ] Bug #2433734 - baresip-4.5.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2433734
--------------------------------------------------------------------------------
================================================================================
fcitx5-gtk-5.1.5-2.el10_2 (FEDORA-EPEL-2026-453dce8c51)
Gtk im module and glib based dbus client library
--------------------------------------------------------------------------------
Update Information:
Just release what we have while waiting for dependencies
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jan 16 2026 Fedora Release Engineering <[email protected]> -
5.1.5-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
* Mon Dec 22 2025 Qiyu Yan <[email protected]> - 5.1.5-1
- update to upstream release 5.1.5
* Wed Jul 23 2025 Fedora Release Engineering <[email protected]> -
5.1.4-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
* Mon Jun 16 2025 Qiyu Yan <[email protected]> - 5.1.4-1
- update to upstream release 5.1.4
* Thu Jan 16 2025 Fedora Release Engineering <[email protected]> -
5.1.3-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
* Wed Aug 28 2024 Miroslav Suchý <[email protected]> - 5.1.3-3
- convert license to SPDX
* Wed Jul 17 2024 Fedora Release Engineering <[email protected]> -
5.1.3-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
* Tue Apr 23 2024 Qiyu Yan <[email protected]> - 5.1.3-1
- update to upstream release 5.1.3
* Fri Mar 1 2024 Qiyu Yan <[email protected]> - 5.1.2-1
- update to upstream release 5.1.2
* Mon Jan 29 2024 Karuboniru <[email protected]> - 5.1.1-4
- fix FTBFS with GCC 14
* Wed Jan 24 2024 Fedora Release Engineering <[email protected]> -
5.1.1-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Fri Jan 19 2024 Fedora Release Engineering <[email protected]> -
5.1.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
helix-25.07.1-7.el10_2 (FEDORA-EPEL-2026-dea517c7d2)
A post-modern modal text editor written in Rust
--------------------------------------------------------------------------------
Update Information:
Update the time crate to version 0.3.47.
Update the time-macros crate to version 0.2.27.
Update the time-core crate to version 0.1.8.
Update the num-conv crate to version 0.2.0.
Update the git2 crate to version 0.20.4.
Update the bytes crate to version 1.11.1.
Additionally, this update contains rebuilds of applications affected by security
advisories:
bytes: RUSTSEC-2026-0007
git2: RUSTSEC-2026-0008
jsonwebtoken: CVE-2026-25537
time: RUSTSEC-2026-0009
All applications that statically link libgit2 via the git2 Rust bindings were
also rebuilt against the latest version of the git2 / libgit2-sys crates to pull
in fixes included in libgit2 between v1.8.1 and v1.9.2.
--------------------------------------------------------------------------------
ChangeLog:
* Sat Feb 7 2026 Fabio Valentini <[email protected]> - 25.07.1-7
- Rebuild for RUSTSEC-2026-{0007,0008,0009} and CVE-2026-25537
* Fri Jan 16 2026 Fedora Release Engineering <[email protected]> -
25.07.1-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2437460 - CVE-2026-25537 rust-jsonwebtoken: jsonwebtoken has Type
Confusion that leads to potential authorization bypass [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2437460
[ 2 ] Bug #2437461 - CVE-2026-25537 uv: jsonwebtoken has Type Confusion that
leads to potential authorization bypass [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2437461
--------------------------------------------------------------------------------
================================================================================
libre-4.5.0-1.el10_2 (FEDORA-EPEL-2026-c33b10af47)
Generic library for real-time communications
--------------------------------------------------------------------------------
Update Information:
Baresip v4.5.0 (2026-01-28)
rtprecv: fix race condition after video-display was closed
account: added ;check_origin parameter and API functions to get and set it
peerconn: always call close handler on destruct
account: misc improvements in core and test
rtprecv: fix tmr_cancel decode data race
audio: remove audio_txtelev_empty() -- unused
rtprecv: check re_thread_init() return value
test: use insecure warning (not needed for tests)
readme,license: update for new year
audio: remove audio_set_hold() -- unused
test: split test/call.c
test: add peer-connection test cases
uag: uag_filter_calls() support unlink in listh
mixausrc: rework
test: use audio_txtelev_empty() to check if DTMF was sent
test: add usage of more audio_xxx() functions in peerconn-test
audio: optimize source mutex handling
mixausrc sanitizer and EOS fixes
test mixausrc
httpd: print err instead of no reply
test: disable DNS-client cache in test_call_sni -- ref #3620
libre v4.5.0 (2026-01-28)
net: remove net_if_getaddr4() -- deprecated
test: add testing of dtls_set_handlers() api
h265: use h264_find_startcode() -- duplicated code
fmt: str_bool: reuse similar logic in pl_bool()
net: cleanup fallback return
fmt/print: add backtrace for incompatible format arguments
btrace: fix for linux addr2line
rtp: add RTP listen on single port
copyright: update for new year
async: do not hold lock during cb call
docs: fix README.md document include
tmr: improve thread list lock handling
aumix: add aumix_source_put_auframe and deprecate aumix_source_put
rtp/sess: fix ts_arrive calculation
--------------------------------------------------------------------------------
ChangeLog:
* Fri Feb 6 2026 Robert Scheck <[email protected]> 4.5.0-1
- Upgrade to 4.5.0 (#2433715)
* Fri Jan 16 2026 Fedora Release Engineering <[email protected]> -
4.4.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2433715 - libre-4.5.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2433715
[ 2 ] Bug #2433734 - baresip-4.5.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2433734
--------------------------------------------------------------------------------
================================================================================
maturin-1.9.6-3.el10_2 (FEDORA-EPEL-2026-dea517c7d2)
Build and publish Rust crates as Python packages
--------------------------------------------------------------------------------
Update Information:
Update the time crate to version 0.3.47.
Update the time-macros crate to version 0.2.27.
Update the time-core crate to version 0.1.8.
Update the num-conv crate to version 0.2.0.
Update the git2 crate to version 0.20.4.
Update the bytes crate to version 1.11.1.
Additionally, this update contains rebuilds of applications affected by security
advisories:
bytes: RUSTSEC-2026-0007
git2: RUSTSEC-2026-0008
jsonwebtoken: CVE-2026-25537
time: RUSTSEC-2026-0009
All applications that statically link libgit2 via the git2 Rust bindings were
also rebuilt against the latest version of the git2 / libgit2-sys crates to pull
in fixes included in libgit2 between v1.8.1 and v1.9.2.
--------------------------------------------------------------------------------
ChangeLog:
* Sat Feb 7 2026 Fabio Valentini <[email protected]> - 1.9.6-3
- Rebuild for RUSTSEC-2026-{0007,0008,0009} and CVE-2026-25537
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2437460 - CVE-2026-25537 rust-jsonwebtoken: jsonwebtoken has Type
Confusion that leads to potential authorization bypass [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2437460
[ 2 ] Bug #2437461 - CVE-2026-25537 uv: jsonwebtoken has Type Confusion that
leads to potential authorization bypass [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2437461
--------------------------------------------------------------------------------
================================================================================
ntpd-rs-1.6.2-3.el10_2 (FEDORA-EPEL-2026-dea517c7d2)
Full-featured implementation of NTP with NTS support
--------------------------------------------------------------------------------
Update Information:
Update the time crate to version 0.3.47.
Update the time-macros crate to version 0.2.27.
Update the time-core crate to version 0.1.8.
Update the num-conv crate to version 0.2.0.
Update the git2 crate to version 0.20.4.
Update the bytes crate to version 1.11.1.
Additionally, this update contains rebuilds of applications affected by security
advisories:
bytes: RUSTSEC-2026-0007
git2: RUSTSEC-2026-0008
jsonwebtoken: CVE-2026-25537
time: RUSTSEC-2026-0009
All applications that statically link libgit2 via the git2 Rust bindings were
also rebuilt against the latest version of the git2 / libgit2-sys crates to pull
in fixes included in libgit2 between v1.8.1 and v1.9.2.
--------------------------------------------------------------------------------
ChangeLog:
* Sat Feb 7 2026 Fabio Valentini <[email protected]> - 1.6.2-3
- Rebuild for RUSTSEC-2026-{0007,0008,0009} and CVE-2026-25537
* Fri Jan 16 2026 Fedora Release Engineering <[email protected]> -
1.6.2-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2437460 - CVE-2026-25537 rust-jsonwebtoken: jsonwebtoken has Type
Confusion that leads to potential authorization bypass [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2437460
[ 2 ] Bug #2437461 - CVE-2026-25537 uv: jsonwebtoken has Type Confusion that
leads to potential authorization bypass [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2437461
--------------------------------------------------------------------------------
================================================================================
partclone-0.3.45-1.el10_2 (FEDORA-EPEL-2026-1e11667a9c)
Utility to clone and restore a partition
--------------------------------------------------------------------------------
Update Information:
partclone v0.3.45
Fix make for distclean and maintainer-clean
--------------------------------------------------------------------------------
ChangeLog:
* Thu Feb 5 2026 Robert Scheck <[email protected]> 0.3.45-1
- Upgrade to 0.3.45 (#2435871)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2435871 - partclone-0.3.45 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2435871
--------------------------------------------------------------------------------
================================================================================
rust-ambient-id-0.0.8-1.el10_2 (FEDORA-EPEL-2026-dea517c7d2)
Detects ambient OIDC credentials in a variety of environments
--------------------------------------------------------------------------------
Update Information:
Update the time crate to version 0.3.47.
Update the time-macros crate to version 0.2.27.
Update the time-core crate to version 0.1.8.
Update the num-conv crate to version 0.2.0.
Update the git2 crate to version 0.20.4.
Update the bytes crate to version 1.11.1.
Additionally, this update contains rebuilds of applications affected by security
advisories:
bytes: RUSTSEC-2026-0007
git2: RUSTSEC-2026-0008
jsonwebtoken: CVE-2026-25537
time: RUSTSEC-2026-0009
All applications that statically link libgit2 via the git2 Rust bindings were
also rebuilt against the latest version of the git2 / libgit2-sys crates to pull
in fixes included in libgit2 between v1.8.1 and v1.9.2.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Feb 3 2026 Benjamin A. Beasley <[email protected]> - 0.0.8-1
- Update to version 0.0.8
* Sat Jan 17 2026 Fedora Release Engineering <[email protected]> -
0.0.7-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2437460 - CVE-2026-25537 rust-jsonwebtoken: jsonwebtoken has Type
Confusion that leads to potential authorization bypass [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2437460
[ 2 ] Bug #2437461 - CVE-2026-25537 uv: jsonwebtoken has Type Confusion that
leads to potential authorization bypass [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2437461
--------------------------------------------------------------------------------
================================================================================
rust-bat-0.24.0-13.el10_2 (FEDORA-EPEL-2026-dea517c7d2)
Cat(1) clone with wings
--------------------------------------------------------------------------------
Update Information:
Update the time crate to version 0.3.47.
Update the time-macros crate to version 0.2.27.
Update the time-core crate to version 0.1.8.
Update the num-conv crate to version 0.2.0.
Update the git2 crate to version 0.20.4.
Update the bytes crate to version 1.11.1.
Additionally, this update contains rebuilds of applications affected by security
advisories:
bytes: RUSTSEC-2026-0007
git2: RUSTSEC-2026-0008
jsonwebtoken: CVE-2026-25537
time: RUSTSEC-2026-0009
All applications that statically link libgit2 via the git2 Rust bindings were
also rebuilt against the latest version of the git2 / libgit2-sys crates to pull
in fixes included in libgit2 between v1.8.1 and v1.9.2.
--------------------------------------------------------------------------------
ChangeLog:
* Sat Feb 7 2026 Fabio Valentini <[email protected]> - 0.24.0-13
- Rebuild for RUSTSEC-2026-{0007,0008,0009} and CVE-2026-25537
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2437460 - CVE-2026-25537 rust-jsonwebtoken: jsonwebtoken has Type
Confusion that leads to potential authorization bypass [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2437460
[ 2 ] Bug #2437461 - CVE-2026-25537 uv: jsonwebtoken has Type Confusion that
leads to potential authorization bypass [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2437461
--------------------------------------------------------------------------------
================================================================================
rust-below-0.9.0-6.el10_2 (FEDORA-EPEL-2026-dea517c7d2)
Interactive tool to view and record historical system data
--------------------------------------------------------------------------------
Update Information:
Update the time crate to version 0.3.47.
Update the time-macros crate to version 0.2.27.
Update the time-core crate to version 0.1.8.
Update the num-conv crate to version 0.2.0.
Update the git2 crate to version 0.20.4.
Update the bytes crate to version 1.11.1.
Additionally, this update contains rebuilds of applications affected by security
advisories:
bytes: RUSTSEC-2026-0007
git2: RUSTSEC-2026-0008
jsonwebtoken: CVE-2026-25537
time: RUSTSEC-2026-0009
All applications that statically link libgit2 via the git2 Rust bindings were
also rebuilt against the latest version of the git2 / libgit2-sys crates to pull
in fixes included in libgit2 between v1.8.1 and v1.9.2.
--------------------------------------------------------------------------------
ChangeLog:
* Sat Feb 7 2026 Fabio Valentini <[email protected]> - 0.9.0-6
- Rebuild for RUSTSEC-2026-{0007,0008,0009} and CVE-2026-25537
* Sat Jan 17 2026 Fedora Release Engineering <[email protected]> -
0.9.0-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2437460 - CVE-2026-25537 rust-jsonwebtoken: jsonwebtoken has Type
Confusion that leads to potential authorization bypass [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2437460
[ 2 ] Bug #2437461 - CVE-2026-25537 uv: jsonwebtoken has Type Confusion that
leads to potential authorization bypass [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2437461
--------------------------------------------------------------------------------
================================================================================
rust-bytes-1.11.1-1.el10_2 (FEDORA-EPEL-2026-dea517c7d2)
Types and traits for working with bytes
--------------------------------------------------------------------------------
Update Information:
Update the time crate to version 0.3.47.
Update the time-macros crate to version 0.2.27.
Update the time-core crate to version 0.1.8.
Update the num-conv crate to version 0.2.0.
Update the git2 crate to version 0.20.4.
Update the bytes crate to version 1.11.1.
Additionally, this update contains rebuilds of applications affected by security
advisories:
bytes: RUSTSEC-2026-0007
git2: RUSTSEC-2026-0008
jsonwebtoken: CVE-2026-25537
time: RUSTSEC-2026-0009
All applications that statically link libgit2 via the git2 Rust bindings were
also rebuilt against the latest version of the git2 / libgit2-sys crates to pull
in fixes included in libgit2 between v1.8.1 and v1.9.2.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Feb 6 2026 Fabio Valentini <[email protected]> - 1.11.1-1
- Update to version 1.11.1; Fixes RHBZ#2436335
* Sat Jan 17 2026 Fedora Release Engineering <[email protected]> -
1.11.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2437460 - CVE-2026-25537 rust-jsonwebtoken: jsonwebtoken has Type
Confusion that leads to potential authorization bypass [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2437460
[ 2 ] Bug #2437461 - CVE-2026-25537 uv: jsonwebtoken has Type Confusion that
leads to potential authorization bypass [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2437461
--------------------------------------------------------------------------------
================================================================================
rust-cargo-c-0.10.18-3.el10_2 (FEDORA-EPEL-2026-dea517c7d2)
Helper program to build and install c-like libraries
--------------------------------------------------------------------------------
Update Information:
Update the time crate to version 0.3.47.
Update the time-macros crate to version 0.2.27.
Update the time-core crate to version 0.1.8.
Update the num-conv crate to version 0.2.0.
Update the git2 crate to version 0.20.4.
Update the bytes crate to version 1.11.1.
Additionally, this update contains rebuilds of applications affected by security
advisories:
bytes: RUSTSEC-2026-0007
git2: RUSTSEC-2026-0008
jsonwebtoken: CVE-2026-25537
time: RUSTSEC-2026-0009
All applications that statically link libgit2 via the git2 Rust bindings were
also rebuilt against the latest version of the git2 / libgit2-sys crates to pull
in fixes included in libgit2 between v1.8.1 and v1.9.2.
--------------------------------------------------------------------------------
ChangeLog:
* Sat Feb 7 2026 Fabio Valentini <[email protected]> - 0.10.18-3
- Rebuild for RUSTSEC-2026-{0007,0008,0009} and CVE-2026-25537
* Sat Jan 17 2026 Fedora Release Engineering <[email protected]> -
0.10.18-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2437460 - CVE-2026-25537 rust-jsonwebtoken: jsonwebtoken has Type
Confusion that leads to potential authorization bypass [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2437460
[ 2 ] Bug #2437461 - CVE-2026-25537 uv: jsonwebtoken has Type Confusion that
leads to potential authorization bypass [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2437461
--------------------------------------------------------------------------------
================================================================================
rust-git2-0.20.4-1.el10_2 (FEDORA-EPEL-2026-dea517c7d2)
Bindings to libgit2 for interoperating with git repositories
--------------------------------------------------------------------------------
Update Information:
Update the time crate to version 0.3.47.
Update the time-macros crate to version 0.2.27.
Update the time-core crate to version 0.1.8.
Update the num-conv crate to version 0.2.0.
Update the git2 crate to version 0.20.4.
Update the bytes crate to version 1.11.1.
Additionally, this update contains rebuilds of applications affected by security
advisories:
bytes: RUSTSEC-2026-0007
git2: RUSTSEC-2026-0008
jsonwebtoken: CVE-2026-25537
time: RUSTSEC-2026-0009
All applications that statically link libgit2 via the git2 Rust bindings were
also rebuilt against the latest version of the git2 / libgit2-sys crates to pull
in fixes included in libgit2 between v1.8.1 and v1.9.2.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Feb 6 2026 Fabio Valentini <[email protected]> - 0.20.4-1
- Update to version 0.20.4; Fixes RHBZ#2436014
* Sat Jan 17 2026 Fedora Release Engineering <[email protected]> -
0.20.3-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2437460 - CVE-2026-25537 rust-jsonwebtoken: jsonwebtoken has Type
Confusion that leads to potential authorization bypass [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2437460
[ 2 ] Bug #2437461 - CVE-2026-25537 uv: jsonwebtoken has Type Confusion that
leads to potential authorization bypass [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2437461
--------------------------------------------------------------------------------
================================================================================
rust-jsonwebtoken-9.3.1-4.el10_2 (FEDORA-EPEL-2026-dea517c7d2)
Create and decode JWTs in a strongly typed way
--------------------------------------------------------------------------------
Update Information:
Update the time crate to version 0.3.47.
Update the time-macros crate to version 0.2.27.
Update the time-core crate to version 0.1.8.
Update the num-conv crate to version 0.2.0.
Update the git2 crate to version 0.20.4.
Update the bytes crate to version 1.11.1.
Additionally, this update contains rebuilds of applications affected by security
advisories:
bytes: RUSTSEC-2026-0007
git2: RUSTSEC-2026-0008
jsonwebtoken: CVE-2026-25537
time: RUSTSEC-2026-0009
All applications that statically link libgit2 via the git2 Rust bindings were
also rebuilt against the latest version of the git2 / libgit2-sys crates to pull
in fixes included in libgit2 between v1.8.1 and v1.9.2.
--------------------------------------------------------------------------------
ChangeLog:
* Sat Feb 7 2026 Benjamin A. Beasley <[email protected]> - 9.3.1-4
- Backport fix for CVE-2026-25537
- Fixes RHBZ#2437470; fixes RHBZ#2437465; fixes RHBZ#2437460
* Sat Jan 17 2026 Fedora Release Engineering <[email protected]> -
9.3.1-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2437460 - CVE-2026-25537 rust-jsonwebtoken: jsonwebtoken has Type
Confusion that leads to potential authorization bypass [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2437460
[ 2 ] Bug #2437461 - CVE-2026-25537 uv: jsonwebtoken has Type Confusion that
leads to potential authorization bypass [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2437461
--------------------------------------------------------------------------------
================================================================================
rust-libdeflate-sys-1.25.2-1.el10_2 (FEDORA-EPEL-2026-350051b552)
Bindings to libdeflate for DEFLATE
--------------------------------------------------------------------------------
Update Information:
[1.25.2] - 2026/02/08
Added Crc::with_initial and Adler32::with_initial constructors (#52, thanks
@vbe0201).
[1.25.1] - 2026/02/07
Implemented the Sync trait for Compressor and Decompressor (#51, thanks
@vbe0201).
--------------------------------------------------------------------------------
ChangeLog:
* Sun Feb 8 2026 Benjamin A. Beasley <[email protected]> - 1.25.2-1
- Update to version 1.25.2; Fixes RHBZ#2437507
* Sat Jan 17 2026 Fedora Release Engineering <[email protected]> -
1.25.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2437506 - rust-libdeflater-1.25.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2437506
[ 2 ] Bug #2437507 - rust-libdeflate-sys-1.25.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2437507
--------------------------------------------------------------------------------
================================================================================
rust-libdeflater-1.25.2-1.el10_2 (FEDORA-EPEL-2026-350051b552)
Bindings to libdeflate for DEFLATE
--------------------------------------------------------------------------------
Update Information:
[1.25.2] - 2026/02/08
Added Crc::with_initial and Adler32::with_initial constructors (#52, thanks
@vbe0201).
[1.25.1] - 2026/02/07
Implemented the Sync trait for Compressor and Decompressor (#51, thanks
@vbe0201).
--------------------------------------------------------------------------------
ChangeLog:
* Sun Feb 8 2026 Benjamin A. Beasley <[email protected]> - 1.25.2-1
- Update to version 1.25.2; Fixes RHBZ#2437506
* Sat Jan 17 2026 Fedora Release Engineering <[email protected]> -
1.25.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2437506 - rust-libdeflater-1.25.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2437506
[ 2 ] Bug #2437507 - rust-libdeflate-sys-1.25.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2437507
--------------------------------------------------------------------------------
================================================================================
rust-num-conv-0.2.0-1.el10_2 (FEDORA-EPEL-2026-dea517c7d2)
Num_conv is a crate to convert between integer types without using as casts
--------------------------------------------------------------------------------
Update Information:
Update the time crate to version 0.3.47.
Update the time-macros crate to version 0.2.27.
Update the time-core crate to version 0.1.8.
Update the num-conv crate to version 0.2.0.
Update the git2 crate to version 0.20.4.
Update the bytes crate to version 1.11.1.
Additionally, this update contains rebuilds of applications affected by security
advisories:
bytes: RUSTSEC-2026-0007
git2: RUSTSEC-2026-0008
jsonwebtoken: CVE-2026-25537
time: RUSTSEC-2026-0009
All applications that statically link libgit2 via the git2 Rust bindings were
also rebuilt against the latest version of the git2 / libgit2-sys crates to pull
in fixes included in libgit2 between v1.8.1 and v1.9.2.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Feb 6 2026 Fabio Valentini <[email protected]> - 0.2.0-1
- Update to version 0.2.0; Fixes RHBZ#2391411
* Sat Jan 17 2026 Fedora Release Engineering <[email protected]> -
0.1.0-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
* Fri Jul 25 2025 Fedora Release Engineering <[email protected]> -
0.1.0-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
* Sun Jan 19 2025 Fedora Release Engineering <[email protected]> -
0.1.0-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2437460 - CVE-2026-25537 rust-jsonwebtoken: jsonwebtoken has Type
Confusion that leads to potential authorization bypass [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2437460
[ 2 ] Bug #2437461 - CVE-2026-25537 uv: jsonwebtoken has Type Confusion that
leads to potential authorization bypass [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2437461
--------------------------------------------------------------------------------
================================================================================
rust-onefetch-2.26.1-7.el10_2 (FEDORA-EPEL-2026-dea517c7d2)
Command-line Git information tool
--------------------------------------------------------------------------------
Update Information:
Update the time crate to version 0.3.47.
Update the time-macros crate to version 0.2.27.
Update the time-core crate to version 0.1.8.
Update the num-conv crate to version 0.2.0.
Update the git2 crate to version 0.20.4.
Update the bytes crate to version 1.11.1.
Additionally, this update contains rebuilds of applications affected by security
advisories:
bytes: RUSTSEC-2026-0007
git2: RUSTSEC-2026-0008
jsonwebtoken: CVE-2026-25537
time: RUSTSEC-2026-0009
All applications that statically link libgit2 via the git2 Rust bindings were
also rebuilt against the latest version of the git2 / libgit2-sys crates to pull
in fixes included in libgit2 between v1.8.1 and v1.9.2.
--------------------------------------------------------------------------------
ChangeLog:
* Sat Feb 7 2026 Fabio Valentini <[email protected]> - 2.26.1-7
- Rebuild for RUSTSEC-2026-{0007,0008,0009} and CVE-2026-25537
* Sat Jan 17 2026 Fedora Release Engineering <[email protected]> -
2.26.1-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2437460 - CVE-2026-25537 rust-jsonwebtoken: jsonwebtoken has Type
Confusion that leads to potential authorization bypass [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2437460
[ 2 ] Bug #2437461 - CVE-2026-25537 uv: jsonwebtoken has Type Confusion that
leads to potential authorization bypass [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2437461
--------------------------------------------------------------------------------
================================================================================
rust-rbw-1.13.2-5.el10_2 (FEDORA-EPEL-2026-dea517c7d2)
Unofficial Bitwarden CLI
--------------------------------------------------------------------------------
Update Information:
Update the time crate to version 0.3.47.
Update the time-macros crate to version 0.2.27.
Update the time-core crate to version 0.1.8.
Update the num-conv crate to version 0.2.0.
Update the git2 crate to version 0.20.4.
Update the bytes crate to version 1.11.1.
Additionally, this update contains rebuilds of applications affected by security
advisories:
bytes: RUSTSEC-2026-0007
git2: RUSTSEC-2026-0008
jsonwebtoken: CVE-2026-25537
time: RUSTSEC-2026-0009
All applications that statically link libgit2 via the git2 Rust bindings were
also rebuilt against the latest version of the git2 / libgit2-sys crates to pull
in fixes included in libgit2 between v1.8.1 and v1.9.2.
--------------------------------------------------------------------------------
ChangeLog:
* Sat Feb 7 2026 Fabio Valentini <[email protected]> - 1.13.2-5
- Rebuild for RUSTSEC-2026-{0007,0008,0009} and CVE-2026-25537
* Sat Jan 17 2026 Fedora Release Engineering <[email protected]> -
1.13.2-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2437460 - CVE-2026-25537 rust-jsonwebtoken: jsonwebtoken has Type
Confusion that leads to potential authorization bypass [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2437460
[ 2 ] Bug #2437461 - CVE-2026-25537 uv: jsonwebtoken has Type Confusion that
leads to potential authorization bypass [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2437461
--------------------------------------------------------------------------------
================================================================================
rust-routinator-0.14.2-4.el10_2 (FEDORA-EPEL-2026-dea517c7d2)
RPKI relying party software
--------------------------------------------------------------------------------
Update Information:
Update the time crate to version 0.3.47.
Update the time-macros crate to version 0.2.27.
Update the time-core crate to version 0.1.8.
Update the num-conv crate to version 0.2.0.
Update the git2 crate to version 0.20.4.
Update the bytes crate to version 1.11.1.
Additionally, this update contains rebuilds of applications affected by security
advisories:
bytes: RUSTSEC-2026-0007
git2: RUSTSEC-2026-0008
jsonwebtoken: CVE-2026-25537
time: RUSTSEC-2026-0009
All applications that statically link libgit2 via the git2 Rust bindings were
also rebuilt against the latest version of the git2 / libgit2-sys crates to pull
in fixes included in libgit2 between v1.8.1 and v1.9.2.
--------------------------------------------------------------------------------
ChangeLog:
* Sat Feb 7 2026 Fabio Valentini <[email protected]> - 0.14.2-4
- Rebuild for RUSTSEC-2026-{0007,0008,0009} and CVE-2026-25537
* Sat Jan 17 2026 Fedora Release Engineering <[email protected]> -
0.14.2-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
* Fri Jul 25 2025 Fedora Release Engineering <[email protected]> -
0.14.2-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2437460 - CVE-2026-25537 rust-jsonwebtoken: jsonwebtoken has Type
Confusion that leads to potential authorization bypass [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2437460
[ 2 ] Bug #2437461 - CVE-2026-25537 uv: jsonwebtoken has Type Confusion that
leads to potential authorization bypass [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2437461
--------------------------------------------------------------------------------
================================================================================
rust-speakersafetyd-1.0.2-6.el10_2 (FEDORA-EPEL-2026-dea517c7d2)
Speaker protection daemon for embedded Linux systems
--------------------------------------------------------------------------------
Update Information:
Update the time crate to version 0.3.47.
Update the time-macros crate to version 0.2.27.
Update the time-core crate to version 0.1.8.
Update the num-conv crate to version 0.2.0.
Update the git2 crate to version 0.20.4.
Update the bytes crate to version 1.11.1.
Additionally, this update contains rebuilds of applications affected by security
advisories:
bytes: RUSTSEC-2026-0007
git2: RUSTSEC-2026-0008
jsonwebtoken: CVE-2026-25537
time: RUSTSEC-2026-0009
All applications that statically link libgit2 via the git2 Rust bindings were
also rebuilt against the latest version of the git2 / libgit2-sys crates to pull
in fixes included in libgit2 between v1.8.1 and v1.9.2.
--------------------------------------------------------------------------------
ChangeLog:
* Sat Feb 7 2026 Fabio Valentini <[email protected]> - 1.0.2-6
- Rebuild for RUSTSEC-2026-{0007,0008,0009} and CVE-2026-25537
* Sat Jan 17 2026 Fedora Release Engineering <[email protected]> -
1.0.2-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
* Tue Dec 16 2025 Fabio Valentini <[email protected]> - 1.0.2-4
- Relax alsa dependency to allow both v0.9 and v0.10
* Fri Jul 25 2025 Fedora Release Engineering <[email protected]> -
1.0.2-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
* Sun Jan 19 2025 Fedora Release Engineering <[email protected]> -
1.0.2-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2437460 - CVE-2026-25537 rust-jsonwebtoken: jsonwebtoken has Type
Confusion that leads to potential authorization bypass [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2437460
[ 2 ] Bug #2437461 - CVE-2026-25537 uv: jsonwebtoken has Type Confusion that
leads to potential authorization bypass [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2437461
--------------------------------------------------------------------------------
================================================================================
rust-time-0.3.47-1.el10_2 (FEDORA-EPEL-2026-dea517c7d2)
Date and time library
--------------------------------------------------------------------------------
Update Information:
Update the time crate to version 0.3.47.
Update the time-macros crate to version 0.2.27.
Update the time-core crate to version 0.1.8.
Update the num-conv crate to version 0.2.0.
Update the git2 crate to version 0.20.4.
Update the bytes crate to version 1.11.1.
Additionally, this update contains rebuilds of applications affected by security
advisories:
bytes: RUSTSEC-2026-0007
git2: RUSTSEC-2026-0008
jsonwebtoken: CVE-2026-25537
time: RUSTSEC-2026-0009
All applications that statically link libgit2 via the git2 Rust bindings were
also rebuilt against the latest version of the git2 / libgit2-sys crates to pull
in fixes included in libgit2 between v1.8.1 and v1.9.2.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Feb 6 2026 Fabio Valentini <[email protected]> - 0.3.47-1
- Update to version 0.3.47; Fixes RHBZ#2428874
* Sat Jan 17 2026 Fedora Release Engineering <[email protected]> -
0.3.44-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2437460 - CVE-2026-25537 rust-jsonwebtoken: jsonwebtoken has Type
Confusion that leads to potential authorization bypass [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2437460
[ 2 ] Bug #2437461 - CVE-2026-25537 uv: jsonwebtoken has Type Confusion that
leads to potential authorization bypass [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2437461
--------------------------------------------------------------------------------
================================================================================
rust-time-core-0.1.8-1.el10_2 (FEDORA-EPEL-2026-dea517c7d2)
Internal implementation details of the 'time' crate
--------------------------------------------------------------------------------
Update Information:
Update the time crate to version 0.3.47.
Update the time-macros crate to version 0.2.27.
Update the time-core crate to version 0.1.8.
Update the num-conv crate to version 0.2.0.
Update the git2 crate to version 0.20.4.
Update the bytes crate to version 1.11.1.
Additionally, this update contains rebuilds of applications affected by security
advisories:
bytes: RUSTSEC-2026-0007
git2: RUSTSEC-2026-0008
jsonwebtoken: CVE-2026-25537
time: RUSTSEC-2026-0009
All applications that statically link libgit2 via the git2 Rust bindings were
also rebuilt against the latest version of the git2 / libgit2-sys crates to pull
in fixes included in libgit2 between v1.8.1 and v1.9.2.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Feb 6 2026 Fabio Valentini <[email protected]> - 0.1.8-1
- Update to version 0.1.8; Fixes RHBZ#2428875
* Sat Jan 17 2026 Fedora Release Engineering <[email protected]> -
0.1.6-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2437460 - CVE-2026-25537 rust-jsonwebtoken: jsonwebtoken has Type
Confusion that leads to potential authorization bypass [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2437460
[ 2 ] Bug #2437461 - CVE-2026-25537 uv: jsonwebtoken has Type Confusion that
leads to potential authorization bypass [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2437461
--------------------------------------------------------------------------------
================================================================================
rust-time-macros-0.2.27-1.el10_2 (FEDORA-EPEL-2026-dea517c7d2)
Procedural macros for the time crate
--------------------------------------------------------------------------------
Update Information:
Update the time crate to version 0.3.47.
Update the time-macros crate to version 0.2.27.
Update the time-core crate to version 0.1.8.
Update the num-conv crate to version 0.2.0.
Update the git2 crate to version 0.20.4.
Update the bytes crate to version 1.11.1.
Additionally, this update contains rebuilds of applications affected by security
advisories:
bytes: RUSTSEC-2026-0007
git2: RUSTSEC-2026-0008
jsonwebtoken: CVE-2026-25537
time: RUSTSEC-2026-0009
All applications that statically link libgit2 via the git2 Rust bindings were
also rebuilt against the latest version of the git2 / libgit2-sys crates to pull
in fixes included in libgit2 between v1.8.1 and v1.9.2.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Feb 6 2026 Fabio Valentini <[email protected]> - 0.2.27-1
- Update to version 0.2.27; Fixes RHBZ#2428876
* Sat Jan 17 2026 Fedora Release Engineering <[email protected]> -
0.2.24-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2437460 - CVE-2026-25537 rust-jsonwebtoken: jsonwebtoken has Type
Confusion that leads to potential authorization bypass [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2437460
[ 2 ] Bug #2437461 - CVE-2026-25537 uv: jsonwebtoken has Type Confusion that
leads to potential authorization bypass [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2437461
--------------------------------------------------------------------------------
================================================================================
rust-tokei-14.0.0-4.el10_2 (FEDORA-EPEL-2026-dea517c7d2)
Count your code, quickly
--------------------------------------------------------------------------------
Update Information:
Update the time crate to version 0.3.47.
Update the time-macros crate to version 0.2.27.
Update the time-core crate to version 0.1.8.
Update the num-conv crate to version 0.2.0.
Update the git2 crate to version 0.20.4.
Update the bytes crate to version 1.11.1.
Additionally, this update contains rebuilds of applications affected by security
advisories:
bytes: RUSTSEC-2026-0007
git2: RUSTSEC-2026-0008
jsonwebtoken: CVE-2026-25537
time: RUSTSEC-2026-0009
All applications that statically link libgit2 via the git2 Rust bindings were
also rebuilt against the latest version of the git2 / libgit2-sys crates to pull
in fixes included in libgit2 between v1.8.1 and v1.9.2.
--------------------------------------------------------------------------------
ChangeLog:
* Sat Feb 7 2026 Fabio Valentini <[email protected]> - 14.0.0-4
- Rebuild for RUSTSEC-2026-{0007,0008,0009} and CVE-2026-25537
* Sat Jan 17 2026 Fedora Release Engineering <[email protected]> -
14.0.0-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2437460 - CVE-2026-25537 rust-jsonwebtoken: jsonwebtoken has Type
Confusion that leads to potential authorization bypass [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2437460
[ 2 ] Bug #2437461 - CVE-2026-25537 uv: jsonwebtoken has Type Confusion that
leads to potential authorization bypass [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2437461
--------------------------------------------------------------------------------
================================================================================
rust-weezl-0.1.12-3.el10_2 (FEDORA-EPEL-2026-dea517c7d2)
Fast LZW compression and decompression
--------------------------------------------------------------------------------
Update Information:
Update the time crate to version 0.3.47.
Update the time-macros crate to version 0.2.27.
Update the time-core crate to version 0.1.8.
Update the num-conv crate to version 0.2.0.
Update the git2 crate to version 0.20.4.
Update the bytes crate to version 1.11.1.
Additionally, this update contains rebuilds of applications affected by security
advisories:
bytes: RUSTSEC-2026-0007
git2: RUSTSEC-2026-0008
jsonwebtoken: CVE-2026-25537
time: RUSTSEC-2026-0009
All applications that statically link libgit2 via the git2 Rust bindings were
also rebuilt against the latest version of the git2 / libgit2-sys crates to pull
in fixes included in libgit2 between v1.8.1 and v1.9.2.
--------------------------------------------------------------------------------
ChangeLog:
* Sat Feb 7 2026 Fabio Valentini <[email protected]> - 0.1.12-3
- Rebuild for RUSTSEC-2026-{0007,0008,0009} and CVE-2026-25537
* Sat Jan 17 2026 Fedora Release Engineering <[email protected]> -
0.1.12-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2437460 - CVE-2026-25537 rust-jsonwebtoken: jsonwebtoken has Type
Confusion that leads to potential authorization bypass [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2437460
[ 2 ] Bug #2437461 - CVE-2026-25537 uv: jsonwebtoken has Type Confusion that
leads to potential authorization bypass [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2437461
--------------------------------------------------------------------------------
================================================================================
tegrarcm-1.9-1.el10_2 (FEDORA-EPEL-2026-f416101830)
Send code to a Tegra device in recovery mode
--------------------------------------------------------------------------------
Update Information:
Update to tegrarcm 1.9
--------------------------------------------------------------------------------
ChangeLog:
* Sun Feb 8 2026 Nicolas Chauvet <[email protected]> - 1.9-1
- Update to 1.9
* Tue Jan 20 2026 Fedora Release Engineering <[email protected]> - 1.8-30
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
* Fri Jul 25 2025 Fedora Release Engineering <[email protected]> - 1.8-29
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
* Tue Feb 4 2025 Nicolas Chauvet <[email protected]> - 1.8-28
- Rebuilt #2 for cryptopp
* Tue Feb 4 2025 Nicolas Chauvet <[email protected]> - 1.8-27
- Rebuilt for cryptopp
* Sun Jan 19 2025 Fedora Release Engineering <[email protected]> - 1.8-26
- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
* Wed Sep 4 2024 Miroslav Suchý <[email protected]> - 1.8-25
- convert license to SPDX
* Sat Jul 20 2024 Fedora Release Engineering <[email protected]> - 1.8-24
- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
uv-0.9.30-2.el10_2 (FEDORA-EPEL-2026-dea517c7d2)
An extremely fast Python package installer and resolver, written in Rust
--------------------------------------------------------------------------------
Update Information:
Update the time crate to version 0.3.47.
Update the time-macros crate to version 0.2.27.
Update the time-core crate to version 0.1.8.
Update the num-conv crate to version 0.2.0.
Update the git2 crate to version 0.20.4.
Update the bytes crate to version 1.11.1.
Additionally, this update contains rebuilds of applications affected by security
advisories:
bytes: RUSTSEC-2026-0007
git2: RUSTSEC-2026-0008
jsonwebtoken: CVE-2026-25537
time: RUSTSEC-2026-0009
All applications that statically link libgit2 via the git2 Rust bindings were
also rebuilt against the latest version of the git2 / libgit2-sys crates to pull
in fixes included in libgit2 between v1.8.1 and v1.9.2.
--------------------------------------------------------------------------------
ChangeLog:
* Sun Feb 8 2026 Benjamin A. Beasley <[email protected]> - 0.9.30-2
- Rebuilt with jsonwebtoken patched for CVE-2026-25537
- Fixes RHBZ#2437472; fixes RHBZ#2437467; fixes RHBZ#2437461
* Thu Feb 5 2026 Benjamin A. Beasley <[email protected]> - 0.9.30-1
- Update to 0.9.30 (close RHBZ#2437002)
* Wed Feb 4 2026 Benjamin A. Beasley <[email protected]> - 0.9.29-1
- Update to 0.9.29 (close RHBZ#2436550)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2437460 - CVE-2026-25537 rust-jsonwebtoken: jsonwebtoken has Type
Confusion that leads to potential authorization bypass [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2437460
[ 2 ] Bug #2437461 - CVE-2026-25537 uv: jsonwebtoken has Type Confusion that
leads to potential authorization bypass [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2437461
--------------------------------------------------------------------------------
================================================================================
xcb-imdkit-1.0.9-6.el10_2 (FEDORA-EPEL-2026-453dce8c51)
Input method development support for xcb
--------------------------------------------------------------------------------
Update Information:
Just release what we have while waiting for dependencies
--------------------------------------------------------------------------------
ChangeLog:
* Sat Jan 17 2026 Fedora Release Engineering <[email protected]> -
1.0.9-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
* Fri Jul 25 2025 Fedora Release Engineering <[email protected]> -
1.0.9-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
* Sun Jan 19 2025 Fedora Release Engineering <[email protected]> -
1.0.9-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
* Wed Sep 4 2024 Miroslav Suchý <[email protected]> - 1.0.9-3
- convert license to SPDX
* Sat Jul 20 2024 Fedora Release Engineering <[email protected]> -
1.0.9-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
* Sat Jun 1 2024 Qiyu Yan <[email protected]> - 1.0.9-1
- update to upstream release 1.0.9
* Tue Apr 23 2024 Qiyu Yan <[email protected]> - 1.0.8-1
- update to upstream release 1.0.8
* Fri Mar 1 2024 Qiyu Yan <[email protected]> - 1.0.7-1
- update to upstream release 1.0.7
* Sat Jan 27 2024 Fedora Release Engineering <[email protected]> -
1.0.6-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
--------------------------------------------------------------------------------
--
_______________________________________________
epel-devel mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/[email protected]
Do not reply to spam, report it:
https://forge.fedoraproject.org/infra/tickets/issues/new
