stable

openapi-python-client-0.24.3-2.fc41, python-uv-build-0.9.5-1.fc41, & 23 more

FEDORA-2025-43a0bff5ea created by music 4 months ago for Fedora 41

uv 0.9.5

https://github.com/astral-sh/uv/blob/0.9.5/CHANGELOG.md

Since uv was built with astral-tokio-tar 0.5.6, this is a security fix for CVE-2025-62518.

ruff 0.14.2

https://github.com/astral-sh/ruff/blob/0.14.2/CHANGELOG.md

rust-astral-tokio-tar 0.5.6

  • Fixed a parser desynchronization vulnerability when reading tar archives that contain mismatched size information in PAX/ustar headers.

    This vulnerability is being tracked as GHSA-j5gw-2vrg-8fgx and CVE-2025-62518.

  • Initial package for python-uv-build in Fedora 42
  • Initial packages for a number of new dependencies for ruff and uv.
  • Update rust-tikv-jemallocator and rust-tikv-jemalloc-sys to 0.6.1.
  • Patch openapi-python-client to allow ruff 0.14

How to install

Updates may require up to 24 hours to propagate to mirrors. If the following command doesn't work, please retry later:

sudo dnf upgrade --refresh --advisory=FEDORA-2025-43a0bff5ea

This update's test gating status has been changed to 'waiting'.

4 months ago

This update's test gating status has been changed to 'ignored'.

4 months ago

This update has been submitted for testing by bodhi.

4 months ago

This update has been pushed to testing.

4 months ago

music edited this update.

New build(s):

  • rust-tikv-jemallocator-0.6.1-1.fc41
  • rust-manyhow-0.11.4-1.fc41
  • rust-attribute-derive-macro-0.10.5-1.fc41
  • rust-attribute-derive-0.10.5-1.fc41
  • rust-manyhow-macros-0.11.4-1.fc41
  • rust-proc-macro-utils-0.10.0-1.fc41
  • rust-collection_literals-1.0.3-1.fc41
  • rust-interpolator-0.5.0-3.fc41
  • rust-quote-use-0.8.4-2.fc41
  • rust-quote-use-macros-0.8.4-1.fc41
  • rust-tikv-jemalloc-sys-0.6.1-1.fc41

Karma has been reset.

4 months ago

This update has been submitted for testing by music.

4 months ago

This update has been pushed to testing.

4 months ago

music edited this update.

New build(s):

  • rust-get-size2-0.7.0-2.fc41
  • rust-get-size-derive2-0.7.0-1.fc41

Karma has been reset.

4 months ago

This update has been submitted for testing by music.

4 months ago

This update has been pushed to testing.

4 months ago

music edited this update.

New build(s):

  • openapi-python-client-0.24.3-2.fc41

Karma has been reset.

4 months ago

This update has been submitted for testing by music.

4 months ago

music edited this update.

New build(s):

  • rust-backon-1.5.2-2.fc41

Karma has been reset.

4 months ago

This update has been pushed to testing.

4 months ago

music edited this update.

New build(s):

  • rust-astral-tokio-tar-0.5.6-1.fc41

Karma has been reset.

4 months ago

This update has been submitted for testing by music.

4 months ago

music edited this update.

4 months ago

music edited this update.

New build(s):

  • rust-reqsign-0.17.0-1.fc41

Karma has been reset.

4 months ago

This update has been pushed to testing.

4 months ago

music edited this update.

New build(s):

  • ruff-0.14.1-2.fc41
  • uv-0.8.24-1.fc41

Karma has been reset.

4 months ago

This update has been submitted for testing by music.

4 months ago

music edited this update.

4 months ago

music edited this update.

4 months ago

This update has been pushed to testing.

4 months ago

music edited this update.

4 months ago

music edited this update.

New build(s):

  • rust-reqsign-core-2.0.0-1.fc41
  • ruff-0.14.2-1.fc41

Removed build(s):

  • ruff-0.14.1-2.fc41
  • rust-reqsign-core-1.0.0-1.fc41

Karma has been reset.

4 months ago

This update has been submitted for testing by music.

4 months ago

This update has been pushed to testing.

4 months ago

music edited this update.

New build(s):

  • uv-0.9.5-1.fc41
  • python-uv-build-0.9.5-1.fc41
  • rust-reqsign-0.18.0-1.fc41
  • rust-reqsign-aws-v4-2.0.0-1.fc41
  • rust-reqsign-file-read-tokio-2.0.0-1.fc41
  • rust-reqsign-http-send-reqwest-2.0.0-1.fc41
  • rust-reqsign-command-execute-tokio-2.0.0-1.fc41

Removed build(s):

  • rust-reqsign-0.17.0-1.fc41
  • rust-reqsign-aws-v4-1.0.0-1.fc41
  • rust-reqsign-command-execute-tokio-1.0.0-1.fc41
  • rust-reqsign-file-read-tokio-1.0.0-1.fc41
  • rust-reqsign-http-send-reqwest-1.0.0-1.fc41
  • uv-0.8.24-1.fc41

Karma has been reset.

4 months ago

This update has been submitted for testing by music.

4 months ago

music edited this update.

New build(s):

  • rust-backon-1.6.0-1.fc41

Removed build(s):

  • rust-backon-1.5.2-2.fc41

Karma has been reset.

4 months ago
User Icon music commented & provided feedback 4 months ago

With ruff and uv now both fully up to date, I’m going to try to stop editing this so that it can go stable.

music edited this update.

4 months ago

This update has been pushed to testing.

4 months ago

This update has been submitted for stable by bodhi.

3 months ago

This update has been pushed to stable.

3 months ago

Please log in to add feedback.

Metadata
Type
security
Severity
low
Karma
0
Signed
Content Type
RPM
Test Gating
Autopush Settings
Unstable by Karma
-3
Stable by Karma
3
Stable by Time
7 days
Dates
submitted
4 months ago
in testing
4 months ago
in stable
3 months ago
modified
4 months ago
approved
3 months ago
Builds
25
openapi-python-client-0.24.3-2.fc41
python-uv-build-0.9.5-1.fc41
ruff-0.14.2-1.fc41
rust-astral-tokio-tar-0.5.6-1.fc41
rust-attribute-derive-0.10.5-1.fc41
rust-attribute-derive-macro-0.10.5-1.fc41
rust-backon-1.6.0-1.fc41
rust-collection_literals-1.0.3-1.fc41
rust-get-size2-0.7.0-2.fc41
rust-get-size-derive2-0.7.0-1.fc41
rust-interpolator-0.5.0-3.fc41
rust-manyhow-0.11.4-1.fc41
rust-manyhow-macros-0.11.4-1.fc41
rust-proc-macro-utils-0.10.0-1.fc41
rust-quote-use-0.8.4-2.fc41
rust-quote-use-macros-0.8.4-1.fc41
rust-reqsign-0.18.0-1.fc41
rust-reqsign-aws-v4-2.0.0-1.fc41
rust-reqsign-command-execute-tokio-2.0.0-1.fc41
rust-reqsign-core-2.0.0-1.fc41
rust-reqsign-file-read-tokio-2.0.0-1.fc41
rust-reqsign-http-send-reqwest-2.0.0-1.fc41
rust-tikv-jemallocator-0.6.1-1.fc41
rust-tikv-jemalloc-sys-0.6.1-1.fc41
uv-0.9.5-1.fc41
BZ#2360699 ruff-0.14.1 is available
0
0
BZ#2402441 rust-reqsign-core-2.0.0 is available
0
0
BZ#2402442 rust-reqsign-command-execute-tokio-2.0.0 is available
0
0
BZ#2402443 rust-reqsign-http-send-reqwest-2.0.0 is available
0
0
BZ#2402881 python-uv-build-0.9.5 is available
0
0
BZ#2402923 uv-0.9.5 is available
0
0
BZ#2405471 CVE-2025-62518 rust-astral-tokio-tar: astral-tokio-tar Vulnerable to PAX Header Desynchronization [fedora-41]
0
0
BZ#2405472 CVE-2025-62518 uv: astral-tokio-tar Vulnerable to PAX Header Desynchronization [fedora-41]
0
0
BZ#2406135 ruff-0.14.2 is available
0
0
openapi-python-client-0.24.3-2.fc41
python-uv-build-0.9.5-1.fc41
ruff-0.14.2-1.fc41
rust-astral-tokio-tar-0.5.6-1.fc41
rust-attribute-derive-0.10.5-1.fc41
rust-attribute-derive-macro-0.10.5-1.fc41
rust-backon-1.6.0-1.fc41
rust-collection_literals-1.0.3-1.fc41
rust-get-size2-0.7.0-2.fc41
rust-get-size-derive2-0.7.0-1.fc41
rust-interpolator-0.5.0-3.fc41
rust-manyhow-0.11.4-1.fc41
rust-manyhow-macros-0.11.4-1.fc41
rust-proc-macro-utils-0.10.0-1.fc41
rust-quote-use-0.8.4-2.fc41
rust-quote-use-macros-0.8.4-1.fc41
rust-reqsign-0.18.0-1.fc41
rust-reqsign-aws-v4-2.0.0-1.fc41
rust-reqsign-command-execute-tokio-2.0.0-1.fc41
rust-reqsign-core-2.0.0-1.fc41
rust-reqsign-file-read-tokio-2.0.0-1.fc41
rust-reqsign-http-send-reqwest-2.0.0-1.fc41
rust-tikv-jemallocator-0.6.1-1.fc41
rust-tikv-jemalloc-sys-0.6.1-1.fc41
uv-0.9.5-1.fc41

Automated Test Results

Copyright © 2007-2026 Red Hat, Inc. and others.

Running bodhi-server 25.11.3 on bodhi-web-16-jzkw7.

bodhi is Free Software. Please file issues if you have any problems. Read the documentation.

Composes Legal Privacy policy