stable

openapi-python-client-0.26.2-4.fc42, python-uv-build-0.9.5-1.fc42, & 22 more

FEDORA-2025-a77c1f005b created by music 6 months ago for Fedora 42

uv 0.9.5

https://github.com/astral-sh/uv/blob/0.9.5/CHANGELOG.md

Since uv was built with astral-tokio-tar 0.5.6, this is a security fix for CVE-2025-62518.

ruff 0.14.2

https://github.com/astral-sh/ruff/blob/0.14.2/CHANGELOG.md

rust-astral-tokio-tar 0.5.6

  • Fixed a parser desynchronization vulnerability when reading tar archives that contain mismatched size information in PAX/ustar headers.

    This vulnerability is being tracked as GHSA-j5gw-2vrg-8fgx and CVE-2025-62518.

  • Initial package for python-uv-build in Fedora 42
  • Initial packages for a number of new dependencies for ruff and uv
  • Update rust-tikv-jemallocator and rust-tikv-jemalloc-sys to 0.6.1
  • Update openapi-python-client to 0.26.2 and patch it to allow ruff 0.14

How to install

Updates may require up to 24 hours to propagate to mirrors. If the following command doesn't work, please retry later:

sudo dnf upgrade --refresh --advisory=FEDORA-2025-a77c1f005b

This update's test gating status has been changed to 'waiting'.

6 months ago

This update's test gating status has been changed to 'ignored'.

6 months ago

This update has been submitted for testing by bodhi.

6 months ago

This update has been pushed to testing.

6 months ago

music edited this update.

New build(s):

  • rust-tikv-jemallocator-0.6.1-1.fc42
  • rust-proc-macro-utils-0.10.0-1.fc42
  • rust-interpolator-0.5.0-3.fc42
  • rust-attribute-derive-0.10.5-1.fc42
  • rust-manyhow-0.11.4-1.fc42
  • rust-manyhow-macros-0.11.4-1.fc42
  • rust-collection_literals-1.0.3-1.fc42
  • rust-quote-use-0.8.4-2.fc42
  • rust-quote-use-macros-0.8.4-1.fc42
  • rust-attribute-derive-macro-0.10.5-1.fc42
  • rust-tikv-jemalloc-sys-0.6.1-1.fc42

Karma has been reset.

6 months ago

This update has been submitted for testing by music.

6 months ago

This update has been pushed to testing.

6 months ago

music edited this update.

New build(s):

  • rust-get-size2-0.7.0-2.fc42
  • rust-get-size-derive2-0.7.0-1.fc42

Karma has been reset.

6 months ago

This update has been submitted for testing by music.

6 months ago

This update has been pushed to testing.

6 months ago

music edited this update.

6 months ago

music edited this update.

6 months ago

music edited this update.

New build(s):

  • openapi-python-client-0.26.2-4.fc42

Karma has been reset.

6 months ago

This update has been submitted for testing by music.

6 months ago

This update has obsoleted openapi-python-client-0.26.2-2.fc42, and has inherited its bugs and notes.

6 months ago

music edited this update.

6 months ago

This update has been pushed to testing.

6 months ago

music edited this update.

New build(s):

  • ruff-0.14.1-1.fc42

Karma has been reset.

6 months ago

This update has been submitted for testing by music.

6 months ago

music edited this update.

6 months ago

music edited this update.

New build(s):

  • rust-astral-tokio-tar-0.5.6-1.fc42

Karma has been reset.

6 months ago

music edited this update.

New build(s):

  • rust-reqsign-0.17.0-1.fc42

Karma has been reset.

6 months ago

This update has been pushed to testing.

6 months ago

music edited this update.

New build(s):

  • ruff-0.14.1-2.fc42
  • uv-0.8.24-1.fc42

Removed build(s):

  • ruff-0.14.1-1.fc42

Karma has been reset.

6 months ago

This update has been submitted for testing by music.

6 months ago

music edited this update.

6 months ago

music edited this update.

6 months ago

This update has been pushed to testing.

6 months ago

music edited this update.

6 months ago

music edited this update.

6 months ago

music edited this update.

New build(s):

  • ruff-0.14.2-1.fc42

Removed build(s):

  • ruff-0.14.1-2.fc42

Karma has been reset.

6 months ago

This update has been submitted for testing by music.

6 months ago

This update has been pushed to testing.

6 months ago

music edited this update.

New build(s):

  • uv-0.9.5-1.fc42
  • python-uv-build-0.9.5-1.fc42
  • rust-reqsign-0.18.0-1.fc42
  • rust-reqsign-aws-v4-2.0.0-1.fc42
  • rust-reqsign-file-read-tokio-2.0.0-1.fc42
  • rust-reqsign-http-send-reqwest-2.0.0-1.fc42
  • rust-reqsign-command-execute-tokio-2.0.0-1.fc42
  • rust-reqsign-core-2.0.0-1.fc42

Removed build(s):

  • rust-reqsign-0.17.0-1.fc42
  • rust-reqsign-aws-v4-1.0.0-1.fc42
  • rust-reqsign-command-execute-tokio-1.0.0-1.fc42
  • rust-reqsign-core-1.0.0-1.fc42
  • rust-reqsign-file-read-tokio-1.0.0-1.fc42
  • rust-reqsign-http-send-reqwest-1.0.0-1.fc42
  • uv-0.8.24-1.fc42

Karma has been reset.

6 months ago

This update has been submitted for testing by music.

6 months ago
User Icon music commented & provided feedback 6 months ago

With ruff and uv now both fully up to date, I’m going to try to stop editing this so that it can go stable.

music edited this update.

6 months ago

This update has been pushed to testing.

6 months ago

This update has been submitted for stable by bodhi.

5 months ago

This update has been pushed to stable.

5 months ago

Please log in to add feedback.

Metadata
Type
security
Severity
low
Karma
0
Signed
Content Type
RPM
Test Gating
Autopush Settings
Unstable by Karma
-3
Stable by Karma
3
Stable by Time
7 days
Dates
submitted
6 months ago
in testing
6 months ago
in stable
5 months ago
modified
6 months ago
approved
5 months ago
Builds
24
openapi-python-client-0.26.2-4.fc42
python-uv-build-0.9.5-1.fc42
ruff-0.14.2-1.fc42
rust-astral-tokio-tar-0.5.6-1.fc42
rust-attribute-derive-0.10.5-1.fc42
rust-attribute-derive-macro-0.10.5-1.fc42
rust-collection_literals-1.0.3-1.fc42
rust-get-size2-0.7.0-2.fc42
rust-get-size-derive2-0.7.0-1.fc42
rust-interpolator-0.5.0-3.fc42
rust-manyhow-0.11.4-1.fc42
rust-manyhow-macros-0.11.4-1.fc42
rust-proc-macro-utils-0.10.0-1.fc42
rust-quote-use-0.8.4-2.fc42
rust-quote-use-macros-0.8.4-1.fc42
rust-reqsign-0.18.0-1.fc42
rust-reqsign-aws-v4-2.0.0-1.fc42
rust-reqsign-command-execute-tokio-2.0.0-1.fc42
rust-reqsign-core-2.0.0-1.fc42
rust-reqsign-file-read-tokio-2.0.0-1.fc42
rust-reqsign-http-send-reqwest-2.0.0-1.fc42
rust-tikv-jemallocator-0.6.1-1.fc42
rust-tikv-jemalloc-sys-0.6.1-1.fc42
uv-0.9.5-1.fc42
BZ#2360699 ruff-0.14.1 is available
0
0
BZ#2402441 rust-reqsign-core-2.0.0 is available
0
0
BZ#2402442 rust-reqsign-command-execute-tokio-2.0.0 is available
0
0
BZ#2402443 rust-reqsign-http-send-reqwest-2.0.0 is available
0
0
BZ#2402881 python-uv-build-0.9.5 is available
0
0
BZ#2402923 uv-0.9.5 is available
0
0
BZ#2405474 CVE-2025-62518 rust-astral-tokio-tar: astral-tokio-tar Vulnerable to PAX Header Desynchronization [fedora-42]
0
0
BZ#2405476 CVE-2025-62518 uv: astral-tokio-tar Vulnerable to PAX Header Desynchronization [fedora-42]
0
0
BZ#2406135 ruff-0.14.2 is available
0
0
openapi-python-client-0.26.2-4.fc42
python-uv-build-0.9.5-1.fc42
ruff-0.14.2-1.fc42
rust-astral-tokio-tar-0.5.6-1.fc42
rust-attribute-derive-0.10.5-1.fc42
rust-attribute-derive-macro-0.10.5-1.fc42
rust-collection_literals-1.0.3-1.fc42
rust-get-size2-0.7.0-2.fc42
rust-get-size-derive2-0.7.0-1.fc42
rust-interpolator-0.5.0-3.fc42
rust-manyhow-0.11.4-1.fc42
rust-manyhow-macros-0.11.4-1.fc42
rust-proc-macro-utils-0.10.0-1.fc42
rust-quote-use-0.8.4-2.fc42
rust-quote-use-macros-0.8.4-1.fc42
rust-reqsign-0.18.0-1.fc42
rust-reqsign-aws-v4-2.0.0-1.fc42
rust-reqsign-command-execute-tokio-2.0.0-1.fc42
rust-reqsign-core-2.0.0-1.fc42
rust-reqsign-file-read-tokio-2.0.0-1.fc42
rust-reqsign-http-send-reqwest-2.0.0-1.fc42
rust-tikv-jemallocator-0.6.1-1.fc42
rust-tikv-jemalloc-sys-0.6.1-1.fc42
uv-0.9.5-1.fc42

Automated Test Results

Copyright © 2007-2026 Red Hat, Inc. and others.

Running bodhi-server 25.11.3 on bodhi-web-21-zp57g.

bodhi is Free Software. Please file issues if you have any problems. Read the documentation.

Composes Legal Privacy policy