stable

maturin-1.9.6-4.fc42, python-fastar-0.8.0-4.fc42, & 5 more

FEDORA-2026-23bb71ea52 created by music a month ago for Fedora 42

Update rust-astral-tokio-tar to 0.6.0, fixing CVE-2026-32766. Update rust-tar to 0.4.45, fixing CVE-2026-33056. Update rust-nix to 0.31.2. Update uv and python-uv-build to 0.10.2, rebuilding them with the latest rust-astral-tokio-tar and rust-tar. Update python-fastar to 0.9.0, rebuilding it with the lastest rust-tar. Rebuild maturin with the latest rust-tar.

How to install

Updates may require up to 24 hours to propagate to mirrors. If the following command doesn't work, please retry later:

sudo dnf upgrade --refresh --advisory=FEDORA-2026-23bb71ea52

This update's test gating status has been changed to 'waiting'.

a month ago

music edited this update.

a month ago

This update's test gating status has been changed to 'ignored'.

a month ago

This update has been submitted for testing by bodhi.

a month ago

This update has been pushed to testing.

a month ago

music edited this update.

New build(s):

  • uv-0.10.12-1.fc42
  • python-uv-build-0.10.12-1.fc42
  • maturin-1.9.6-4.fc42
  • python-fastar-0.8.0-4.fc42
  • rust-astral-tokio-tar-0.6.0-1.fc42
  • rust-tar-0.4.45-1.fc42

Karma has been reset.

a month ago

This update has been submitted for testing by music.

a month ago

music edited this update.

a month ago

This update has been pushed to testing.

a month ago
User Icon decathorpe provided feedback a month ago
karma

This update can be pushed to stable now if the maintainer wishes

a month ago

This update has been submitted for stable by music.

a month ago

This update has been pushed to stable.

a month ago

Please log in to add feedback.

Metadata
Type
security
Severity
medium
Karma
1
Signed
Content Type
RPM
Test Gating
Autopush Settings
Unstable by Karma
-3
Stable by Karma
3
Stable by Time
7 days
Dates
submitted
a month ago
in testing
a month ago
in stable
a month ago
modified
a month ago
approved
a month ago
Builds
7
maturin-1.9.6-4.fc42
python-fastar-0.8.0-4.fc42
python-uv-build-0.10.12-1.fc42
rust-astral-tokio-tar-0.6.0-1.fc42
rust-nix-0.31.2-1.fc42
rust-tar-0.4.45-1.fc42
uv-0.10.12-1.fc42
BZ#2448054 rust-astral-tokio-tar-0.6.0 is available
0
0
BZ#2449243 uv-0.10.12 is available
0
0
BZ#2449274 rust-tar-0.4.45 is available
0
0
BZ#2449338 python-uv-build-0.10.12 is available
0
0
BZ#2449547 CVE-2026-32766 python-uv-build: astral-tokio-tar: Potential archive misinterpretation via malformed PAX extensions [fedora-42]
0
0
BZ#2449549 CVE-2026-32766 uv: astral-tokio-tar: Potential archive misinterpretation via malformed PAX extensions [fedora-42]
0
0
BZ#2449645 python-fastar-0.9.0 is available
0
0
BZ#2449681 CVE-2026-33056 maturin: tar-rs: Arbitrary directory permission modification via crafted tar archive [fedora-all]
0
0
BZ#2449683 CVE-2026-33056 python-fastar: tar-rs: Arbitrary directory permission modification via crafted tar archive [fedora-all]
0
0
BZ#2449684 CVE-2026-33056 python-uv-build: tar-rs: Arbitrary directory permission modification via crafted tar archive [fedora-all]
0
0
BZ#2449694 CVE-2026-33056 uv: tar-rs: Arbitrary directory permission modification via crafted tar archive [fedora-all]
0
0
maturin-1.9.6-4.fc42
python-fastar-0.8.0-4.fc42
python-uv-build-0.10.12-1.fc42
rust-astral-tokio-tar-0.6.0-1.fc42
rust-nix-0.31.2-1.fc42
rust-tar-0.4.45-1.fc42
uv-0.10.12-1.fc42

Automated Test Results

Copyright © 2007-2026 Red Hat, Inc. and others.

Running bodhi-server 26.4.0 on bodhi-web-6f874fb45-gwh52.

bodhi is Free Software. Please file issues if you have any problems. Read the documentation.

Composes Legal Privacy policy