https://github.com/astral-sh/uv/blob/0.8.24/CHANGELOG.md
Since uv was built with astral-tokio-tar 0.5.6, this is a security fix for CVE-2025-62518.
Fixed a parser desynchronization vulnerability when reading tar archives that contain mismatched size information in PAX/ustar headers.
This vulnerability is being tracked as GHSA-j5gw-2vrg-8fgx and CVE-2025-62518.
Update rust-tikv-jemallocator and rust-tikv-jemalloc-sys to 0.6.1.
Initial packages for a number of new dependencies for uv, and initial EPEL10 packages for a few of their dependencies.
Please log in to add feedback.
This update's test gating status has been changed to 'waiting'.
This update's test gating status has been changed to 'ignored'.
This update has been submitted for testing by bodhi.
This update has been pushed to testing.
music edited this update.
New build(s):
Karma has been reset.
This update has been submitted for testing by music.
This update has been pushed to testing.
music edited this update.
New build(s):
Karma has been reset.
This update has been submitted for testing by music.
music edited this update.
New build(s):
Karma has been reset.
music edited this update.
New build(s):
Removed build(s):
Karma has been reset.
This update has been pushed to testing.
music edited this update.
New build(s):
Karma has been reset.
This update has been submitted for testing by music.
This update has been pushed to testing.
music edited this update.
New build(s):
Removed build(s):
Karma has been reset.
This update has been submitted for testing by music.
music edited this update.
I’m going to try to stop editing this so that it can go stable.
This update has been pushed to testing.
This update has been submitted for stable by bodhi.
This update has been pushed to stable.