The following builds have been pushed to Fedora EPEL 10.2 updates-testing
ascii-3.31-1.el10_2 baresip-4.5.0-1.el10_2 fcitx5-gtk-5.1.5-2.el10_2 helix-25.07.1-7.el10_2 libre-4.5.0-1.el10_2 maturin-1.9.6-3.el10_2 ntpd-rs-1.6.2-3.el10_2 partclone-0.3.45-1.el10_2 rust-ambient-id-0.0.8-1.el10_2 rust-bat-0.24.0-13.el10_2 rust-below-0.9.0-6.el10_2 rust-bytes-1.11.1-1.el10_2 rust-cargo-c-0.10.18-3.el10_2 rust-git2-0.20.4-1.el10_2 rust-jsonwebtoken-9.3.1-4.el10_2 rust-libdeflate-sys-1.25.2-1.el10_2 rust-libdeflater-1.25.2-1.el10_2 rust-num-conv-0.2.0-1.el10_2 rust-onefetch-2.26.1-7.el10_2 rust-rbw-1.13.2-5.el10_2 rust-routinator-0.14.2-4.el10_2 rust-speakersafetyd-1.0.2-6.el10_2 rust-time-0.3.47-1.el10_2 rust-time-core-0.1.8-1.el10_2 rust-time-macros-0.2.27-1.el10_2 rust-tokei-14.0.0-4.el10_2 rust-weezl-0.1.12-3.el10_2 tegrarcm-1.9-1.el10_2 uv-0.9.30-2.el10_2 xcb-imdkit-1.0.9-6.el10_2
Details about builds:
================================================================================ ascii-3.31-1.el10_2 (FEDORA-EPEL-2026-a31108b12c) Interactive ascii name and synonym chart -------------------------------------------------------------------------------- Update Information:
Update from upstream. -------------------------------------------------------------------------------- ChangeLog:
* Sun Feb 8 2026 Didier Fabert didier.fabert@gmail.com - 3.31-1 - Update to 3.31 version * Fri Jan 16 2026 Fedora Release Engineering releng@fedoraproject.org - 3.30-6 - Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild * Fri Jan 16 2026 Fedora Release Engineering releng@fedoraproject.org - 3.30-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild -------------------------------------------------------------------------------- References:
[ 1 ] Bug #2437581 - ascii-3.31 is available https://bugzilla.redhat.com/show_bug.cgi?id=2437581 --------------------------------------------------------------------------------
================================================================================ baresip-4.5.0-1.el10_2 (FEDORA-EPEL-2026-c33b10af47) Modular SIP user-agent with audio and video support -------------------------------------------------------------------------------- Update Information:
Baresip v4.5.0 (2026-01-28) rtprecv: fix race condition after video-display was closed account: added ;check_origin parameter and API functions to get and set it peerconn: always call close handler on destruct account: misc improvements in core and test rtprecv: fix tmr_cancel decode data race audio: remove audio_txtelev_empty() -- unused rtprecv: check re_thread_init() return value test: use insecure warning (not needed for tests) readme,license: update for new year audio: remove audio_set_hold() -- unused test: split test/call.c test: add peer-connection test cases uag: uag_filter_calls() support unlink in listh mixausrc: rework test: use audio_txtelev_empty() to check if DTMF was sent test: add usage of more audio_xxx() functions in peerconn-test audio: optimize source mutex handling mixausrc sanitizer and EOS fixes test mixausrc httpd: print err instead of no reply test: disable DNS-client cache in test_call_sni -- ref #3620 libre v4.5.0 (2026-01-28) net: remove net_if_getaddr4() -- deprecated test: add testing of dtls_set_handlers() api h265: use h264_find_startcode() -- duplicated code fmt: str_bool: reuse similar logic in pl_bool() net: cleanup fallback return fmt/print: add backtrace for incompatible format arguments btrace: fix for linux addr2line rtp: add RTP listen on single port copyright: update for new year async: do not hold lock during cb call docs: fix README.md document include tmr: improve thread list lock handling aumix: add aumix_source_put_auframe and deprecate aumix_source_put rtp/sess: fix ts_arrive calculation -------------------------------------------------------------------------------- ChangeLog:
* Sun Feb 8 2026 Robert Scheck robert@fedoraproject.org 4.5.0-1 - Upgrade to 4.5.0 (#2433734) * Fri Jan 16 2026 Fedora Release Engineering releng@fedoraproject.org - 4.4.0-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild * Fri Jan 16 2026 Fedora Release Engineering releng@fedoraproject.org - 4.4.0-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild -------------------------------------------------------------------------------- References:
[ 1 ] Bug #2433715 - libre-4.5.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2433715 [ 2 ] Bug #2433734 - baresip-4.5.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2433734 --------------------------------------------------------------------------------
================================================================================ fcitx5-gtk-5.1.5-2.el10_2 (FEDORA-EPEL-2026-453dce8c51) Gtk im module and glib based dbus client library -------------------------------------------------------------------------------- Update Information:
Just release what we have while waiting for dependencies -------------------------------------------------------------------------------- ChangeLog:
* Fri Jan 16 2026 Fedora Release Engineering releng@fedoraproject.org - 5.1.5-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild * Mon Dec 22 2025 Qiyu Yan yanqiyu@fedoraproject.org - 5.1.5-1 - update to upstream release 5.1.5 * Wed Jul 23 2025 Fedora Release Engineering releng@fedoraproject.org - 5.1.4-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild * Mon Jun 16 2025 Qiyu Yan yanqiyu@fedoraproject.org - 5.1.4-1 - update to upstream release 5.1.4 * Thu Jan 16 2025 Fedora Release Engineering releng@fedoraproject.org - 5.1.3-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild * Wed Aug 28 2024 Miroslav Suchý msuchy@redhat.com - 5.1.3-3 - convert license to SPDX * Wed Jul 17 2024 Fedora Release Engineering releng@fedoraproject.org - 5.1.3-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild * Tue Apr 23 2024 Qiyu Yan yanqiyu@fedoraproject.org - 5.1.3-1 - update to upstream release 5.1.3 * Fri Mar 1 2024 Qiyu Yan yanqiyu@fedoraproject.org - 5.1.2-1 - update to upstream release 5.1.2 * Mon Jan 29 2024 Karuboniru yanqiyu@fedoraproject.org - 5.1.1-4 - fix FTBFS with GCC 14 * Wed Jan 24 2024 Fedora Release Engineering releng@fedoraproject.org - 5.1.1-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild * Fri Jan 19 2024 Fedora Release Engineering releng@fedoraproject.org - 5.1.1-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild --------------------------------------------------------------------------------
================================================================================ helix-25.07.1-7.el10_2 (FEDORA-EPEL-2026-dea517c7d2) A post-modern modal text editor written in Rust -------------------------------------------------------------------------------- Update Information:
Update the time crate to version 0.3.47. Update the time-macros crate to version 0.2.27. Update the time-core crate to version 0.1.8. Update the num-conv crate to version 0.2.0. Update the git2 crate to version 0.20.4. Update the bytes crate to version 1.11.1. Additionally, this update contains rebuilds of applications affected by security advisories: bytes: RUSTSEC-2026-0007 git2: RUSTSEC-2026-0008 jsonwebtoken: CVE-2026-25537 time: RUSTSEC-2026-0009 All applications that statically link libgit2 via the git2 Rust bindings were also rebuilt against the latest version of the git2 / libgit2-sys crates to pull in fixes included in libgit2 between v1.8.1 and v1.9.2. -------------------------------------------------------------------------------- ChangeLog:
* Sat Feb 7 2026 Fabio Valentini decathorpe@gmail.com - 25.07.1-7 - Rebuild for RUSTSEC-2026-{0007,0008,0009} and CVE-2026-25537 * Fri Jan 16 2026 Fedora Release Engineering releng@fedoraproject.org - 25.07.1-6 - Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild -------------------------------------------------------------------------------- References:
[ 1 ] Bug #2437460 - CVE-2026-25537 rust-jsonwebtoken: jsonwebtoken has Type Confusion that leads to potential authorization bypass [epel-10] https://bugzilla.redhat.com/show_bug.cgi?id=2437460 [ 2 ] Bug #2437461 - CVE-2026-25537 uv: jsonwebtoken has Type Confusion that leads to potential authorization bypass [epel-10] https://bugzilla.redhat.com/show_bug.cgi?id=2437461 --------------------------------------------------------------------------------
================================================================================ libre-4.5.0-1.el10_2 (FEDORA-EPEL-2026-c33b10af47) Generic library for real-time communications -------------------------------------------------------------------------------- Update Information:
Baresip v4.5.0 (2026-01-28) rtprecv: fix race condition after video-display was closed account: added ;check_origin parameter and API functions to get and set it peerconn: always call close handler on destruct account: misc improvements in core and test rtprecv: fix tmr_cancel decode data race audio: remove audio_txtelev_empty() -- unused rtprecv: check re_thread_init() return value test: use insecure warning (not needed for tests) readme,license: update for new year audio: remove audio_set_hold() -- unused test: split test/call.c test: add peer-connection test cases uag: uag_filter_calls() support unlink in listh mixausrc: rework test: use audio_txtelev_empty() to check if DTMF was sent test: add usage of more audio_xxx() functions in peerconn-test audio: optimize source mutex handling mixausrc sanitizer and EOS fixes test mixausrc httpd: print err instead of no reply test: disable DNS-client cache in test_call_sni -- ref #3620 libre v4.5.0 (2026-01-28) net: remove net_if_getaddr4() -- deprecated test: add testing of dtls_set_handlers() api h265: use h264_find_startcode() -- duplicated code fmt: str_bool: reuse similar logic in pl_bool() net: cleanup fallback return fmt/print: add backtrace for incompatible format arguments btrace: fix for linux addr2line rtp: add RTP listen on single port copyright: update for new year async: do not hold lock during cb call docs: fix README.md document include tmr: improve thread list lock handling aumix: add aumix_source_put_auframe and deprecate aumix_source_put rtp/sess: fix ts_arrive calculation -------------------------------------------------------------------------------- ChangeLog:
* Fri Feb 6 2026 Robert Scheck robert@fedoraproject.org 4.5.0-1 - Upgrade to 4.5.0 (#2433715) * Fri Jan 16 2026 Fedora Release Engineering releng@fedoraproject.org - 4.4.0-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild -------------------------------------------------------------------------------- References:
[ 1 ] Bug #2433715 - libre-4.5.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2433715 [ 2 ] Bug #2433734 - baresip-4.5.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2433734 --------------------------------------------------------------------------------
================================================================================ maturin-1.9.6-3.el10_2 (FEDORA-EPEL-2026-dea517c7d2) Build and publish Rust crates as Python packages -------------------------------------------------------------------------------- Update Information:
Update the time crate to version 0.3.47. Update the time-macros crate to version 0.2.27. Update the time-core crate to version 0.1.8. Update the num-conv crate to version 0.2.0. Update the git2 crate to version 0.20.4. Update the bytes crate to version 1.11.1. Additionally, this update contains rebuilds of applications affected by security advisories: bytes: RUSTSEC-2026-0007 git2: RUSTSEC-2026-0008 jsonwebtoken: CVE-2026-25537 time: RUSTSEC-2026-0009 All applications that statically link libgit2 via the git2 Rust bindings were also rebuilt against the latest version of the git2 / libgit2-sys crates to pull in fixes included in libgit2 between v1.8.1 and v1.9.2. -------------------------------------------------------------------------------- ChangeLog:
* Sat Feb 7 2026 Fabio Valentini decathorpe@gmail.com - 1.9.6-3 - Rebuild for RUSTSEC-2026-{0007,0008,0009} and CVE-2026-25537 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #2437460 - CVE-2026-25537 rust-jsonwebtoken: jsonwebtoken has Type Confusion that leads to potential authorization bypass [epel-10] https://bugzilla.redhat.com/show_bug.cgi?id=2437460 [ 2 ] Bug #2437461 - CVE-2026-25537 uv: jsonwebtoken has Type Confusion that leads to potential authorization bypass [epel-10] https://bugzilla.redhat.com/show_bug.cgi?id=2437461 --------------------------------------------------------------------------------
================================================================================ ntpd-rs-1.6.2-3.el10_2 (FEDORA-EPEL-2026-dea517c7d2) Full-featured implementation of NTP with NTS support -------------------------------------------------------------------------------- Update Information:
Update the time crate to version 0.3.47. Update the time-macros crate to version 0.2.27. Update the time-core crate to version 0.1.8. Update the num-conv crate to version 0.2.0. Update the git2 crate to version 0.20.4. Update the bytes crate to version 1.11.1. Additionally, this update contains rebuilds of applications affected by security advisories: bytes: RUSTSEC-2026-0007 git2: RUSTSEC-2026-0008 jsonwebtoken: CVE-2026-25537 time: RUSTSEC-2026-0009 All applications that statically link libgit2 via the git2 Rust bindings were also rebuilt against the latest version of the git2 / libgit2-sys crates to pull in fixes included in libgit2 between v1.8.1 and v1.9.2. -------------------------------------------------------------------------------- ChangeLog:
* Sat Feb 7 2026 Fabio Valentini decathorpe@gmail.com - 1.6.2-3 - Rebuild for RUSTSEC-2026-{0007,0008,0009} and CVE-2026-25537 * Fri Jan 16 2026 Fedora Release Engineering releng@fedoraproject.org - 1.6.2-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild -------------------------------------------------------------------------------- References:
[ 1 ] Bug #2437460 - CVE-2026-25537 rust-jsonwebtoken: jsonwebtoken has Type Confusion that leads to potential authorization bypass [epel-10] https://bugzilla.redhat.com/show_bug.cgi?id=2437460 [ 2 ] Bug #2437461 - CVE-2026-25537 uv: jsonwebtoken has Type Confusion that leads to potential authorization bypass [epel-10] https://bugzilla.redhat.com/show_bug.cgi?id=2437461 --------------------------------------------------------------------------------
================================================================================ partclone-0.3.45-1.el10_2 (FEDORA-EPEL-2026-1e11667a9c) Utility to clone and restore a partition -------------------------------------------------------------------------------- Update Information:
partclone v0.3.45 Fix make for distclean and maintainer-clean -------------------------------------------------------------------------------- ChangeLog:
* Thu Feb 5 2026 Robert Scheck robert@fedoraproject.org 0.3.45-1 - Upgrade to 0.3.45 (#2435871) -------------------------------------------------------------------------------- References:
[ 1 ] Bug #2435871 - partclone-0.3.45 is available https://bugzilla.redhat.com/show_bug.cgi?id=2435871 --------------------------------------------------------------------------------
================================================================================ rust-ambient-id-0.0.8-1.el10_2 (FEDORA-EPEL-2026-dea517c7d2) Detects ambient OIDC credentials in a variety of environments -------------------------------------------------------------------------------- Update Information:
Update the time crate to version 0.3.47. Update the time-macros crate to version 0.2.27. Update the time-core crate to version 0.1.8. Update the num-conv crate to version 0.2.0. Update the git2 crate to version 0.20.4. Update the bytes crate to version 1.11.1. Additionally, this update contains rebuilds of applications affected by security advisories: bytes: RUSTSEC-2026-0007 git2: RUSTSEC-2026-0008 jsonwebtoken: CVE-2026-25537 time: RUSTSEC-2026-0009 All applications that statically link libgit2 via the git2 Rust bindings were also rebuilt against the latest version of the git2 / libgit2-sys crates to pull in fixes included in libgit2 between v1.8.1 and v1.9.2. -------------------------------------------------------------------------------- ChangeLog:
* Tue Feb 3 2026 Benjamin A. Beasley code@musicinmybrain.net - 0.0.8-1 - Update to version 0.0.8 * Sat Jan 17 2026 Fedora Release Engineering releng@fedoraproject.org - 0.0.7-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild -------------------------------------------------------------------------------- References:
[ 1 ] Bug #2437460 - CVE-2026-25537 rust-jsonwebtoken: jsonwebtoken has Type Confusion that leads to potential authorization bypass [epel-10] https://bugzilla.redhat.com/show_bug.cgi?id=2437460 [ 2 ] Bug #2437461 - CVE-2026-25537 uv: jsonwebtoken has Type Confusion that leads to potential authorization bypass [epel-10] https://bugzilla.redhat.com/show_bug.cgi?id=2437461 --------------------------------------------------------------------------------
================================================================================ rust-bat-0.24.0-13.el10_2 (FEDORA-EPEL-2026-dea517c7d2) Cat(1) clone with wings -------------------------------------------------------------------------------- Update Information:
Update the time crate to version 0.3.47. Update the time-macros crate to version 0.2.27. Update the time-core crate to version 0.1.8. Update the num-conv crate to version 0.2.0. Update the git2 crate to version 0.20.4. Update the bytes crate to version 1.11.1. Additionally, this update contains rebuilds of applications affected by security advisories: bytes: RUSTSEC-2026-0007 git2: RUSTSEC-2026-0008 jsonwebtoken: CVE-2026-25537 time: RUSTSEC-2026-0009 All applications that statically link libgit2 via the git2 Rust bindings were also rebuilt against the latest version of the git2 / libgit2-sys crates to pull in fixes included in libgit2 between v1.8.1 and v1.9.2. -------------------------------------------------------------------------------- ChangeLog:
* Sat Feb 7 2026 Fabio Valentini decathorpe@gmail.com - 0.24.0-13 - Rebuild for RUSTSEC-2026-{0007,0008,0009} and CVE-2026-25537 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #2437460 - CVE-2026-25537 rust-jsonwebtoken: jsonwebtoken has Type Confusion that leads to potential authorization bypass [epel-10] https://bugzilla.redhat.com/show_bug.cgi?id=2437460 [ 2 ] Bug #2437461 - CVE-2026-25537 uv: jsonwebtoken has Type Confusion that leads to potential authorization bypass [epel-10] https://bugzilla.redhat.com/show_bug.cgi?id=2437461 --------------------------------------------------------------------------------
================================================================================ rust-below-0.9.0-6.el10_2 (FEDORA-EPEL-2026-dea517c7d2) Interactive tool to view and record historical system data -------------------------------------------------------------------------------- Update Information:
Update the time crate to version 0.3.47. Update the time-macros crate to version 0.2.27. Update the time-core crate to version 0.1.8. Update the num-conv crate to version 0.2.0. Update the git2 crate to version 0.20.4. Update the bytes crate to version 1.11.1. Additionally, this update contains rebuilds of applications affected by security advisories: bytes: RUSTSEC-2026-0007 git2: RUSTSEC-2026-0008 jsonwebtoken: CVE-2026-25537 time: RUSTSEC-2026-0009 All applications that statically link libgit2 via the git2 Rust bindings were also rebuilt against the latest version of the git2 / libgit2-sys crates to pull in fixes included in libgit2 between v1.8.1 and v1.9.2. -------------------------------------------------------------------------------- ChangeLog:
* Sat Feb 7 2026 Fabio Valentini decathorpe@gmail.com - 0.9.0-6 - Rebuild for RUSTSEC-2026-{0007,0008,0009} and CVE-2026-25537 * Sat Jan 17 2026 Fedora Release Engineering releng@fedoraproject.org - 0.9.0-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild -------------------------------------------------------------------------------- References:
[ 1 ] Bug #2437460 - CVE-2026-25537 rust-jsonwebtoken: jsonwebtoken has Type Confusion that leads to potential authorization bypass [epel-10] https://bugzilla.redhat.com/show_bug.cgi?id=2437460 [ 2 ] Bug #2437461 - CVE-2026-25537 uv: jsonwebtoken has Type Confusion that leads to potential authorization bypass [epel-10] https://bugzilla.redhat.com/show_bug.cgi?id=2437461 --------------------------------------------------------------------------------
================================================================================ rust-bytes-1.11.1-1.el10_2 (FEDORA-EPEL-2026-dea517c7d2) Types and traits for working with bytes -------------------------------------------------------------------------------- Update Information:
Update the time crate to version 0.3.47. Update the time-macros crate to version 0.2.27. Update the time-core crate to version 0.1.8. Update the num-conv crate to version 0.2.0. Update the git2 crate to version 0.20.4. Update the bytes crate to version 1.11.1. Additionally, this update contains rebuilds of applications affected by security advisories: bytes: RUSTSEC-2026-0007 git2: RUSTSEC-2026-0008 jsonwebtoken: CVE-2026-25537 time: RUSTSEC-2026-0009 All applications that statically link libgit2 via the git2 Rust bindings were also rebuilt against the latest version of the git2 / libgit2-sys crates to pull in fixes included in libgit2 between v1.8.1 and v1.9.2. -------------------------------------------------------------------------------- ChangeLog:
* Fri Feb 6 2026 Fabio Valentini decathorpe@gmail.com - 1.11.1-1 - Update to version 1.11.1; Fixes RHBZ#2436335 * Sat Jan 17 2026 Fedora Release Engineering releng@fedoraproject.org - 1.11.0-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild -------------------------------------------------------------------------------- References:
[ 1 ] Bug #2437460 - CVE-2026-25537 rust-jsonwebtoken: jsonwebtoken has Type Confusion that leads to potential authorization bypass [epel-10] https://bugzilla.redhat.com/show_bug.cgi?id=2437460 [ 2 ] Bug #2437461 - CVE-2026-25537 uv: jsonwebtoken has Type Confusion that leads to potential authorization bypass [epel-10] https://bugzilla.redhat.com/show_bug.cgi?id=2437461 --------------------------------------------------------------------------------
================================================================================ rust-cargo-c-0.10.18-3.el10_2 (FEDORA-EPEL-2026-dea517c7d2) Helper program to build and install c-like libraries -------------------------------------------------------------------------------- Update Information:
Update the time crate to version 0.3.47. Update the time-macros crate to version 0.2.27. Update the time-core crate to version 0.1.8. Update the num-conv crate to version 0.2.0. Update the git2 crate to version 0.20.4. Update the bytes crate to version 1.11.1. Additionally, this update contains rebuilds of applications affected by security advisories: bytes: RUSTSEC-2026-0007 git2: RUSTSEC-2026-0008 jsonwebtoken: CVE-2026-25537 time: RUSTSEC-2026-0009 All applications that statically link libgit2 via the git2 Rust bindings were also rebuilt against the latest version of the git2 / libgit2-sys crates to pull in fixes included in libgit2 between v1.8.1 and v1.9.2. -------------------------------------------------------------------------------- ChangeLog:
* Sat Feb 7 2026 Fabio Valentini decathorpe@gmail.com - 0.10.18-3 - Rebuild for RUSTSEC-2026-{0007,0008,0009} and CVE-2026-25537 * Sat Jan 17 2026 Fedora Release Engineering releng@fedoraproject.org - 0.10.18-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild -------------------------------------------------------------------------------- References:
[ 1 ] Bug #2437460 - CVE-2026-25537 rust-jsonwebtoken: jsonwebtoken has Type Confusion that leads to potential authorization bypass [epel-10] https://bugzilla.redhat.com/show_bug.cgi?id=2437460 [ 2 ] Bug #2437461 - CVE-2026-25537 uv: jsonwebtoken has Type Confusion that leads to potential authorization bypass [epel-10] https://bugzilla.redhat.com/show_bug.cgi?id=2437461 --------------------------------------------------------------------------------
================================================================================ rust-git2-0.20.4-1.el10_2 (FEDORA-EPEL-2026-dea517c7d2) Bindings to libgit2 for interoperating with git repositories -------------------------------------------------------------------------------- Update Information:
Update the time crate to version 0.3.47. Update the time-macros crate to version 0.2.27. Update the time-core crate to version 0.1.8. Update the num-conv crate to version 0.2.0. Update the git2 crate to version 0.20.4. Update the bytes crate to version 1.11.1. Additionally, this update contains rebuilds of applications affected by security advisories: bytes: RUSTSEC-2026-0007 git2: RUSTSEC-2026-0008 jsonwebtoken: CVE-2026-25537 time: RUSTSEC-2026-0009 All applications that statically link libgit2 via the git2 Rust bindings were also rebuilt against the latest version of the git2 / libgit2-sys crates to pull in fixes included in libgit2 between v1.8.1 and v1.9.2. -------------------------------------------------------------------------------- ChangeLog:
* Fri Feb 6 2026 Fabio Valentini decathorpe@gmail.com - 0.20.4-1 - Update to version 0.20.4; Fixes RHBZ#2436014 * Sat Jan 17 2026 Fedora Release Engineering releng@fedoraproject.org - 0.20.3-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild -------------------------------------------------------------------------------- References:
[ 1 ] Bug #2437460 - CVE-2026-25537 rust-jsonwebtoken: jsonwebtoken has Type Confusion that leads to potential authorization bypass [epel-10] https://bugzilla.redhat.com/show_bug.cgi?id=2437460 [ 2 ] Bug #2437461 - CVE-2026-25537 uv: jsonwebtoken has Type Confusion that leads to potential authorization bypass [epel-10] https://bugzilla.redhat.com/show_bug.cgi?id=2437461 --------------------------------------------------------------------------------
================================================================================ rust-jsonwebtoken-9.3.1-4.el10_2 (FEDORA-EPEL-2026-dea517c7d2) Create and decode JWTs in a strongly typed way -------------------------------------------------------------------------------- Update Information:
Update the time crate to version 0.3.47. Update the time-macros crate to version 0.2.27. Update the time-core crate to version 0.1.8. Update the num-conv crate to version 0.2.0. Update the git2 crate to version 0.20.4. Update the bytes crate to version 1.11.1. Additionally, this update contains rebuilds of applications affected by security advisories: bytes: RUSTSEC-2026-0007 git2: RUSTSEC-2026-0008 jsonwebtoken: CVE-2026-25537 time: RUSTSEC-2026-0009 All applications that statically link libgit2 via the git2 Rust bindings were also rebuilt against the latest version of the git2 / libgit2-sys crates to pull in fixes included in libgit2 between v1.8.1 and v1.9.2. -------------------------------------------------------------------------------- ChangeLog:
* Sat Feb 7 2026 Benjamin A. Beasley code@musicinmybrain.net - 9.3.1-4 - Backport fix for CVE-2026-25537 - Fixes RHBZ#2437470; fixes RHBZ#2437465; fixes RHBZ#2437460 * Sat Jan 17 2026 Fedora Release Engineering releng@fedoraproject.org - 9.3.1-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild -------------------------------------------------------------------------------- References:
[ 1 ] Bug #2437460 - CVE-2026-25537 rust-jsonwebtoken: jsonwebtoken has Type Confusion that leads to potential authorization bypass [epel-10] https://bugzilla.redhat.com/show_bug.cgi?id=2437460 [ 2 ] Bug #2437461 - CVE-2026-25537 uv: jsonwebtoken has Type Confusion that leads to potential authorization bypass [epel-10] https://bugzilla.redhat.com/show_bug.cgi?id=2437461 --------------------------------------------------------------------------------
================================================================================ rust-libdeflate-sys-1.25.2-1.el10_2 (FEDORA-EPEL-2026-350051b552) Bindings to libdeflate for DEFLATE -------------------------------------------------------------------------------- Update Information:
[1.25.2] - 2026/02/08 Added Crc::with_initial and Adler32::with_initial constructors (#52, thanks @vbe0201). [1.25.1] - 2026/02/07 Implemented the Sync trait for Compressor and Decompressor (#51, thanks @vbe0201). -------------------------------------------------------------------------------- ChangeLog:
* Sun Feb 8 2026 Benjamin A. Beasley code@musicinmybrain.net - 1.25.2-1 - Update to version 1.25.2; Fixes RHBZ#2437507 * Sat Jan 17 2026 Fedora Release Engineering releng@fedoraproject.org - 1.25.0-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild -------------------------------------------------------------------------------- References:
[ 1 ] Bug #2437506 - rust-libdeflater-1.25.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=2437506 [ 2 ] Bug #2437507 - rust-libdeflate-sys-1.25.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=2437507 --------------------------------------------------------------------------------
================================================================================ rust-libdeflater-1.25.2-1.el10_2 (FEDORA-EPEL-2026-350051b552) Bindings to libdeflate for DEFLATE -------------------------------------------------------------------------------- Update Information:
[1.25.2] - 2026/02/08 Added Crc::with_initial and Adler32::with_initial constructors (#52, thanks @vbe0201). [1.25.1] - 2026/02/07 Implemented the Sync trait for Compressor and Decompressor (#51, thanks @vbe0201). -------------------------------------------------------------------------------- ChangeLog:
* Sun Feb 8 2026 Benjamin A. Beasley code@musicinmybrain.net - 1.25.2-1 - Update to version 1.25.2; Fixes RHBZ#2437506 * Sat Jan 17 2026 Fedora Release Engineering releng@fedoraproject.org - 1.25.0-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild -------------------------------------------------------------------------------- References:
[ 1 ] Bug #2437506 - rust-libdeflater-1.25.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=2437506 [ 2 ] Bug #2437507 - rust-libdeflate-sys-1.25.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=2437507 --------------------------------------------------------------------------------
================================================================================ rust-num-conv-0.2.0-1.el10_2 (FEDORA-EPEL-2026-dea517c7d2) Num_conv is a crate to convert between integer types without using as casts -------------------------------------------------------------------------------- Update Information:
Update the time crate to version 0.3.47. Update the time-macros crate to version 0.2.27. Update the time-core crate to version 0.1.8. Update the num-conv crate to version 0.2.0. Update the git2 crate to version 0.20.4. Update the bytes crate to version 1.11.1. Additionally, this update contains rebuilds of applications affected by security advisories: bytes: RUSTSEC-2026-0007 git2: RUSTSEC-2026-0008 jsonwebtoken: CVE-2026-25537 time: RUSTSEC-2026-0009 All applications that statically link libgit2 via the git2 Rust bindings were also rebuilt against the latest version of the git2 / libgit2-sys crates to pull in fixes included in libgit2 between v1.8.1 and v1.9.2. -------------------------------------------------------------------------------- ChangeLog:
* Fri Feb 6 2026 Fabio Valentini decathorpe@gmail.com - 0.2.0-1 - Update to version 0.2.0; Fixes RHBZ#2391411 * Sat Jan 17 2026 Fedora Release Engineering releng@fedoraproject.org - 0.1.0-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild * Fri Jul 25 2025 Fedora Release Engineering releng@fedoraproject.org - 0.1.0-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild * Sun Jan 19 2025 Fedora Release Engineering releng@fedoraproject.org - 0.1.0-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild -------------------------------------------------------------------------------- References:
[ 1 ] Bug #2437460 - CVE-2026-25537 rust-jsonwebtoken: jsonwebtoken has Type Confusion that leads to potential authorization bypass [epel-10] https://bugzilla.redhat.com/show_bug.cgi?id=2437460 [ 2 ] Bug #2437461 - CVE-2026-25537 uv: jsonwebtoken has Type Confusion that leads to potential authorization bypass [epel-10] https://bugzilla.redhat.com/show_bug.cgi?id=2437461 --------------------------------------------------------------------------------
================================================================================ rust-onefetch-2.26.1-7.el10_2 (FEDORA-EPEL-2026-dea517c7d2) Command-line Git information tool -------------------------------------------------------------------------------- Update Information:
Update the time crate to version 0.3.47. Update the time-macros crate to version 0.2.27. Update the time-core crate to version 0.1.8. Update the num-conv crate to version 0.2.0. Update the git2 crate to version 0.20.4. Update the bytes crate to version 1.11.1. Additionally, this update contains rebuilds of applications affected by security advisories: bytes: RUSTSEC-2026-0007 git2: RUSTSEC-2026-0008 jsonwebtoken: CVE-2026-25537 time: RUSTSEC-2026-0009 All applications that statically link libgit2 via the git2 Rust bindings were also rebuilt against the latest version of the git2 / libgit2-sys crates to pull in fixes included in libgit2 between v1.8.1 and v1.9.2. -------------------------------------------------------------------------------- ChangeLog:
* Sat Feb 7 2026 Fabio Valentini decathorpe@gmail.com - 2.26.1-7 - Rebuild for RUSTSEC-2026-{0007,0008,0009} and CVE-2026-25537 * Sat Jan 17 2026 Fedora Release Engineering releng@fedoraproject.org - 2.26.1-6 - Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild -------------------------------------------------------------------------------- References:
[ 1 ] Bug #2437460 - CVE-2026-25537 rust-jsonwebtoken: jsonwebtoken has Type Confusion that leads to potential authorization bypass [epel-10] https://bugzilla.redhat.com/show_bug.cgi?id=2437460 [ 2 ] Bug #2437461 - CVE-2026-25537 uv: jsonwebtoken has Type Confusion that leads to potential authorization bypass [epel-10] https://bugzilla.redhat.com/show_bug.cgi?id=2437461 --------------------------------------------------------------------------------
================================================================================ rust-rbw-1.13.2-5.el10_2 (FEDORA-EPEL-2026-dea517c7d2) Unofficial Bitwarden CLI -------------------------------------------------------------------------------- Update Information:
Update the time crate to version 0.3.47. Update the time-macros crate to version 0.2.27. Update the time-core crate to version 0.1.8. Update the num-conv crate to version 0.2.0. Update the git2 crate to version 0.20.4. Update the bytes crate to version 1.11.1. Additionally, this update contains rebuilds of applications affected by security advisories: bytes: RUSTSEC-2026-0007 git2: RUSTSEC-2026-0008 jsonwebtoken: CVE-2026-25537 time: RUSTSEC-2026-0009 All applications that statically link libgit2 via the git2 Rust bindings were also rebuilt against the latest version of the git2 / libgit2-sys crates to pull in fixes included in libgit2 between v1.8.1 and v1.9.2. -------------------------------------------------------------------------------- ChangeLog:
* Sat Feb 7 2026 Fabio Valentini decathorpe@gmail.com - 1.13.2-5 - Rebuild for RUSTSEC-2026-{0007,0008,0009} and CVE-2026-25537 * Sat Jan 17 2026 Fedora Release Engineering releng@fedoraproject.org - 1.13.2-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild -------------------------------------------------------------------------------- References:
[ 1 ] Bug #2437460 - CVE-2026-25537 rust-jsonwebtoken: jsonwebtoken has Type Confusion that leads to potential authorization bypass [epel-10] https://bugzilla.redhat.com/show_bug.cgi?id=2437460 [ 2 ] Bug #2437461 - CVE-2026-25537 uv: jsonwebtoken has Type Confusion that leads to potential authorization bypass [epel-10] https://bugzilla.redhat.com/show_bug.cgi?id=2437461 --------------------------------------------------------------------------------
================================================================================ rust-routinator-0.14.2-4.el10_2 (FEDORA-EPEL-2026-dea517c7d2) RPKI relying party software -------------------------------------------------------------------------------- Update Information:
Update the time crate to version 0.3.47. Update the time-macros crate to version 0.2.27. Update the time-core crate to version 0.1.8. Update the num-conv crate to version 0.2.0. Update the git2 crate to version 0.20.4. Update the bytes crate to version 1.11.1. Additionally, this update contains rebuilds of applications affected by security advisories: bytes: RUSTSEC-2026-0007 git2: RUSTSEC-2026-0008 jsonwebtoken: CVE-2026-25537 time: RUSTSEC-2026-0009 All applications that statically link libgit2 via the git2 Rust bindings were also rebuilt against the latest version of the git2 / libgit2-sys crates to pull in fixes included in libgit2 between v1.8.1 and v1.9.2. -------------------------------------------------------------------------------- ChangeLog:
* Sat Feb 7 2026 Fabio Valentini decathorpe@gmail.com - 0.14.2-4 - Rebuild for RUSTSEC-2026-{0007,0008,0009} and CVE-2026-25537 * Sat Jan 17 2026 Fedora Release Engineering releng@fedoraproject.org - 0.14.2-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild * Fri Jul 25 2025 Fedora Release Engineering releng@fedoraproject.org - 0.14.2-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild -------------------------------------------------------------------------------- References:
[ 1 ] Bug #2437460 - CVE-2026-25537 rust-jsonwebtoken: jsonwebtoken has Type Confusion that leads to potential authorization bypass [epel-10] https://bugzilla.redhat.com/show_bug.cgi?id=2437460 [ 2 ] Bug #2437461 - CVE-2026-25537 uv: jsonwebtoken has Type Confusion that leads to potential authorization bypass [epel-10] https://bugzilla.redhat.com/show_bug.cgi?id=2437461 --------------------------------------------------------------------------------
================================================================================ rust-speakersafetyd-1.0.2-6.el10_2 (FEDORA-EPEL-2026-dea517c7d2) Speaker protection daemon for embedded Linux systems -------------------------------------------------------------------------------- Update Information:
Update the time crate to version 0.3.47. Update the time-macros crate to version 0.2.27. Update the time-core crate to version 0.1.8. Update the num-conv crate to version 0.2.0. Update the git2 crate to version 0.20.4. Update the bytes crate to version 1.11.1. Additionally, this update contains rebuilds of applications affected by security advisories: bytes: RUSTSEC-2026-0007 git2: RUSTSEC-2026-0008 jsonwebtoken: CVE-2026-25537 time: RUSTSEC-2026-0009 All applications that statically link libgit2 via the git2 Rust bindings were also rebuilt against the latest version of the git2 / libgit2-sys crates to pull in fixes included in libgit2 between v1.8.1 and v1.9.2. -------------------------------------------------------------------------------- ChangeLog:
* Sat Feb 7 2026 Fabio Valentini decathorpe@gmail.com - 1.0.2-6 - Rebuild for RUSTSEC-2026-{0007,0008,0009} and CVE-2026-25537 * Sat Jan 17 2026 Fedora Release Engineering releng@fedoraproject.org - 1.0.2-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild * Tue Dec 16 2025 Fabio Valentini decathorpe@gmail.com - 1.0.2-4 - Relax alsa dependency to allow both v0.9 and v0.10 * Fri Jul 25 2025 Fedora Release Engineering releng@fedoraproject.org - 1.0.2-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild * Sun Jan 19 2025 Fedora Release Engineering releng@fedoraproject.org - 1.0.2-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild -------------------------------------------------------------------------------- References:
[ 1 ] Bug #2437460 - CVE-2026-25537 rust-jsonwebtoken: jsonwebtoken has Type Confusion that leads to potential authorization bypass [epel-10] https://bugzilla.redhat.com/show_bug.cgi?id=2437460 [ 2 ] Bug #2437461 - CVE-2026-25537 uv: jsonwebtoken has Type Confusion that leads to potential authorization bypass [epel-10] https://bugzilla.redhat.com/show_bug.cgi?id=2437461 --------------------------------------------------------------------------------
================================================================================ rust-time-0.3.47-1.el10_2 (FEDORA-EPEL-2026-dea517c7d2) Date and time library -------------------------------------------------------------------------------- Update Information:
Update the time crate to version 0.3.47. Update the time-macros crate to version 0.2.27. Update the time-core crate to version 0.1.8. Update the num-conv crate to version 0.2.0. Update the git2 crate to version 0.20.4. Update the bytes crate to version 1.11.1. Additionally, this update contains rebuilds of applications affected by security advisories: bytes: RUSTSEC-2026-0007 git2: RUSTSEC-2026-0008 jsonwebtoken: CVE-2026-25537 time: RUSTSEC-2026-0009 All applications that statically link libgit2 via the git2 Rust bindings were also rebuilt against the latest version of the git2 / libgit2-sys crates to pull in fixes included in libgit2 between v1.8.1 and v1.9.2. -------------------------------------------------------------------------------- ChangeLog:
* Fri Feb 6 2026 Fabio Valentini decathorpe@gmail.com - 0.3.47-1 - Update to version 0.3.47; Fixes RHBZ#2428874 * Sat Jan 17 2026 Fedora Release Engineering releng@fedoraproject.org - 0.3.44-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild -------------------------------------------------------------------------------- References:
[ 1 ] Bug #2437460 - CVE-2026-25537 rust-jsonwebtoken: jsonwebtoken has Type Confusion that leads to potential authorization bypass [epel-10] https://bugzilla.redhat.com/show_bug.cgi?id=2437460 [ 2 ] Bug #2437461 - CVE-2026-25537 uv: jsonwebtoken has Type Confusion that leads to potential authorization bypass [epel-10] https://bugzilla.redhat.com/show_bug.cgi?id=2437461 --------------------------------------------------------------------------------
================================================================================ rust-time-core-0.1.8-1.el10_2 (FEDORA-EPEL-2026-dea517c7d2) Internal implementation details of the 'time' crate -------------------------------------------------------------------------------- Update Information:
Update the time crate to version 0.3.47. Update the time-macros crate to version 0.2.27. Update the time-core crate to version 0.1.8. Update the num-conv crate to version 0.2.0. Update the git2 crate to version 0.20.4. Update the bytes crate to version 1.11.1. Additionally, this update contains rebuilds of applications affected by security advisories: bytes: RUSTSEC-2026-0007 git2: RUSTSEC-2026-0008 jsonwebtoken: CVE-2026-25537 time: RUSTSEC-2026-0009 All applications that statically link libgit2 via the git2 Rust bindings were also rebuilt against the latest version of the git2 / libgit2-sys crates to pull in fixes included in libgit2 between v1.8.1 and v1.9.2. -------------------------------------------------------------------------------- ChangeLog:
* Fri Feb 6 2026 Fabio Valentini decathorpe@gmail.com - 0.1.8-1 - Update to version 0.1.8; Fixes RHBZ#2428875 * Sat Jan 17 2026 Fedora Release Engineering releng@fedoraproject.org - 0.1.6-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild -------------------------------------------------------------------------------- References:
[ 1 ] Bug #2437460 - CVE-2026-25537 rust-jsonwebtoken: jsonwebtoken has Type Confusion that leads to potential authorization bypass [epel-10] https://bugzilla.redhat.com/show_bug.cgi?id=2437460 [ 2 ] Bug #2437461 - CVE-2026-25537 uv: jsonwebtoken has Type Confusion that leads to potential authorization bypass [epel-10] https://bugzilla.redhat.com/show_bug.cgi?id=2437461 --------------------------------------------------------------------------------
================================================================================ rust-time-macros-0.2.27-1.el10_2 (FEDORA-EPEL-2026-dea517c7d2) Procedural macros for the time crate -------------------------------------------------------------------------------- Update Information:
Update the time crate to version 0.3.47. Update the time-macros crate to version 0.2.27. Update the time-core crate to version 0.1.8. Update the num-conv crate to version 0.2.0. Update the git2 crate to version 0.20.4. Update the bytes crate to version 1.11.1. Additionally, this update contains rebuilds of applications affected by security advisories: bytes: RUSTSEC-2026-0007 git2: RUSTSEC-2026-0008 jsonwebtoken: CVE-2026-25537 time: RUSTSEC-2026-0009 All applications that statically link libgit2 via the git2 Rust bindings were also rebuilt against the latest version of the git2 / libgit2-sys crates to pull in fixes included in libgit2 between v1.8.1 and v1.9.2. -------------------------------------------------------------------------------- ChangeLog:
* Fri Feb 6 2026 Fabio Valentini decathorpe@gmail.com - 0.2.27-1 - Update to version 0.2.27; Fixes RHBZ#2428876 * Sat Jan 17 2026 Fedora Release Engineering releng@fedoraproject.org - 0.2.24-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild -------------------------------------------------------------------------------- References:
[ 1 ] Bug #2437460 - CVE-2026-25537 rust-jsonwebtoken: jsonwebtoken has Type Confusion that leads to potential authorization bypass [epel-10] https://bugzilla.redhat.com/show_bug.cgi?id=2437460 [ 2 ] Bug #2437461 - CVE-2026-25537 uv: jsonwebtoken has Type Confusion that leads to potential authorization bypass [epel-10] https://bugzilla.redhat.com/show_bug.cgi?id=2437461 --------------------------------------------------------------------------------
================================================================================ rust-tokei-14.0.0-4.el10_2 (FEDORA-EPEL-2026-dea517c7d2) Count your code, quickly -------------------------------------------------------------------------------- Update Information:
Update the time crate to version 0.3.47. Update the time-macros crate to version 0.2.27. Update the time-core crate to version 0.1.8. Update the num-conv crate to version 0.2.0. Update the git2 crate to version 0.20.4. Update the bytes crate to version 1.11.1. Additionally, this update contains rebuilds of applications affected by security advisories: bytes: RUSTSEC-2026-0007 git2: RUSTSEC-2026-0008 jsonwebtoken: CVE-2026-25537 time: RUSTSEC-2026-0009 All applications that statically link libgit2 via the git2 Rust bindings were also rebuilt against the latest version of the git2 / libgit2-sys crates to pull in fixes included in libgit2 between v1.8.1 and v1.9.2. -------------------------------------------------------------------------------- ChangeLog:
* Sat Feb 7 2026 Fabio Valentini decathorpe@gmail.com - 14.0.0-4 - Rebuild for RUSTSEC-2026-{0007,0008,0009} and CVE-2026-25537 * Sat Jan 17 2026 Fedora Release Engineering releng@fedoraproject.org - 14.0.0-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild -------------------------------------------------------------------------------- References:
[ 1 ] Bug #2437460 - CVE-2026-25537 rust-jsonwebtoken: jsonwebtoken has Type Confusion that leads to potential authorization bypass [epel-10] https://bugzilla.redhat.com/show_bug.cgi?id=2437460 [ 2 ] Bug #2437461 - CVE-2026-25537 uv: jsonwebtoken has Type Confusion that leads to potential authorization bypass [epel-10] https://bugzilla.redhat.com/show_bug.cgi?id=2437461 --------------------------------------------------------------------------------
================================================================================ rust-weezl-0.1.12-3.el10_2 (FEDORA-EPEL-2026-dea517c7d2) Fast LZW compression and decompression -------------------------------------------------------------------------------- Update Information:
Update the time crate to version 0.3.47. Update the time-macros crate to version 0.2.27. Update the time-core crate to version 0.1.8. Update the num-conv crate to version 0.2.0. Update the git2 crate to version 0.20.4. Update the bytes crate to version 1.11.1. Additionally, this update contains rebuilds of applications affected by security advisories: bytes: RUSTSEC-2026-0007 git2: RUSTSEC-2026-0008 jsonwebtoken: CVE-2026-25537 time: RUSTSEC-2026-0009 All applications that statically link libgit2 via the git2 Rust bindings were also rebuilt against the latest version of the git2 / libgit2-sys crates to pull in fixes included in libgit2 between v1.8.1 and v1.9.2. -------------------------------------------------------------------------------- ChangeLog:
* Sat Feb 7 2026 Fabio Valentini decathorpe@gmail.com - 0.1.12-3 - Rebuild for RUSTSEC-2026-{0007,0008,0009} and CVE-2026-25537 * Sat Jan 17 2026 Fedora Release Engineering releng@fedoraproject.org - 0.1.12-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild -------------------------------------------------------------------------------- References:
[ 1 ] Bug #2437460 - CVE-2026-25537 rust-jsonwebtoken: jsonwebtoken has Type Confusion that leads to potential authorization bypass [epel-10] https://bugzilla.redhat.com/show_bug.cgi?id=2437460 [ 2 ] Bug #2437461 - CVE-2026-25537 uv: jsonwebtoken has Type Confusion that leads to potential authorization bypass [epel-10] https://bugzilla.redhat.com/show_bug.cgi?id=2437461 --------------------------------------------------------------------------------
================================================================================ tegrarcm-1.9-1.el10_2 (FEDORA-EPEL-2026-f416101830) Send code to a Tegra device in recovery mode -------------------------------------------------------------------------------- Update Information:
Update to tegrarcm 1.9 -------------------------------------------------------------------------------- ChangeLog:
* Sun Feb 8 2026 Nicolas Chauvet kwizart@gmail.com - 1.9-1 - Update to 1.9 * Tue Jan 20 2026 Fedora Release Engineering releng@fedoraproject.org - 1.8-30 - Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild * Fri Jul 25 2025 Fedora Release Engineering releng@fedoraproject.org - 1.8-29 - Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild * Tue Feb 4 2025 Nicolas Chauvet kwizart@gmail.com - 1.8-28 - Rebuilt #2 for cryptopp * Tue Feb 4 2025 Nicolas Chauvet kwizart@gmail.com - 1.8-27 - Rebuilt for cryptopp * Sun Jan 19 2025 Fedora Release Engineering releng@fedoraproject.org - 1.8-26 - Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild * Wed Sep 4 2024 Miroslav Suchý msuchy@redhat.com - 1.8-25 - convert license to SPDX * Sat Jul 20 2024 Fedora Release Engineering releng@fedoraproject.org - 1.8-24 - Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild --------------------------------------------------------------------------------
================================================================================ uv-0.9.30-2.el10_2 (FEDORA-EPEL-2026-dea517c7d2) An extremely fast Python package installer and resolver, written in Rust -------------------------------------------------------------------------------- Update Information:
Update the time crate to version 0.3.47. Update the time-macros crate to version 0.2.27. Update the time-core crate to version 0.1.8. Update the num-conv crate to version 0.2.0. Update the git2 crate to version 0.20.4. Update the bytes crate to version 1.11.1. Additionally, this update contains rebuilds of applications affected by security advisories: bytes: RUSTSEC-2026-0007 git2: RUSTSEC-2026-0008 jsonwebtoken: CVE-2026-25537 time: RUSTSEC-2026-0009 All applications that statically link libgit2 via the git2 Rust bindings were also rebuilt against the latest version of the git2 / libgit2-sys crates to pull in fixes included in libgit2 between v1.8.1 and v1.9.2. -------------------------------------------------------------------------------- ChangeLog:
* Sun Feb 8 2026 Benjamin A. Beasley code@musicinmybrain.net - 0.9.30-2 - Rebuilt with jsonwebtoken patched for CVE-2026-25537 - Fixes RHBZ#2437472; fixes RHBZ#2437467; fixes RHBZ#2437461 * Thu Feb 5 2026 Benjamin A. Beasley code@musicinmybrain.net - 0.9.30-1 - Update to 0.9.30 (close RHBZ#2437002) * Wed Feb 4 2026 Benjamin A. Beasley code@musicinmybrain.net - 0.9.29-1 - Update to 0.9.29 (close RHBZ#2436550) -------------------------------------------------------------------------------- References:
[ 1 ] Bug #2437460 - CVE-2026-25537 rust-jsonwebtoken: jsonwebtoken has Type Confusion that leads to potential authorization bypass [epel-10] https://bugzilla.redhat.com/show_bug.cgi?id=2437460 [ 2 ] Bug #2437461 - CVE-2026-25537 uv: jsonwebtoken has Type Confusion that leads to potential authorization bypass [epel-10] https://bugzilla.redhat.com/show_bug.cgi?id=2437461 --------------------------------------------------------------------------------
================================================================================ xcb-imdkit-1.0.9-6.el10_2 (FEDORA-EPEL-2026-453dce8c51) Input method development support for xcb -------------------------------------------------------------------------------- Update Information:
Just release what we have while waiting for dependencies -------------------------------------------------------------------------------- ChangeLog:
* Sat Jan 17 2026 Fedora Release Engineering releng@fedoraproject.org - 1.0.9-6 - Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild * Fri Jul 25 2025 Fedora Release Engineering releng@fedoraproject.org - 1.0.9-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild * Sun Jan 19 2025 Fedora Release Engineering releng@fedoraproject.org - 1.0.9-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild * Wed Sep 4 2024 Miroslav Suchý msuchy@redhat.com - 1.0.9-3 - convert license to SPDX * Sat Jul 20 2024 Fedora Release Engineering releng@fedoraproject.org - 1.0.9-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild * Sat Jun 1 2024 Qiyu Yan yanqiyu@fedoraproject.org - 1.0.9-1 - update to upstream release 1.0.9 * Tue Apr 23 2024 Qiyu Yan yanqiyu@fedoraproject.org - 1.0.8-1 - update to upstream release 1.0.8 * Fri Mar 1 2024 Qiyu Yan yanqiyu@fedoraproject.org - 1.0.7-1 - update to upstream release 1.0.7 * Sat Jan 27 2024 Fedora Release Engineering releng@fedoraproject.org - 1.0.6-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild --------------------------------------------------------------------------------
epel-devel@lists.fedoraproject.org
-
updates@fedoraproject.org