Fedora Security Advisories

FEDORA-EPEL-2026-5af2dc982d Packages in this update:

• atuin-18.6.1-10.el9
• helix-25.07.1-7.el9
• rust-bat-0.24.0-12.el9
• rust-below-0.9.0-6.el9
• rust-btrd-0.5.3-12.el9
• rust-bytes-1.11.1-1.el9
• rust-cargo-c-0.10.14-2.el9
• rust-dtoa-1.0.11-2.el9
• rust-dua-cli-2.32.2-3.el9
• rust-eif_build-0.2.1-6.el9
• rust-git2-0.20.4-1.el9
• rust-nu-0.99.1-16.el9
• rust-num-conv-0.2.0-1.el9
• rust-onefetch-2.26.1-7.el9
• rust-pom-3.4.0-5.el9
• rust-pore-0.1.17-11.el9
• rust-procs-0.14.10-7.el9
• rust-prometheus-client-0.19.0-6.el9
• rust-prometheus-client-derive-encode-0.4.2-6.el9
• rust-rbw-1.13.2-5.el9
• rust-rd-agent-2.2.5-14.el9
• rust-rd-hashd-2.2.5-10.el9
• rust-resctl-bench-2.2.5-10.el9
• rust-resctl-demo-2.2.5-9.el9
• rust-routinator-0.14.2-4.el9
• rust-rustyline14-14.0.0-2.el9
• rust-rustyline-derive0.10-0.10.0-2.el9
• rust-scx_layered-0.0.6-7.el9
• rust-scx_rustland-0.0.3-7.el9
• rust-scx_rusty-0.5.4-7.el9
• rust-scx_utils-0.6.0-6.el9
• rust-sequoia-keystore-server-0.2.0-6.el9
• rust-sequoia-sq-1.3.1-10.el9
• rust-shadow-rs-0.8.1-14.el9
• rust-sigul-pesign-bridge-0.5.0-3.el9
• rust-time-0.3.47-1.el9
• rust-time-core-0.1.8-1.el9
• rust-time-macros-0.2.27-1.el9
• rust-tokei-14.0.0-4.el9
• rust-weezl-0.1.12-3.el9

Update description:

• Update the time crate to version 0.3.47.
• Update the time-macros crate to version 0.2.27.
• Update the time-core crate to version 0.1.8.
• Update the num-conv crate to version 0.2.0.
• Update the git2 crate to version 0.20.4.
• Update the bytes crate to version 1.11.1.

Additionally, this update contains rebuilds of applications affected by security advisories:

• bytes: RUSTSEC-2026-0007
• git2: RUSTSEC-2026-0008
• jsonwebtoken: CVE-2026-25537
• time: RUSTSEC-2026-0009

All applications that statically link libgit2 via the git2 Rust bindings were also rebuilt against the latest version of the git2 / libgit2-sys crates to pull in fixes included in libgit2 between v1.8.1 and v1.9.2.

FEDORA-EPEL-2026-dea517c7d2 Packages in this update:

• helix-25.07.1-7.el10_2
• maturin-1.9.6-3.el10_2
• ntpd-rs-1.6.2-3.el10_2
• rust-ambient-id-0.0.8-1.el10_2
• rust-bat-0.24.0-13.el10_2
• rust-below-0.9.0-6.el10_2
• rust-bytes-1.11.1-1.el10_2
• rust-cargo-c-0.10.18-3.el10_2
• rust-git2-0.20.4-1.el10_2
• rust-jsonwebtoken-9.3.1-4.el10_2
• rust-num-conv-0.2.0-1.el10_2
• rust-onefetch-2.26.1-7.el10_2
• rust-rbw-1.13.2-5.el10_2
• rust-routinator-0.14.2-4.el10_2
• rust-speakersafetyd-1.0.2-6.el10_2
• rust-time-0.3.47-1.el10_2
• rust-time-core-0.1.8-1.el10_2
• rust-time-macros-0.2.27-1.el10_2
• rust-tokei-14.0.0-4.el10_2
• rust-weezl-0.1.12-3.el10_2
• uv-0.9.30-2.el10_2

Update description:

• Update the time crate to version 0.3.47.
• Update the time-macros crate to version 0.2.27.
• Update the time-core crate to version 0.1.8.
• Update the num-conv crate to version 0.2.0.
• Update the git2 crate to version 0.20.4.
• Update the bytes crate to version 1.11.1.

Additionally, this update contains rebuilds of applications affected by security advisories:

• bytes: RUSTSEC-2026-0007
• git2: RUSTSEC-2026-0008
• jsonwebtoken: CVE-2026-25537
• time: RUSTSEC-2026-0009

All applications that statically link libgit2 via the git2 Rust bindings were also rebuilt against the latest version of the git2 / libgit2-sys crates to pull in fixes included in libgit2 between v1.8.1 and v1.9.2.

FEDORA-2026-6388b28850 Packages in this update:

• atuin-18.6.1-10.fc42
• bustle-0.12.0-4.fc42
• envision-3.2.0-7.fc42
• glycin-1.2.3-6.fc42
• greetd-0.10.3-6.fc42
• helix-25.07.1-7.fc42
• keylime-agent-rust-0.2.8-10.fc42
• maturin-1.9.6-3.fc42
• mirrorlist-server-3.0.8-3.fc42
• ntpd-rs-1.6.2-3.fc42
• rust-add-determinism-0.6.0-3.fc42
• rust-afterburn-5.10.0-3.fc42
• rust-ambient-id-0.0.8-1.fc42
• rust-app-store-connect-0.5.0-6.fc42
• rust-bat-0.25.0-9.fc42
• rust-below-0.9.0-6.fc42
• rust-btrd-0.5.3-12.fc42
• rust-busd-0.3.1-6.fc42
• rust-bytes-1.11.1-1.fc42
• rust-cargo-c-0.10.18-3.fc42
• rust-cargo-deny-0.18.9-4.fc42
• rust-coreos-installer-0.25.0-4.fc42
• rust-crypto-auditing-agent-0.2.3-6.fc42
• rust-crypto-auditing-client-0.2.3-5.fc42
• rust-crypto-auditing-event-broker-0.2.3-6.fc42
• rust-crypto-auditing-log-parser-0.2.3-3.fc42
• rust-dua-cli-2.32.2-3.fc42
• rust-eif_build-0.2.1-6.fc42
• rust-git2-0.20.4-1.fc42
• rust-git-delta-0.18.2-13.fc42
• rust-git-interactive-rebase-tool-2.4.1-15.fc42
• rust-gst-plugin-dav1d-0.13.7-2.fc42
• rust-gst-plugin-reqwest-0.13.3-4.fc42
• rust-heatseeker-1.7.3-4.fc42
• rust-ingredients-0.2.2-2.fc42
• rust-jsonwebtoken-9.3.1-4.fc42
• rust-lsd-1.2.0-3.fc42
• rust-monitord-0.12.1-6.fc42
• rust-monitord-exporter-0.4.1-8.fc42
• rust-muvm-0.4.1-5.fc42
• rust-nu-0.99.1-16.fc42
• rust-num-conv-0.2.0-1.fc42
• rust-onefetch-2.26.1-7.fc42
• rust-oo7-cli-0.3.3-5.fc42
• rust-pleaser-0.5.6-6.fc42
• rust-pore-0.1.17-11.fc42
• rust-pretty-git-prompt-0.2.2-9.fc42
• rust-procs-0.14.10-7.fc42
• rust-rbspy-0.34.1-4.fc42
• rust-rbw-1.13.2-5.fc42
• rust-rd-agent-2.2.5-14.fc42
• rust-rd-hashd-2.2.5-10.fc42
• rust-redlib-0.35.1-10.fc42
• rust-resctl-bench-2.2.5-10.fc42
• rust-resctl-demo-2.2.5-9.fc42
• rust-routinator-0.14.2-4.fc42
• rust-sccache-0.12.0-3.fc42
• rust-scx_layered-0.0.6-7.fc42
• rust-scx_rustland-0.0.3-7.fc42
• rust-scx_rusty-0.5.4-7.fc42
• rust-sequoia-chameleon-gnupg-0.13.1-9.fc42
• rust-sequoia-keystore-server-0.2.0-6.fc42
• rust-sequoia-octopus-librnp-1.11.1-5.fc42
• rust-sequoia-sq-1.3.1-10.fc42
• rust-sevctl-0.6.2-6.fc42
• rust-shadow-rs-0.8.1-14.fc42
• rust-sigul-pesign-bridge-0.5.0-3.fc42
• rust-speakersafetyd-1.0.2-6.fc42
• rust-tealdeer-1.7.2-4.fc42
• rust-time-0.3.47-2.fc42
• rust-time-core-0.1.8-1.fc42
• rust-time-macros-0.2.27-1.fc42
• rust-tokei-14.0.0-4.fc42
• rustup-1.28.2-8.fc42
• rust-weezl-0.1.12-3.fc42
• rust-wiremix-0.7.0-3.fc42
• rust-ybaas-0.0.19-6.fc42
• sad-0.4.32-4.fc42
• tbtools-0.7.0-2.fc42
• tuigreet-0.9.1-7.fc42
• uv-0.9.30-2.fc42

Update description:

• Update the time crate to version 0.3.47.
• Update the time-macros crate to version 0.2.27.
• Update the time-core crate to version 0.1.8.
• Update the num-conv crate to version 0.2.0.
• Update the git2 crate to version 0.20.4.
• Update the bytes crate to version 1.11.1.

Additionally, this update contains rebuilds of applications affected by security advisories:

• bytes: RUSTSEC-2026-0007
• git2: RUSTSEC-2026-0008
• jsonwebtoken: CVE-2026-25537
• time: RUSTSEC-2026-0009

All applications that statically link libgit2 via the git2 Rust bindings were also rebuilt against the latest version of the git2 / libgit2-sys crates to pull in fixes included in libgit2 between v1.8.1 and v1.9.2.

FEDORA-2026-f400579a21 Packages in this update:

• asciinema-3.0.0-5.fc43
• atuin-18.6.1-10.fc43
• bustle-0.13.0-4.fc43
• envision-3.2.0-7.fc43
• glycin-2.0.5-4.fc43
• greetd-0.10.3-6.fc43
• helix-25.07.1-7.fc43
• keylime-agent-rust-0.2.8-10.fc43
• maturin-1.9.6-4.fc43
• mirrorlist-server-3.0.8-3.fc43
• ntpd-rs-1.6.2-3.fc43
• rust-add-determinism-0.6.0-3.fc43
• rust-afterburn-5.10.0-3.fc43
• rust-ambient-id-0.0.8-1.fc43
• rust-app-store-connect-0.5.0-6.fc43
• rust-bat-0.25.0-9.fc43
• rust-below-0.9.0-6.fc43
• rust-btrd-0.5.3-12.fc43
• rust-busd-0.3.1-6.fc43
• rust-bytes-1.11.1-1.fc43
• rust-cargo-c-0.10.18-3.fc43
• rust-cargo-deny-0.18.9-4.fc43
• rust-coreos-installer-0.25.0-4.fc43
• rust-crypto-auditing-agent-0.2.4-3.fc43
• rust-crypto-auditing-client-0.2.4-2.fc43
• rust-crypto-auditing-event-broker-0.2.4-2.fc43
• rust-crypto-auditing-log-parser-0.2.4-2.fc43
• rust-dua-cli-2.32.2-3.fc43
• rust-eif_build-0.2.1-6.fc43
• rust-git2-0.20.4-1.fc43
• rust-git-delta-0.18.2-13.fc43
• rust-git-interactive-rebase-tool-2.4.1-15.fc43
• rust-gst-plugin-dav1d-0.14.0-3.fc43
• rust-gst-plugin-reqwest-0.14.3-3.fc43
• rust-heatseeker-1.7.3-4.fc43
• rust-ingredients-0.2.2-2.fc43
• rust-jsonwebtoken-9.3.1-4.fc43
• rust-lsd-1.2.0-3.fc43
• rust-monitord-0.12.1-6.fc43
• rust-monitord-exporter-0.4.1-8.fc43
• rust-muvm-0.4.1-5.fc43
• rust-nu-0.99.1-16.fc43
• rust-num-conv-0.2.0-1.fc43
• rust-onefetch-2.26.1-7.fc43
• rust-oo7-cli-0.4.3-4.fc43
• rust-pleaser-0.5.6-6.fc43
• rust-pore-0.1.17-11.fc43
• rust-pretty-git-prompt-0.2.2-9.fc43
• rust-procs-0.14.10-7.fc43
• rust-rbspy-0.34.1-4.fc43
• rust-rbw-1.13.2-5.fc43
• rust-rd-agent-2.2.5-14.fc43
• rust-rd-hashd-2.2.5-10.fc43
• rust-redlib-0.35.1-10.fc43
• rust-resctl-bench-2.2.5-10.fc43
• rust-resctl-demo-2.2.5-9.fc43
• rust-routinator-0.14.2-4.fc43
• rust-sccache-0.13.0-3.fc43
• rust-scx_layered-0.0.6-7.fc43
• rust-scx_rustland-0.0.3-7.fc43
• rust-scx_rusty-0.5.4-7.fc43
• rust-sequoia-chameleon-gnupg-0.13.1-9.fc43
• rust-sequoia-keystore-server-0.2.0-6.fc43
• rust-sequoia-octopus-librnp-1.11.1-5.fc43
• rust-sequoia-sq-1.3.1-10.fc43
• rust-sevctl-0.6.2-6.fc43
• rust-shadow-rs-0.8.1-14.fc43
• rust-sigul-pesign-bridge-0.5.0-3.fc43
• rust-snpguest-0.9.2-4.fc43
• rust-speakersafetyd-1.0.2-6.fc43
• rust-tealdeer-1.7.2-4.fc43
• rust-time-0.3.47-2.fc43
• rust-time-core-0.1.8-1.fc43
• rust-time-macros-0.2.27-1.fc43
• rust-tokei-14.0.0-4.fc43
• rustup-1.28.2-8.fc43
• rust-weezl-0.1.12-3.fc43
• rust-wiremix-0.7.0-3.fc43
• rust-ybaas-0.0.19-6.fc43
• sad-0.4.32-4.fc43
• tbtools-0.7.0-2.fc43
• tuigreet-0.9.1-7.fc43
• uv-0.9.30-2.fc43

Update description:

• Update the time crate to version 0.3.47.
• Update the time-macros crate to version 0.2.27.
• Update the time-core crate to version 0.1.8.
• Update the num-conv crate to version 0.2.0.
• Update the git2 crate to version 0.20.4.
• Update the bytes crate to version 1.11.1.

Additionally, this update contains rebuilds of applications affected by security advisories:

• bytes: RUSTSEC-2026-0007
• git2: RUSTSEC-2026-0008
• jsonwebtoken: CVE-2026-25537
• time: RUSTSEC-2026-0009

All applications that statically link libgit2 via the git2 Rust bindings were also rebuilt against the latest version of the git2 / libgit2-sys crates to pull in fixes included in libgit2 between v1.8.1 and v1.9.2.

FEDORA-2026-1b11ddff94 Packages in this update:

• asciinema-3.0.0-5.fc44
• atuin-18.6.1-10.fc44
• bustle-0.13.0-4.fc44
• envision-3.2.0-7.fc44
• glycin-2.0.5-4.fc44
• greetd-0.10.3-6.fc44
• helix-25.07.1-7.fc44
• keylime-agent-rust-0.2.8-11.fc44
• maturin-1.9.6-4.fc44
• mirrorlist-server-3.0.8-3.fc44
• ntpd-rs-1.6.2-3.fc44
• rust-add-determinism-0.7.2-4.fc44
• rust-afterburn-5.10.0-3.fc44
• rust-app-store-connect-0.5.0-6.fc44
• rust-bat-0.25.0-9.fc44
• rust-below-0.9.0-6.fc44
• rust-btrd-0.5.3-12.fc44
• rust-busd-0.3.1-6.fc44
• rust-bytes-1.11.1-1.fc44
• rust-cargo-c-0.10.18-3.fc44
• rust-cargo-deny-0.18.9-4.fc44
• rust-coreos-installer-0.25.0-4.fc44
• rust-crypto-auditing-agent-0.2.4-4.fc44
• rust-crypto-auditing-client-0.2.4-3.fc44
• rust-crypto-auditing-event-broker-0.2.4-3.fc44
• rust-crypto-auditing-log-parser-0.2.4-3.fc44
• rust-dua-cli-2.32.2-3.fc44
• rust-eif_build-0.2.1-6.fc44
• rust-git2-0.20.4-1.fc44
• rust-git-delta-0.18.2-13.fc44
• rust-git-interactive-rebase-tool-2.4.1-15.fc44
• rust-gitui-0.28.0-3.fc44
• rust-gst-plugin-dav1d-0.14.0-3.fc44
• rust-gst-plugin-reqwest-0.14.3-3.fc44
• rust-heatseeker-1.7.3-4.fc44
• rust-ingredients-0.2.2-2.fc44
• rust-jsonwebtoken-9.3.1-4.fc44
• rust-lsd-1.2.0-3.fc44
• rust-monitord-0.12.1-6.fc44
• rust-monitord-exporter-0.4.1-8.fc44
• rust-muvm-0.4.1-5.fc44
• rust-nu-0.99.1-16.fc44
• rust-num-conv-0.2.0-1.fc44
• rust-onefetch-2.26.1-7.fc44
• rust-oo7-cli-0.4.3-4.fc44
• rust-pleaser-0.5.6-6.fc44
• rust-pore-0.1.17-11.fc44
• rust-pretty-git-prompt-0.2.2-9.fc44
• rust-procs-0.14.10-7.fc44
• rust-rbspy-0.34.1-4.fc44
• rust-rbw-1.13.2-5.fc44
• rust-rd-agent-2.2.5-14.fc44
• rust-rd-hashd-2.2.5-10.fc44
• rust-redlib-0.35.1-10.fc44
• rust-resctl-bench-2.2.5-10.fc44
• rust-resctl-demo-2.2.5-9.fc44
• rust-routinator-0.14.2-4.fc44
• rust-sccache-0.13.0-3.fc44
• rust-scx_layered-0.0.6-7.fc44
• rust-scx_rustland-0.0.3-7.fc44
• rust-scx_rusty-0.5.4-7.fc44
• rust-sequoia-chameleon-gnupg-0.13.1-9.fc44
• rust-sequoia-keystore-server-0.2.0-6.fc44
• rust-sequoia-octopus-librnp-1.11.1-5.fc44
• rust-sequoia-sq-1.3.1-10.fc44
• rust-sevctl-0.6.2-6.fc44
• rust-shadow-rs-0.8.1-14.fc44
• rust-sigul-pesign-bridge-0.6.0-3.fc44
• rust-snpguest-0.9.2-4.fc44
• rust-speakersafetyd-1.0.2-6.fc44
• rust-tealdeer-1.7.2-4.fc44
• rust-time-0.3.47-2.fc44
• rust-time-core-0.1.8-1.fc44
• rust-time-macros-0.2.27-1.fc44
• rust-tokei-14.0.0-4.fc44
• rustup-1.28.2-8.fc44
• rust-weezl-0.1.12-3.fc44
• rust-wiremix-0.7.0-3.fc44
• rust-ybaas-0.0.19-6.fc44
• sad-0.4.32-4.fc44
• tbtools-0.7.0-3.fc44
• tuigreet-0.9.1-7.fc44
• uv-0.9.30-2.fc44

Update description:

• Update the time crate to version 0.3.47.
• Update the time-macros crate to version 0.2.27.
• Update the time-core crate to version 0.1.8.
• Update the num-conv crate to version 0.2.0.
• Update the git2 crate to version 0.20.4.
• Update the bytes crate to version 1.11.1.

Additionally, this update contains rebuilds of applications affected by security advisories:

• bytes: RUSTSEC-2026-0007
• git2: RUSTSEC-2026-0008
• jsonwebtoken: CVE-2026-25537
• time: RUSTSEC-2026-0009

All applications that statically link libgit2 via the git2 Rust bindings were also rebuilt against the latest version of the git2 / libgit2-sys crates to pull in fixes included in libgit2 between v1.8.1 and v1.9.2.

FEDORA-2026-fd61fd216d Packages in this update:

• asciinema-3.0.0-5.fc45
• atuin-18.6.1-10.fc45
• bustle-0.13.0-4.fc45
• envision-3.2.0-7.fc45
• glycin-2.0.5-4.fc45
• greetd-0.10.3-6.fc45
• helix-25.07.1-7.fc45
• keylime-agent-rust-0.2.8-11.fc45
• maturin-1.9.6-4.fc45
• mirrorlist-server-3.0.8-3.fc45
• ntpd-rs-1.6.2-3.fc45
• rust-add-determinism-0.7.2-4.fc45
• rust-afterburn-5.10.0-3.fc45
• rust-app-store-connect-0.5.0-6.fc45
• rust-bat-0.25.0-9.fc45
• rust-below-0.9.0-6.fc45
• rust-btrd-0.5.3-12.fc45
• rust-busd-0.3.1-6.fc45
• rust-bytes-1.11.1-1.fc45
• rust-cargo-c-0.10.18-3.fc45
• rust-cargo-deny-0.18.9-4.fc45
• rust-coreos-installer-0.25.0-4.fc45
• rust-crypto-auditing-agent-0.2.4-4.fc45
• rust-crypto-auditing-client-0.2.4-3.fc45
• rust-crypto-auditing-event-broker-0.2.4-3.fc45
• rust-crypto-auditing-log-parser-0.2.4-3.fc45
• rust-dua-cli-2.32.2-3.fc45
• rust-eif_build-0.2.1-6.fc45
• rust-git2-0.20.4-1.fc45
• rust-git-delta-0.18.2-13.fc45
• rust-git-interactive-rebase-tool-2.4.1-15.fc45
• rust-gitui-0.28.0-3.fc45
• rust-gst-plugin-dav1d-0.14.0-3.fc45
• rust-gst-plugin-reqwest-0.14.3-3.fc45
• rust-heatseeker-1.7.3-4.fc45
• rust-ingredients-0.2.2-2.fc45
• rust-jsonwebtoken-9.3.1-4.fc45
• rust-lsd-1.2.0-3.fc45
• rust-monitord-0.12.1-6.fc45
• rust-monitord-exporter-0.4.1-8.fc45
• rust-muvm-0.4.1-5.fc45
• rust-nu-0.99.1-16.fc45
• rust-num-conv-0.2.0-1.fc45
• rust-onefetch-2.26.1-7.fc45
• rust-oo7-cli-0.4.3-4.fc45
• rust-pleaser-0.5.6-6.fc45
• rust-pore-0.1.17-11.fc45
• rust-pretty-git-prompt-0.2.2-9.fc45
• rust-procs-0.14.10-7.fc45
• rust-rbspy-0.34.1-4.fc45
• rust-rbw-1.13.2-5.fc45
• rust-rd-agent-2.2.5-14.fc45
• rust-rd-hashd-2.2.5-10.fc45
• rust-redlib-0.35.1-10.fc45
• rust-resctl-bench-2.2.5-10.fc45
• rust-resctl-demo-2.2.5-9.fc45
• rust-routinator-0.14.2-4.fc45
• rust-sccache-0.13.0-3.fc45
• rust-scx_layered-0.0.6-7.fc45
• rust-scx_rustland-0.0.3-7.fc45
• rust-scx_rusty-0.5.4-7.fc45
• rust-sequoia-chameleon-gnupg-0.13.1-9.fc45
• rust-sequoia-keystore-server-0.2.0-6.fc45
• rust-sequoia-octopus-librnp-1.11.1-5.fc45
• rust-sequoia-sq-1.3.1-10.fc45
• rust-sevctl-0.6.2-6.fc45
• rust-shadow-rs-0.8.1-14.fc45
• rust-sigul-pesign-bridge-0.6.0-3.fc45
• rust-snpguest-0.9.2-4.fc45
• rust-speakersafetyd-1.0.2-6.fc45
• rust-tealdeer-1.7.2-4.fc45
• rust-time-0.3.47-2.fc45
• rust-time-core-0.1.8-1.fc45
• rust-time-macros-0.2.27-1.fc45
• rust-tokei-14.0.0-4.fc45
• rustup-1.28.2-8.fc45
• rust-weezl-0.1.12-3.fc45
• rust-wiremix-0.7.0-3.fc45
• rust-ybaas-0.0.19-6.fc45
• sad-0.4.32-4.fc45
• tbtools-0.7.0-3.fc45
• tuigreet-0.9.1-7.fc45
• uv-0.9.30-2.fc45

Update description:

• Update the time crate to version 0.3.47.
• Update the time-macros crate to version 0.2.27.
• Update the time-core crate to version 0.1.8.
• Update the num-conv crate to version 0.2.0.
• Update the git2 crate to version 0.20.4.
• Update the bytes crate to version 1.11.1.

Additionally, this update contains rebuilds of applications affected by security advisories:

• bytes: RUSTSEC-2026-0007
• git2: RUSTSEC-2026-0008
• jsonwebtoken: CVE-2026-25537
• time: RUSTSEC-2026-0009

All applications that statically link libgit2 via the git2 Rust bindings were also rebuilt against the latest version of the git2 / libgit2-sys crates to pull in fixes included in libgit2 between v1.8.1 and v1.9.2.

FEDORA-2026-298986b2a3 Packages in this update:

• mingw-expat-2.7.4-1.fc42

Update description:

Update to expat-2.7.4.

FEDORA-2026-37324381f3 Packages in this update:

• mingw-expat-2.7.4-1.fc43

Update description:

Update to expat-2.7.4.

FEDORA-2026-e900558e56 Packages in this update:

• chromium-144.0.7559.132-1.fc42

Update description:

Update to 144.0.7559.132

* CVE-2026-1861: Heap buffer overflow in libvpx * CVE-2026-1862: Type Confusion in V8

FEDORA-2026-db342a4417 Packages in this update:

• chromium-144.0.7559.132-1.fc43

Update description:

Update to 144.0.7559.132

* CVE-2026-1861: Heap buffer overflow in libvpx * CVE-2026-1862: Type Confusion in V8

FEDORA-EPEL-2026-5d567587ed Packages in this update:

• chromium-144.0.7559.132-1.el10_2

Update description:

Update to 144.0.7559.132

* CVE-2026-1861: Heap buffer overflow in libvpx * CVE-2026-1862: Type Confusion in V8

FEDORA-EPEL-2026-f8fd439c99 Packages in this update:

• chromium-144.0.7559.132-1.el10_1

Update description:

Update to 144.0.7559.132

* CVE-2026-1861: Heap buffer overflow in libvpx * CVE-2026-1862: Type Confusion in V8

FEDORA-EPEL-2026-6b12c1c86e Packages in this update:

• chromium-144.0.7559.132-1.el9

Update description:

Update to 144.0.7559.132

* CVE-2026-1861: Heap buffer overflow in libvpx * CVE-2026-1862: Type Confusion in V8

FEDORA-2026-0b8cc86e5b Packages in this update:

• nginx-1.28.2-1.fc42
• nginx-mod-brotli-1.0.0~rc-6.fc42
• nginx-mod-fancyindex-0.5.2-15.fc42
• nginx-mod-headers-more-0.39-6.fc42
• nginx-mod-modsecurity-1.0.4-7.fc42
• nginx-mod-naxsi-1.6-14.fc42
• nginx-mod-vts-0.2.4-6.fc42

Update description:

nginx-mod-fancyindex:

• Rebuild for 1.28.2

nginx-mod-headers-more:

• Rebuild for 1.28.2

nginx-mod-brotli:

• Rebuild for 1.28.2

nginx-mod-modsecurity:

• Rebuild for 1.28.2

nginx-mod-vts:

• Rebuild for 1.28.2

nginx-mod-naxsi:

• Rebuild for 1.28.2

nginx:

• Update to 1.28.2
• fixes CVE-2026-1642
• move log directory to nginx-filesystem subpackage (PR#20)
• delete Maxim Dounin's key, it's no longer listed on the nginx website

FEDORA-2026-cd0705c6a7 Packages in this update:

• nginx-1.28.2-1.fc43
• nginx-mod-brotli-1.0.0~rc-6.fc43
• nginx-mod-fancyindex-0.5.2-15.fc43
• nginx-mod-headers-more-0.39-6.fc43
• nginx-mod-modsecurity-1.0.4-7.fc43
• nginx-mod-naxsi-1.6-14.fc43
• nginx-mod-vts-0.2.4-6.fc43

Update description:

nginx-mod-naxsi:

• Rebuild for 1.28.2

nginx-mod-brotli:

• Rebuild for 1.28.2

nginx-mod-fancyindex:

• Rebuild for 1.28.2

nginx-mod-modsecurity:

• Rebuild for 1.28.2

nginx-mod-headers-more:

• Rebuild for 1.28.2

nginx-mod-vts:

• Rebuild for 1.28.2

nginx:

• Update to 1.28.2
• fixes CVE-2026-1642
• move log directory to nginx-filesystem subpackage (PR#20)
• delete Maxim Dounin's key, it's no longer listed on the nginx website

FEDORA-2026-ce174cdc78 Packages in this update:

• vultr-cli-3.8.0-1.fc44

Update description:

Automatic update for vultr-cli-3.8.0-1.fc44.

Changelog * Wed Feb 4 2026 Major Hayden <major@redhat.com> - 3.8.0-1 - Update to 3.8.0 - Fixes CVE-2025-11065: go-viper/mapstructure updated to v2.4.0 - Resolves: rhbz#2390882, rhbz#2399729, rhbz#2397062

FEDORA-2026-a84e0ad039 Packages in this update:

• linux-sgx-2.26-34.fc43

Update description:

Update nodejs modules used by pccs daemon for CVE-2026-23745, CVE-2026-23950, CVE-2026-24842, CVE-2025-13465, CVE-2025-15284. Remove Fedora override of default pccs daemon port. Remove redundant dep on mpa_registration from pccs. Add system scriptlets for pccs server. Port to pycryptography & pyasn1. Fix tracebacks in keyring code.

FEDORA-EPEL-2026-5e10141457 Packages in this update:

• openbao-2.5.0-1.el8

Update description:

Update to upstream openbao-2.5.0. Also fixes CVE-2025-58189, CVE-2025-61723, CVE-2025-61725, CVE-2025-58183, CVE-2025-58185, CVE-2025-58188 on epel-8.

FEDORA-2026-66cb8ecfc2 Packages in this update:

• python-aiohttp-3.13.3-4.fc43

Update description:

https://github.com/aio-libs/aiohttp/blob/v3.13.3/CHANGES.rst

FEDORA-2026-f5514402fd Packages in this update:

• python3.6-3.6.15-52.fc42

Update description:

• Security fixes for CVE-2026-0865, CVE-2025-15366, CVE-2025-15367, CVE-2026-1299