Fedora alert FEDORA-2025-575023fff7 (ruff)
| From: | updates--- via package-announce <package-announce@lists.fedoraproject.org> | |
| To: | package-announce@lists.fedoraproject.org | |
| Subject: | [SECURITY] Fedora 41 Update: ruff-0.11.5-2.fc41 | |
| Date: | Fri, 30 May 2025 01:45:53 +0000 | |
| Message-ID: | <20250530014553.4CF302031482@bastion01.iad2.fedoraproject.org> | |
| Archive-link: | Article |
-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-575023fff7 2025-05-30 01:44:07.670098+00:00 -------------------------------------------------------------------------------- Name : ruff Product : Fedora 41 Version : 0.11.5 Release : 2.fc41 URL : https://github.com/astral-sh/ruff Summary : Extremely fast Python linter and code formatter Description : An extremely fast Python linter and code formatter, written in Rust. Ruff aims to be orders of magnitude faster than alternative tools while integrating more functionality behind a single, common interface. Ruff can be used to replace Flake8 (plus dozens of plugins), Black, isort, pydocstyle, pyupgrade, autoflake, and more, all while executing tens or hundreds of times faster than any individual tool. -------------------------------------------------------------------------------- Update Information: Security update for CVE-2025-4574, GHSA-pg9f-39pc-qf8g: by rebuilding ruff, we ensure that it uses version 0.5.15 of the crossbeam-channel crate library. rust-hashlink 0.10.0 API incompatible change: upgrade hashbrown to 0.15 API incompatible change: we now wrap DefaultHashBuilder and DefaultHasher from hashbrown so that in the future upgrading hashbrown is not an API incompatible change -------------------------------------------------------------------------------- ChangeLog: * Fri May 2 2025 Benjamin A. Beasley <code@musicinmybrain.net> - 0.11.5-2 - Stop patching for hashbrown/hashlink 0.14/0.9; use 0.15/0.10 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2331134 - rust-hashlink-0.10.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2331134 [ 2 ] Bug #2366541 - CVE-2025-4574 ruff: crossbeam-channel Vulnerable to Double Free on Drop [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2366541 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-575023fff7' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgr... All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- package-announce@lists.fedoraproject.org To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-cond... List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/package-ann... Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue