|
|
Subscribe / Log in / New account

Fedora alert FEDORA-2025-43a0bff5ea (rust-tikv-jemallocator)



From:
              updates--- via package-announce <package-announce@lists.fedoraproject.org>


To:
              package-announce@lists.fedoraproject.org


Subject:
              [SECURITY] Fedora 41 Update: rust-tikv-jemallocator-0.6.1-1.fc41


Date:
              Mon, 03 Nov 2025 01:02:15 +0000


Message-ID:
              <20251103010215.A63146FEE1@bastion01.rdu3.fedoraproject.org>


Archive-link:
              Article


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-43a0bff5ea
2025-11-03 01:00:54.501352+00:00
--------------------------------------------------------------------------------

Name        : rust-tikv-jemallocator
Product     : Fedora 41
Version     : 0.6.1
Release     : 1.fc41
URL         : https://crates.io/crates/tikv-jemallocator
Summary     : Rust allocator backed by jemalloc
Description :
A Rust allocator backed by jemalloc.

--------------------------------------------------------------------------------
Update Information:

uv 0.9.5
https://github.com/astral-sh/uv/blob/0.9.5/CHANGELOG.md
Since uv was built with astral-tokio-tar 0.5.6, this is a security fix for
CVE-2025-62518.
ruff 0.14.2
https://github.com/astral-sh/ruff/blob/0.14.2/CHANGELOG.md
rust-astral-tokio-tar 0.5.6
Fixed a parser desynchronization vulnerability when reading tar archives that
  contain mismatched size information in PAX/ustar headers.
This vulnerability is being tracked as GHSA-j5gw-2vrg-8fgx
and CVE-2025-62518.
Initial package for python-uv-build in Fedora 42
Initial packages for a number of new dependencies for ruff and uv.
Update rust-tikv-jemallocator and rust-tikv-jemalloc-sys to 0.6.1.
Patch openapi-python-client to allow ruff 0.14
--------------------------------------------------------------------------------
ChangeLog:

* Thu Oct 16 2025 Benjamin A. Beasley <code@musicinmybrain.net> - 0.6.1-1
- Update to version 0.6.1; Fixes RHBZ#2404523
* Fri Jul 25 2025 Fedora Release Engineering <releng@fedoraproject.org> - 0.6.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #2360699 - ruff-0.14.1 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=2360699
  [ 2 ] Bug #2402441 - rust-reqsign-core-2.0.0 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=2402441
  [ 3 ] Bug #2402442 - rust-reqsign-command-execute-tokio-2.0.0 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=2402442
  [ 4 ] Bug #2402443 - rust-reqsign-http-send-reqwest-2.0.0 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=2402443
  [ 5 ] Bug #2402881 - python-uv-build-0.9.5 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=2402881
  [ 6 ] Bug #2402923 - uv-0.9.5 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=2402923
  [ 7 ] Bug #2405471 - CVE-2025-62518 rust-astral-tokio-tar: astral-tokio-tar Vulnerable to PAX
Header Desynchronization [fedora-41]
        https://bugzilla.redhat.com/show_bug.cgi?id=2405471
  [ 8 ] Bug #2405472 - CVE-2025-62518 uv: astral-tokio-tar Vulnerable to PAX Header
Desynchronization [fedora-41]
        https://bugzilla.redhat.com/show_bug.cgi?id=2405472
  [ 9 ] Bug #2406135 - ruff-0.14.2 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=2406135
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-43a0bff5ea' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgr...

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

-- 
_______________________________________________
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-cond...
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/package-ann...
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds