|
|
Log in / Subscribe / Register

Fedora alert FEDORA-2026-23bb71ea52 (python-fastar)



From:
              updates--- via package-announce <package-announce@lists.fedoraproject.org>


To:
              package-announce@lists.fedoraproject.org


Subject:
              [SECURITY] Fedora 42 Update: python-fastar-0.8.0-4.fc42


Date:
              Sun, 29 Mar 2026 01:08:49 +0000


Message-ID:
              <20260329010849.6E9D96D004@bastion01.rdu3.fedoraproject.org>


Archive-link:
              Article


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-23bb71ea52
2026-03-29 01:07:01.422539+00:00
--------------------------------------------------------------------------------

Name        : python-fastar
Product     : Fedora 42
Version     : 0.8.0
Release     : 4.fc42
URL         : https://github.com/DoctorJohn/fastar
Summary     : High-level bindings for the Rust tar crate
Description :
The fastar library wraps the Rust tar, flate2, and zstd crates, providing a
high-performance way to work with compressed and uncompressed tar archives in
Python.

--------------------------------------------------------------------------------
Update Information:

Update rust-astral-tokio-tar to 0.6.0, fixing CVE-2026-32766. Update rust-tar to
0.4.45, fixing CVE-2026-33056. Update rust-nix to 0.31.2. Update uv and python-
uv-build to 0.10.2, rebuilding them with the latest rust-astral-tokio-tar and
rust-tar. Update python-fastar to 0.9.0, rebuilding it with the lastest rust-
tar. Rebuild maturin with the latest rust-tar.
--------------------------------------------------------------------------------
ChangeLog:

* Sat Mar 21 2026 Benjamin A. Beasley <code@musicinmybrain.net> - 0.8.0-4
- Rebuilt with rust-tar 0.4.45 for CVE-2026-33056
* Fri Mar 20 2026 Benjamin A. Beasley <code@musicinmybrain.net> - 0.8.0-3
- Allow PyO3 0.28
* Sat Jan 17 2026 Fedora Release Engineering <releng@fedoraproject.org> - 0.8.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #2448054 - rust-astral-tokio-tar-0.6.0 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=2448054
  [ 2 ] Bug #2449243 - uv-0.10.12 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=2449243
  [ 3 ] Bug #2449274 - rust-tar-0.4.45 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=2449274
  [ 4 ] Bug #2449338 - python-uv-build-0.10.12 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=2449338
  [ 5 ] Bug #2449547 - CVE-2026-32766 python-uv-build: astral-tokio-tar: Potential archive
misinterpretation via malformed PAX extensions [fedora-42]
        https://bugzilla.redhat.com/show_bug.cgi?id=2449547
  [ 6 ] Bug #2449549 - CVE-2026-32766 uv: astral-tokio-tar: Potential archive misinterpretation via
malformed PAX extensions [fedora-42]
        https://bugzilla.redhat.com/show_bug.cgi?id=2449549
  [ 7 ] Bug #2449645 - python-fastar-0.9.0 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=2449645
  [ 8 ] Bug #2449681 - CVE-2026-33056 maturin: tar-rs: Arbitrary directory permission modification
via crafted tar archive [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2449681
  [ 9 ] Bug #2449683 - CVE-2026-33056 python-fastar: tar-rs: Arbitrary directory permission
modification via crafted tar archive [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2449683
  [ 10 ] Bug #2449684 - CVE-2026-33056 python-uv-build: tar-rs: Arbitrary directory permission
modification via crafted tar archive [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2449684
  [ 11 ] Bug #2449694 - CVE-2026-33056 uv: tar-rs: Arbitrary directory permission modification via
crafted tar archive [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2449694
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-23bb71ea52' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgr...

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

-- 
_______________________________________________
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-cond...
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/package-ann...
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
to post comments


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds