Fedora Linux 8810 Published by

Fedora Linux has released a series of security updates, which include python-starlette-0.40.0-1.fc40, python-fastapi-0.111.1-7.fc40, python-platformio-6.1.14-7.fc40, python-openapi-core-0.19.4-3.fc40, dotnet6.0-6.0.135-1.fc40, yarnpkg-1.22.22-5.fc40, rust-pyo3-ffi-0.22.4-1.fc40, rust-pyo3-macros-backend-0.22.4-1.fc39, and koji-1.35.1-1.fc39:

Fedora 40 Update: python-starlette-0.40.0-1.fc40
Fedora 40 Update: python-fastapi-0.111.1-7.fc40
Fedora 40 Update: python-platformio-6.1.14-7.fc40
Fedora 40 Update: python-openapi-core-0.19.4-3.fc40
Fedora 40 Update: dotnet6.0-6.0.135-1.fc40
Fedora 40 Update: yarnpkg-1.22.22-5.fc40
Fedora 40 Update: rust-pyo3-ffi-0.22.4-1.fc40
Fedora 40 Update: rust-pyo3-0.22.4-1.fc40
Fedora 40 Update: rust-pyo3-macros-backend-0.22.4-1.fc40
Fedora 40 Update: rust-pyo3-macros-0.22.4-1.fc40
Fedora 40 Update: rust-pyo3-build-config-0.22.4-1.fc40
Fedora 39 Update: dotnet6.0-6.0.135-1.fc39
Fedora 39 Update: rust-pyo3-macros-backend-0.22.4-1.fc39
Fedora 39 Update: rust-pyo3-ffi-0.22.4-1.fc39
Fedora 39 Update: yarnpkg-1.22.22-5.fc39
Fedora 39 Update: rust-pyo3-macros-0.22.4-1.fc39
Fedora 39 Update: rust-pyo3-build-config-0.22.4-1.fc39
Fedora 39 Update: rust-pyo3-0.22.4-1.fc39
Fedora 39 Update: koji-1.35.1-1.fc39



[SECURITY] Fedora 40 Update: python-starlette-0.40.0-1.fc40


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-f1615b58e6
2024-10-24 01:27:39.153333
--------------------------------------------------------------------------------

Name : python-starlette
Product : Fedora 40
Version : 0.40.0
Release : 1.fc40
URL : https://www.starlette.io/
Summary : The little ASGI library that shines
Description :
Starlette is a lightweight ASGI framework/toolkit, which is ideal for building
async web services in Python.

It is production-ready, and gives you the following:

• A lightweight, low-complexity HTTP web framework.
• WebSocket support.
• In-process background tasks.
• Startup and shutdown events.
• Test client built on requests.
• CORS, GZip, Static Files, Streaming responses.
• Session and Cookie support.
• 100% test coverage.
• 100% type annotated codebase.
• Few hard dependencies.
• Compatible with asyncio and trio backends.
• Great overall performance against independent benchmarks.

--------------------------------------------------------------------------------
Update Information:

Security fix for CVE-2024-47874.
Starlette 0.40.0 (October 15, 2024)
This release fixes a Denial of service (DoS) via multipart/form-data requests.
You can view the full security advisory:
GHSA-f96h-pmfr-66vw
Fixed
Add max_part_size to MultiPartParser to limit the size of parts in
multipart/form-data
requests fd038f3.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Oct 15 2024 Benjamin A. Beasley - 0.40.0-1
- Update to 0.40.0 (close RHBZ#2318804)
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2318804 - CVE-2024-47874 python-starlette: Starlette Denial of service (DoS) via multipart/form-data [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2318804
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-f1615b58e6' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------



[SECURITY] Fedora 40 Update: python-fastapi-0.111.1-7.fc40


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-f1615b58e6
2024-10-24 01:27:39.153333
--------------------------------------------------------------------------------

Name : python-fastapi
Product : Fedora 40
Version : 0.111.1
Release : 7.fc40
URL : https://github.com/fastapi/fastapi
Summary : FastAPI framework
Description :
FastAPI is a modern, fast (high-performance), web framework for building APIs
with Python 3.8+ based on standard Python type hints.

The key features are:

• Fast: Very high performance, on par with NodeJS and Go (thanks to Starlette
and Pydantic). One of the fastest Python frameworks available.

• Fast to code: Increase the speed to develop features by about 200% to
300%.*
• Fewer bugs: Reduce about 40% of human (developer) induced errors.*
• Intuitive: Great editor support. Completion everywhere. Less time
debugging.
• Easy: Designed to be easy to use and learn. Less time reading docs.
• Short: Minimize code duplication. Multiple features from each parameter
declaration. Fewer bugs.
• Robust: Get production-ready code. With automatic interactive
documentation.
• Standards-based: Based on (and fully compatible with) the open standards
for APIs: OpenAPI (previously known as Swagger) and JSON Schema.

* estimation based on tests on an internal development team, building
production applications.

--------------------------------------------------------------------------------
Update Information:

Security fix for CVE-2024-47874.
Starlette 0.40.0 (October 15, 2024)
This release fixes a Denial of service (DoS) via multipart/form-data requests.
You can view the full security advisory:
GHSA-f96h-pmfr-66vw
Fixed
Add max_part_size to MultiPartParser to limit the size of parts in
multipart/form-data
requests fd038f3.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Oct 15 2024 Benjamin A. Beasley - 0.111.1-7
- Allow Starlette 0.40.x (a security update)
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2318804 - CVE-2024-47874 python-starlette: Starlette Denial of service (DoS) via multipart/form-data [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2318804
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-f1615b58e6' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------



[SECURITY] Fedora 40 Update: python-platformio-6.1.14-7.fc40


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-f1615b58e6
2024-10-24 01:27:39.153333
--------------------------------------------------------------------------------

Name : python-platformio
Product : Fedora 40
Version : 6.1.14
Release : 7.fc40
URL : https://platformio.org
Summary : Professional collaborative platform for embedded development
Description :
PlatformIO is a cross-platform, cross-architecture, multiple framework,
professional tool for embedded systems engineers and for software developers
who write applications for embedded products.

--------------------------------------------------------------------------------
Update Information:

Security fix for CVE-2024-47874.
Starlette 0.40.0 (October 15, 2024)
This release fixes a Denial of service (DoS) via multipart/form-data requests.
You can view the full security advisory:
GHSA-f96h-pmfr-66vw
Fixed
Add max_part_size to MultiPartParser to limit the size of parts in
multipart/form-data
requests fd038f3.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Oct 15 2024 Benjamin A. Beasley [code@musicinmybrain.net] - 6.1.14-7
- Allow Starlette 0.40.x (a security update)
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2318804 - CVE-2024-47874 python-starlette: Starlette Denial of service (DoS) via multipart/form-data [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2318804
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-f1615b58e6' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 40 Update: python-openapi-core-0.19.4-3.fc40


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-f1615b58e6
2024-10-24 01:27:39.153333
--------------------------------------------------------------------------------

Name : python-openapi-core
Product : Fedora 40
Version : 0.19.4
Release : 3.fc40
URL : https://github.com/python-openapi/openapi-core
Summary : OpenAPI client-side and server-side support
Description :
Openapi-core is a Python library that adds client-side and server-side
support for the OpenAPI v3.0 and OpenAPI v3.1 specification.

--------------------------------------------------------------------------------
Update Information:

Security fix for CVE-2024-47874.
Starlette 0.40.0 (October 15, 2024)
This release fixes a Denial of service (DoS) via multipart/form-data requests.
You can view the full security advisory:
GHSA-f96h-pmfr-66vw
Fixed
Add max_part_size to MultiPartParser to limit the size of parts in
multipart/form-data
requests fd038f3.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Oct 15 2024 Benjamin A. Beasley [code@musicinmybrain.net] - 0.19.4-3
- Allow Starlette 0.40.x (a security update)
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2318804 - CVE-2024-47874 python-starlette: Starlette Denial of service (DoS) via multipart/form-data [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2318804
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-f1615b58e6' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 40 Update: dotnet6.0-6.0.135-1.fc40


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-87d8204201
2024-10-24 01:27:39.153283
--------------------------------------------------------------------------------

Name : dotnet6.0
Product : Fedora 40
Version : 6.0.135
Release : 1.fc40
URL : https://github.com/dotnet/
Summary : .NET Runtime and SDK
Description :
.NET is a fast, lightweight and modular platform for creating
cross platform applications that work on Linux, macOS and Windows.

It particularly focuses on creating console applications, web
applications and micro-services.

.NET contains a runtime conforming to .NET Standards a set of
framework libraries, an SDK containing compilers and a 'dotnet'
application to drive everything.

--------------------------------------------------------------------------------
Update Information:

This is the October 2024 monthly update for .NET 6.
Release Notes:
SDK: https://github.com/dotnet/core/blob/main/release-
notes/6.0/6.0.35/6.0.135.md
Runtime: https://github.com/dotnet/core/blob/main/release-
notes/6.0/6.0.35/6.0.35.md
--------------------------------------------------------------------------------
ChangeLog:

* Fri Oct 11 2024 Omair Majid [omajid@redhat.com] - 6.0.135-1
- Update to .NET SDK 6.0.135 and Runtime 6.0.35
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-87d8204201' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 40 Update: yarnpkg-1.22.22-5.fc40


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-66b0bdad35
2024-10-24 01:27:39.153269
--------------------------------------------------------------------------------

Name : yarnpkg
Product : Fedora 40
Version : 1.22.22
Release : 5.fc40
URL : https://github.com/yarnpkg/yarn
Summary : Fast, reliable, and secure dependency management.
Description :
Fast, reliable, and secure dependency management.

--------------------------------------------------------------------------------
Update Information:

Update bundled ws (CVE-2024-37890)
Update bundled elliptic to fix CVE-2024-48949.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Oct 15 2024 Sandro Mani [manisandro@gmail.com] - 1.22.22-5
- Update bundled ws (CVE-2024-37890)
* Thu Oct 10 2024 Sandro Mani [manisandro@gmail.com] - 1.22.22-4
- Update bundled elliptic (CVE-2024-48949)
* Sat Jul 20 2024 Fedora Release Engineering [releng@fedoraproject.org] - 1.22.22-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2303429 - CVE-2024-37890 yarnpkg: denial of service when handling a request with many HTTP headers [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2303429
[ 2 ] Bug #2317790 - CVE-2024-48949 yarnpkg: Missing Validation in Elliptic's EDDSA Signature Verification [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2317790
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-66b0bdad35' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 40 Update: rust-pyo3-ffi-0.22.4-1.fc40


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-23292e9f6d
2024-10-24 01:27:39.153261
--------------------------------------------------------------------------------

Name : rust-pyo3-ffi
Product : Fedora 40
Version : 0.22.4
Release : 1.fc40
URL : https://crates.io/crates/pyo3-ffi
Summary : Python-API bindings for the PyO3 ecosystem
Description :
Python-API bindings for the PyO3 ecosystem.

--------------------------------------------------------------------------------
Update Information:

Update pyo3 to version 0.22.4.
This version addresses a potential use-after-free RUSTSEC-2024-0378.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Oct 15 2024 Fabio Valentini [decathorpe@gmail.com] - 0.22.4-1
- Update to version 0.22.4; Fixes RHBZ#2318285
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-23292e9f6d' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 40 Update: rust-pyo3-0.22.4-1.fc40


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-23292e9f6d
2024-10-24 01:27:39.153261
--------------------------------------------------------------------------------

Name : rust-pyo3
Product : Fedora 40
Version : 0.22.4
Release : 1.fc40
URL : https://crates.io/crates/pyo3
Summary : Bindings to Python interpreter
Description :
Bindings to Python interpreter.

--------------------------------------------------------------------------------
Update Information:

Update pyo3 to version 0.22.4.
This version addresses a potential use-after-free RUSTSEC-2024-0378.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Oct 15 2024 Fabio Valentini [decathorpe@gmail.com] - 0.22.4-1
- Update to version 0.22.4; Fixes RHBZ#2318282
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-23292e9f6d' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 40 Update: rust-pyo3-macros-backend-0.22.4-1.fc40


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-23292e9f6d
2024-10-24 01:27:39.153261
--------------------------------------------------------------------------------

Name : rust-pyo3-macros-backend
Product : Fedora 40
Version : 0.22.4
Release : 1.fc40
URL : https://crates.io/crates/pyo3-macros-backend
Summary : Code generation for PyO3 package
Description :
Code generation for PyO3 package.

--------------------------------------------------------------------------------
Update Information:

Update pyo3 to version 0.22.4.
This version addresses a potential use-after-free RUSTSEC-2024-0378.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Oct 15 2024 Fabio Valentini [decathorpe@gmail.com] - 0.22.4-1
- Update to version 0.22.4; Fixes RHBZ#2318284
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-23292e9f6d' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 40 Update: rust-pyo3-macros-0.22.4-1.fc40


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-23292e9f6d
2024-10-24 01:27:39.153261
--------------------------------------------------------------------------------

Name : rust-pyo3-macros
Product : Fedora 40
Version : 0.22.4
Release : 1.fc40
URL : https://crates.io/crates/pyo3-macros
Summary : Proc macros for PyO3 package
Description :
Proc macros for PyO3 package.

--------------------------------------------------------------------------------
Update Information:

Update pyo3 to version 0.22.4.
This version addresses a potential use-after-free RUSTSEC-2024-0378.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Oct 15 2024 Fabio Valentini [decathorpe@gmail.com] - 0.22.4-1
- Update to version 0.22.4; Fixes RHBZ#2318283
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-23292e9f6d' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 40 Update: rust-pyo3-build-config-0.22.4-1.fc40


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-23292e9f6d
2024-10-24 01:27:39.153261
--------------------------------------------------------------------------------

Name : rust-pyo3-build-config
Product : Fedora 40
Version : 0.22.4
Release : 1.fc40
URL : https://crates.io/crates/pyo3-build-config
Summary : Build configuration for the PyO3 ecosystem
Description :
Build configuration for the PyO3 ecosystem.

--------------------------------------------------------------------------------
Update Information:

Update pyo3 to version 0.22.4.
This version addresses a potential use-after-free RUSTSEC-2024-0378.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Oct 15 2024 Fabio Valentini [decathorpe@gmail.com] - 0.22.4-1
- Update to version 0.22.4; Fixes RHBZ#2318281
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-23292e9f6d' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 39 Update: dotnet6.0-6.0.135-1.fc39


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-00855b1d76
2024-10-24 01:19:17.092819
--------------------------------------------------------------------------------

Name : dotnet6.0
Product : Fedora 39
Version : 6.0.135
Release : 1.fc39
URL : https://github.com/dotnet/
Summary : .NET Runtime and SDK
Description :
.NET is a fast, lightweight and modular platform for creating
cross platform applications that work on Linux, macOS and Windows.

It particularly focuses on creating console applications, web
applications and micro-services.

.NET contains a runtime conforming to .NET Standards a set of
framework libraries, an SDK containing compilers and a 'dotnet'
application to drive everything.

--------------------------------------------------------------------------------
Update Information:

This is the October 2024 monthly update for .NET 6.
Release Notes:
SDK: https://github.com/dotnet/core/blob/main/release-
notes/6.0/6.0.35/6.0.135.md
Runtime: https://github.com/dotnet/core/blob/main/release-
notes/6.0/6.0.35/6.0.35.md
--------------------------------------------------------------------------------
ChangeLog:

* Fri Oct 11 2024 Omair Majid [omajid@redhat.com] - 6.0.135-1
- Update to .NET SDK 6.0.135 and Runtime 6.0.35
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-00855b1d76' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 39 Update: rust-pyo3-macros-backend-0.22.4-1.fc39


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-44f01d9c69
2024-10-24 01:19:17.092797
--------------------------------------------------------------------------------

Name : rust-pyo3-macros-backend
Product : Fedora 39
Version : 0.22.4
Release : 1.fc39
URL : https://crates.io/crates/pyo3-macros-backend
Summary : Code generation for PyO3 package
Description :
Code generation for PyO3 package.

--------------------------------------------------------------------------------
Update Information:

Update pyo3 to version 0.22.4.
This version addresses a potential use-after-free RUSTSEC-2024-0378.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Oct 15 2024 Fabio Valentini [decathorpe@gmail.com] - 0.22.4-1
- Update to version 0.22.4; Fixes RHBZ#2318284
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-44f01d9c69' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 39 Update: rust-pyo3-ffi-0.22.4-1.fc39


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-44f01d9c69
2024-10-24 01:19:17.092797
--------------------------------------------------------------------------------

Name : rust-pyo3-ffi
Product : Fedora 39
Version : 0.22.4
Release : 1.fc39
URL : https://crates.io/crates/pyo3-ffi
Summary : Python-API bindings for the PyO3 ecosystem
Description :
Python-API bindings for the PyO3 ecosystem.

--------------------------------------------------------------------------------
Update Information:

Update pyo3 to version 0.22.4.
This version addresses a potential use-after-free RUSTSEC-2024-0378.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Oct 15 2024 Fabio Valentini [decathorpe@gmail.com] - 0.22.4-1
- Update to version 0.22.4; Fixes RHBZ#2318285
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-44f01d9c69' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 39 Update: yarnpkg-1.22.22-5.fc39


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-d79685d847
2024-10-24 01:19:17.092805
--------------------------------------------------------------------------------

Name : yarnpkg
Product : Fedora 39
Version : 1.22.22
Release : 5.fc39
URL : https://github.com/yarnpkg/yarn
Summary : Fast, reliable, and secure dependency management.
Description :
Fast, reliable, and secure dependency management.

--------------------------------------------------------------------------------
Update Information:

Update bundled ws (CVE-2024-37890)
Update bundled dependencies to fix CVE-2024-48949.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Oct 15 2024 Sandro Mani [manisandro@gmail.com] - 1.22.22-5
- Update bundled ws (CVE-2024-37890)
* Thu Oct 10 2024 Sandro Mani [manisandro@gmail.com] - 1.22.22-4
- Update bundled elliptic (CVE-2024-48949)
* Sat Jul 20 2024 Fedora Release Engineering [releng@fedoraproject.org] - 1.22.22-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
* Thu Jul 4 2024 Sandro Mani [manisandro@gmail.com] - 1.22.22-2
- Backport patch for CVE-2024-4067
* Sat Mar 9 2024 Sandro Mani [manisandro@gmail.com] - 1.22.22-1
- Update to 1.22.22
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2303429 - CVE-2024-37890 yarnpkg: denial of service when handling a request with many HTTP headers [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2303429
[ 2 ] Bug #2317789 - CVE-2024-48949 yarnpkg: Missing Validation in Elliptic's EDDSA Signature Verification [fedora-39]
https://bugzilla.redhat.com/show_bug.cgi?id=2317789
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-d79685d847' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 39 Update: rust-pyo3-macros-0.22.4-1.fc39


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-44f01d9c69
2024-10-24 01:19:17.092797
--------------------------------------------------------------------------------

Name : rust-pyo3-macros
Product : Fedora 39
Version : 0.22.4
Release : 1.fc39
URL : https://crates.io/crates/pyo3-macros
Summary : Proc macros for PyO3 package
Description :
Proc macros for PyO3 package.

--------------------------------------------------------------------------------
Update Information:

Update pyo3 to version 0.22.4.
This version addresses a potential use-after-free RUSTSEC-2024-0378.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Oct 15 2024 Fabio Valentini [decathorpe@gmail.com] - 0.22.4-1
- Update to version 0.22.4; Fixes RHBZ#2318283
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-44f01d9c69' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 39 Update: rust-pyo3-build-config-0.22.4-1.fc39


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-44f01d9c69
2024-10-24 01:19:17.092797
--------------------------------------------------------------------------------

Name : rust-pyo3-build-config
Product : Fedora 39
Version : 0.22.4
Release : 1.fc39
URL : https://crates.io/crates/pyo3-build-config
Summary : Build configuration for the PyO3 ecosystem
Description :
Build configuration for the PyO3 ecosystem.

--------------------------------------------------------------------------------
Update Information:

Update pyo3 to version 0.22.4.
This version addresses a potential use-after-free RUSTSEC-2024-0378.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Oct 15 2024 Fabio Valentini [decathorpe@gmail.com] - 0.22.4-1
- Update to version 0.22.4; Fixes RHBZ#2318281
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-44f01d9c69' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 39 Update: rust-pyo3-0.22.4-1.fc39


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-44f01d9c69
2024-10-24 01:19:17.092797
--------------------------------------------------------------------------------

Name : rust-pyo3
Product : Fedora 39
Version : 0.22.4
Release : 1.fc39
URL : https://crates.io/crates/pyo3
Summary : Bindings to Python interpreter
Description :
Bindings to Python interpreter.

--------------------------------------------------------------------------------
Update Information:

Update pyo3 to version 0.22.4.
This version addresses a potential use-after-free RUSTSEC-2024-0378.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Oct 15 2024 Fabio Valentini [decathorpe@gmail.com] - 0.22.4-1
- Update to version 0.22.4; Fixes RHBZ#2318282
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-44f01d9c69' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 39 Update: koji-1.35.1-1.fc39


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-ef4911442d
2024-10-24 01:19:17.092761
--------------------------------------------------------------------------------

Name : koji
Product : Fedora 39
Version : 1.35.1
Release : 1.fc39
URL : https://pagure.io/koji/
Summary : Build system tools
Description :
Koji is a system for building and tracking RPMS. The base package
contains shared libraries and the command-line interface.

--------------------------------------------------------------------------------
Update Information:

Update to 1.35.1. Includes fix for CVE-2024-9427
--------------------------------------------------------------------------------
ChangeLog:

* Tue Oct 8 2024 Kevin Fenzi [kevin@scrye.com] - 1.35.1-1
- Update to 1.35.1. Fixes rhbz#2316304
- Fixes CVE-2024-9427
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2316304 - CVE-2024-9427 koji: Escape HTML tag characters in the query string [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2316304
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-ef4911442d' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--