Aggregator

buildah-1.43.1-1.fc43 podman-5.8.2-1.fc43 skopeo-1.22.2-1.fc43

Fedora Security Advisories
1 week 5 days ago
FEDORA-2026-75c2b7868a Packages in this update:
  • buildah-1.43.1-1.fc43
  • podman-5.8.2-1.fc43
  • skopeo-1.22.2-1.fc43
Update description:

Automatic update for skopeo-1.22.2-1.fc43, podman-5.8.2-1.fc43, buildah-1.43.1-1.fc43.

Changelog for skopeo * Tue Apr 14 2026 Packit <hello@packit.dev> - 1:1.22.2-1 - Update to 1.22.2 upstream release * Fri Apr 10 2026 Lokesh Mandvekar <lsm5@redhat.com> - 1:1.22.1-2 - TMT: fix ref in plan * Thu Apr 09 2026 Packit <hello@packit.dev> - 1:1.22.1-1 - Update to 1.22.1 upstream release Changelog for podman * Tue Apr 14 2026 Packit <hello@packit.dev> - 5:5.8.2-1 - Update to 5.8.2 upstream release Changelog for buildah * Wed Apr 08 2026 Packit <hello@packit.dev> - 2:1.43.1-1 - Update to 1.43.1 upstream release

Security fix for CVE-2026-34986

buildah-1.43.1-1.fc44 podman-5.8.2-1.fc44 skopeo-1.22.2-1.fc44

Fedora Security Advisories
1 week 5 days ago
FEDORA-2026-605559bfe2 Packages in this update:
  • buildah-1.43.1-1.fc44
  • podman-5.8.2-1.fc44
  • skopeo-1.22.2-1.fc44
Update description:

Automatic update for buildah-1.43.1-1.fc44, podman-5.8.2-1.fc44, skopeo-1.22.2-1.fc44.

Changelog for buildah * Wed Apr 08 2026 Packit <hello@packit.dev> - 2:1.43.1-1 - Update to 1.43.1 upstream release Changelog for podman * Tue Apr 14 2026 Packit <hello@packit.dev> - 5:5.8.2-1 - Update to 5.8.2 upstream release Changelog for skopeo * Tue Apr 14 2026 Packit <hello@packit.dev> - 1:1.22.2-1 - Update to 1.22.2 upstream release * Fri Apr 10 2026 Lokesh Mandvekar <lsm5@redhat.com> - 1:1.22.1-2 - TMT: fix ref in plan * Thu Apr 09 2026 Packit <hello@packit.dev> - 1:1.22.1-1 - Update to 1.22.1 upstream release

Security fix for CVE-2026-34986

USN-8168-2: Rust vulnerability

Ubuntu Security Advisories
1 week 5 days ago
USN-8168-1 fixed a vulnerability in Rust. This update provides the corresponding update to Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. Original advisory details: It was discovered that tar-rs embedded in rustc incorrectly handled symlinks when unpacking a tar archive. If a user or automated system were tricked into processing a specially crafted tar archive, a remote attacker could use this issue to modify permissions of arbitrary directories outside the extraction root, and possibly escalate privileges.

pie-1.4.1-1.fc42

Fedora Security Advisories
1 week 6 days ago
FEDORA-2026-3b2063832d Packages in this update:
  • pie-1.4.1-1.fc42
Update description:

Version 1.4.1

  • Update bundled Composer to 2.9.7
Version 1.4.0

New features!

  • Prompt to install missing system dependencies
  • Prompt to install build toolchain
  • Support pre-packaged-binary for download-url-method
  • Support INSTALL_ROOT environment variable to override destination

For more information, see Upstream annoucenement

pie-1.4.1-1.el10_3

Fedora Security Advisories
1 week 6 days ago
FEDORA-EPEL-2026-7812671be8 Packages in this update:
  • pie-1.4.1-1.el10_3
Update description:

Version 1.4.1

  • Update bundled Composer to 2.9.7
Version 1.4.0

New features!

  • Prompt to install missing system dependencies
  • Prompt to install build toolchain
  • Support pre-packaged-binary for download-url-method
  • Support INSTALL_ROOT environment variable to override destination

For more information, see Upstream annoucenement

pie-1.4.1-1.el10_1

Fedora Security Advisories
1 week 6 days ago
FEDORA-EPEL-2026-f0077847e2 Packages in this update:
  • pie-1.4.1-1.el10_1
Update description:

Version 1.4.1

  • Update bundled Composer to 2.9.7
Version 1.4.0

New features!

  • Prompt to install missing system dependencies
  • Prompt to install build toolchain
  • Support pre-packaged-binary for download-url-method
  • Support INSTALL_ROOT environment variable to override destination

For more information, see Upstream annoucenement

pie-1.4.1-1.el10_2

Fedora Security Advisories
1 week 6 days ago
FEDORA-EPEL-2026-128f171ef6 Packages in this update:
  • pie-1.4.1-1.el10_2
Update description:

Version 1.4.1

  • Update bundled Composer to 2.9.7
Version 1.4.0

New features!

  • Prompt to install missing system dependencies
  • Prompt to install build toolchain
  • Support pre-packaged-binary for download-url-method
  • Support INSTALL_ROOT environment variable to override destination

For more information, see Upstream annoucenement

pie-1.4.1-1.fc44

Fedora Security Advisories
1 week 6 days ago
FEDORA-2026-7acc0ad1fc Packages in this update:
  • pie-1.4.1-1.fc44
Update description:

Version 1.4.1

  • Update bundled Composer to 2.9.7
Version 1.4.0

New features!

  • Prompt to install missing system dependencies
  • Prompt to install build toolchain
  • Support pre-packaged-binary for download-url-method
  • Support INSTALL_ROOT environment variable to override destination

For more information, see Upstream annoucenement

pie-1.4.1-1.fc43

Fedora Security Advisories
1 week 6 days ago
FEDORA-2026-3f4283f831 Packages in this update:
  • pie-1.4.1-1.fc43
Update description:

Version 1.4.1

  • Update bundled Composer to 2.9.7
Version 1.4.0

New features!

  • Prompt to install missing system dependencies
  • Prompt to install build toolchain
  • Support pre-packaged-binary for download-url-method
  • Support INSTALL_ROOT environment variable to override destination

For more information, see Upstream annoucenement

curl-8.11.1-8.fc42

Fedora Security Advisories
1 week 6 days ago
FEDORA-2026-907bbf2a13 Packages in this update:
  • curl-8.11.1-8.fc42
Update description:
  • fix bad reuse of HTTP Negotiate connection (CVE-2026-1965)
  • fix token leak with redirect and netrc (CVE-2026-3783)
  • fix wrong proxy connection reuse with credentials (CVE-2026-3784)
  • fix use after free in SMB connection reuse (CVE-2026-3805)

composer-2.9.7-1.el10_3

Fedora Security Advisories
1 week 6 days ago
FEDORA-EPEL-2026-de8ec2aa2e Packages in this update:
  • composer-2.9.7-1.el10_3
Update description: Version 2.9.7 - 2026-04-14
  • Fixes regression calling custom script command aliases that are called a substring of a composer command (#12802)
Version 2.9.6 - 2026-04-14
  • Security: Fixed command injection via malicious Perforce reference (GHSA-gqw4-4w2p-838q / CVE-2026-40261)
  • Security: Fixed command injection via malicious Perforce repository definition (GHSA-wg36-wvj6-r67p / CVE-2026-40176)
  • Security: Fixed git credentials remaining in git mirror .git/config after clone or update failed (2bcbfc3d)
  • Security: Fixed usage of insecure 3DES ciphers when ext-curl is missing (5e71d77e)
  • Security: Fixed Perforce unescaped user input in queryP4User shell command (ef3fc088)
  • Security: Hardened git/hg/perforce/fossil identifier validation to ensure branch names starting with - do not cause issues (6621d45, d836b90, 5e08c764)
  • Fixed inconsistent treatment of SingleCommandApplication script commands wrt autoloading (#12758)
  • Fixed GitHub API authentication errors not being visible to the user (#12737)
  • Fixed some platform package parsing failing when Composer runs in web SAPIs (#12735)
  • Fixed error reporting for clarity when a constraint cannot be parsed (#12743)

composer-2.9.7-1.el9

Fedora Security Advisories
1 week 6 days ago
FEDORA-EPEL-2026-a47812ee6c Packages in this update:
  • composer-2.9.7-1.el9
Update description: Version 2.9.7 - 2026-04-14
  • Fixes regression calling custom script command aliases that are called a substring of a composer command (#12802)
Version 2.9.6 - 2026-04-14
  • Security: Fixed command injection via malicious Perforce reference (GHSA-gqw4-4w2p-838q / CVE-2026-40261)
  • Security: Fixed command injection via malicious Perforce repository definition (GHSA-wg36-wvj6-r67p / CVE-2026-40176)
  • Security: Fixed git credentials remaining in git mirror .git/config after clone or update failed (2bcbfc3d)
  • Security: Fixed usage of insecure 3DES ciphers when ext-curl is missing (5e71d77e)
  • Security: Fixed Perforce unescaped user input in queryP4User shell command (ef3fc088)
  • Security: Hardened git/hg/perforce/fossil identifier validation to ensure branch names starting with - do not cause issues (6621d45, d836b90, 5e08c764)
  • Fixed inconsistent treatment of SingleCommandApplication script commands wrt autoloading (#12758)
  • Fixed GitHub API authentication errors not being visible to the user (#12737)
  • Fixed some platform package parsing failing when Composer runs in web SAPIs (#12735)
  • Fixed error reporting for clarity when a constraint cannot be parsed (#12743)

composer-2.9.7-1.fc44

Fedora Security Advisories
1 week 6 days ago
FEDORA-2026-1140c02041 Packages in this update:
  • composer-2.9.7-1.fc44
Update description: Version 2.9.7 - 2026-04-14
  • Fixes regression calling custom script command aliases that are called a substring of a composer command (#12802)
Version 2.9.6 - 2026-04-14
  • Security: Fixed command injection via malicious Perforce reference (GHSA-gqw4-4w2p-838q / CVE-2026-40261)
  • Security: Fixed command injection via malicious Perforce repository definition (GHSA-wg36-wvj6-r67p / CVE-2026-40176)
  • Security: Fixed git credentials remaining in git mirror .git/config after clone or update failed (2bcbfc3d)
  • Security: Fixed usage of insecure 3DES ciphers when ext-curl is missing (5e71d77e)
  • Security: Fixed Perforce unescaped user input in queryP4User shell command (ef3fc088)
  • Security: Hardened git/hg/perforce/fossil identifier validation to ensure branch names starting with - do not cause issues (6621d45, d836b90, 5e08c764)
  • Fixed inconsistent treatment of SingleCommandApplication script commands wrt autoloading (#12758)
  • Fixed GitHub API authentication errors not being visible to the user (#12737)
  • Fixed some platform package parsing failing when Composer runs in web SAPIs (#12735)
  • Fixed error reporting for clarity when a constraint cannot be parsed (#12743)

composer-2.9.7-1.el10_2

Fedora Security Advisories
1 week 6 days ago
FEDORA-EPEL-2026-7babf884c7 Packages in this update:
  • composer-2.9.7-1.el10_2
Update description: Version 2.9.7 - 2026-04-14
  • Fixes regression calling custom script command aliases that are called a substring of a composer command (#12802)
Version 2.9.6 - 2026-04-14
  • Security: Fixed command injection via malicious Perforce reference (GHSA-gqw4-4w2p-838q / CVE-2026-40261)
  • Security: Fixed command injection via malicious Perforce repository definition (GHSA-wg36-wvj6-r67p / CVE-2026-40176)
  • Security: Fixed git credentials remaining in git mirror .git/config after clone or update failed (2bcbfc3d)
  • Security: Fixed usage of insecure 3DES ciphers when ext-curl is missing (5e71d77e)
  • Security: Fixed Perforce unescaped user input in queryP4User shell command (ef3fc088)
  • Security: Hardened git/hg/perforce/fossil identifier validation to ensure branch names starting with - do not cause issues (6621d45, d836b90, 5e08c764)
  • Fixed inconsistent treatment of SingleCommandApplication script commands wrt autoloading (#12758)
  • Fixed GitHub API authentication errors not being visible to the user (#12737)
  • Fixed some platform package parsing failing when Composer runs in web SAPIs (#12735)
  • Fixed error reporting for clarity when a constraint cannot be parsed (#12743)

composer-2.9.7-1.fc42

Fedora Security Advisories
1 week 6 days ago
FEDORA-2026-d91f313a63 Packages in this update:
  • composer-2.9.7-1.fc42
Update description: Version 2.9.7 - 2026-04-14
  • Fixes regression calling custom script command aliases that are called a substring of a composer command (#12802)
Version 2.9.6 - 2026-04-14
  • Security: Fixed command injection via malicious Perforce reference (GHSA-gqw4-4w2p-838q / CVE-2026-40261)
  • Security: Fixed command injection via malicious Perforce repository definition (GHSA-wg36-wvj6-r67p / CVE-2026-40176)
  • Security: Fixed git credentials remaining in git mirror .git/config after clone or update failed (2bcbfc3d)
  • Security: Fixed usage of insecure 3DES ciphers when ext-curl is missing (5e71d77e)
  • Security: Fixed Perforce unescaped user input in queryP4User shell command (ef3fc088)
  • Security: Hardened git/hg/perforce/fossil identifier validation to ensure branch names starting with - do not cause issues (6621d45, d836b90, 5e08c764)
  • Fixed inconsistent treatment of SingleCommandApplication script commands wrt autoloading (#12758)
  • Fixed GitHub API authentication errors not being visible to the user (#12737)
  • Fixed some platform package parsing failing when Composer runs in web SAPIs (#12735)
  • Fixed error reporting for clarity when a constraint cannot be parsed (#12743)

composer-2.9.7-1.fc43

Fedora Security Advisories
1 week 6 days ago
FEDORA-2026-02c1f66b6a Packages in this update:
  • composer-2.9.7-1.fc43
Update description: Version 2.9.7 - 2026-04-14
  • Fixes regression calling custom script command aliases that are called a substring of a composer command (#12802)
Version 2.9.6 - 2026-04-14
  • Security: Fixed command injection via malicious Perforce reference (GHSA-gqw4-4w2p-838q / CVE-2026-40261)
  • Security: Fixed command injection via malicious Perforce repository definition (GHSA-wg36-wvj6-r67p / CVE-2026-40176)
  • Security: Fixed git credentials remaining in git mirror .git/config after clone or update failed (2bcbfc3d)
  • Security: Fixed usage of insecure 3DES ciphers when ext-curl is missing (5e71d77e)
  • Security: Fixed Perforce unescaped user input in queryP4User shell command (ef3fc088)
  • Security: Hardened git/hg/perforce/fossil identifier validation to ensure branch names starting with - do not cause issues (6621d45, d836b90, 5e08c764)
  • Fixed inconsistent treatment of SingleCommandApplication script commands wrt autoloading (#12758)
  • Fixed GitHub API authentication errors not being visible to the user (#12737)
  • Fixed some platform package parsing failing when Composer runs in web SAPIs (#12735)
  • Fixed error reporting for clarity when a constraint cannot be parsed (#12743)

composer-2.9.7-1.el10_1

Fedora Security Advisories
1 week 6 days ago
FEDORA-EPEL-2026-e7a666ddb5 Packages in this update:
  • composer-2.9.7-1.el10_1
Update description: Version 2.9.7 - 2026-04-14
  • Fixes regression calling custom script command aliases that are called a substring of a composer command (#12802)
Version 2.9.6 - 2026-04-14
  • Security: Fixed command injection via malicious Perforce reference (GHSA-gqw4-4w2p-838q / CVE-2026-40261)
  • Security: Fixed command injection via malicious Perforce repository definition (GHSA-wg36-wvj6-r67p / CVE-2026-40176)
  • Security: Fixed git credentials remaining in git mirror .git/config after clone or update failed (2bcbfc3d)
  • Security: Fixed usage of insecure 3DES ciphers when ext-curl is missing (5e71d77e)
  • Security: Fixed Perforce unescaped user input in queryP4User shell command (ef3fc088)
  • Security: Hardened git/hg/perforce/fossil identifier validation to ensure branch names starting with - do not cause issues (6621d45, d836b90, 5e08c764)
  • Fixed inconsistent treatment of SingleCommandApplication script commands wrt autoloading (#12758)
  • Fixed GitHub API authentication errors not being visible to the user (#12737)
  • Fixed some platform package parsing failing when Composer runs in web SAPIs (#12735)
  • Fixed error reporting for clarity when a constraint cannot be parsed (#12743)