pypy-7.3.22-2.fc43
FEDORA-2026-3505a95524
Packages in this update:
- pypy-7.3.22-2.fc43
Security fix for CVE-2026-3219 in the bundled pip wheel
Fedora Security Advisories
pypy-7.3.22-2.fc44
FEDORA-2026-130f7539d3
Packages in this update:
- pypy-7.3.22-2.fc44
Security fix for CVE-2026-3219 in the bundled pip wheel
libgit2_1.8-1.8.5-1.fc43
FEDORA-2026-7b1d032de7
Packages in this update:
- libgit2_1.8-1.8.5-1.fc43
Update to version 1.8.5.
Release notes: https://github.com/libgit2/libgit2/releases/tag/v1.8.5
libgit2_1.8-1.8.5-1.fc44
FEDORA-2026-a4d5162b52
Packages in this update:
- libgit2_1.8-1.8.5-1.fc44
Update to version 1.8.5.
Release notes: https://github.com/libgit2/libgit2/releases/tag/v1.8.5
libgit2_1.8-1.8.5-1.fc42
FEDORA-2026-bb6bb5d1e4
Packages in this update:
- libgit2_1.8-1.8.5-1.fc42
Update to version 1.8.5.
Release notes: https://github.com/libgit2/libgit2/releases/tag/v1.8.5
yelp-49.1-1.fc44
FEDORA-2026-ed4f450fa9
Packages in this update:
- yelp-49.1-1.fc44
Yelp 49.1, fixing: Flatpak applications are able to exfiltrate host files due to yelp's CSP being too permissive
yelp-49.1-1.fc43
FEDORA-2026-7c3b91a2bc
Packages in this update:
- yelp-49.1-1.fc43
Yelp 49.1, fixing: Flatpak applications are able to exfiltrate host files due to yelp's CSP being too permissive
kernel-7.0.4-200.fc44
FEDORA-2026-8cffa03dad
Packages in this update:
- kernel-7.0.4-200.fc44
The 7.0.4 stable kernel rebase contains additional hardware support, new features, and a number of important fixes across the tree. It also contains a fix for the dirtyfrag vulnerability. This covers CVE-2026-43284 and CVE-2026-43500. For users who experience a problem with the 7.0.4 rebase, a build of 6.19.14 with just the dirtyfrag fixes should be available in koji shortly.
kernel-7.0.4-100.fc43
FEDORA-2026-abc00fb4e8
Packages in this update:
- kernel-7.0.4-100.fc43
The 7.0.4 stable kernel rebase contains additional hardware support, new features, and a number of important fixes across the tree. It also contains a fix for the dirtyfrag vulnerability. This covers CVE-2026-43284 and CVE-2026-43500. For users who experience a problem with the 7.0.4 rebase, a build of 6.19.14 with just the dirtyfrag fixes should be available in koji shortly.
pypy-7.3.22-2.fc45
FEDORA-2026-b58cd376d6
Packages in this update:
- pypy-7.3.22-2.fc45
Automatic update for pypy-7.3.22-2.fc45.
Changelog * Tue May 5 2026 Charalampos Stratakis <cstratak@redhat.com> - 7.3.22-2 - Security fix for CVE-2026-3219 in the bundled pip wheel - Fixes: rhbz#2461288 * Tue May 5 2026 Charalampos Stratakis <cstratak@redhat.com> - 7.3.22-1 - Update to 7.3.22 - Fixes: rhbz#2463475kernel-6.19.14-101.fc42
FEDORA-2026-87dc12705e
Packages in this update:
- kernel-6.19.14-101.fc42
The 6.19.14-101 stable update contains a fix for the dirtyfrag vulnerability. This covers CVE-2026-43284 and CVE-2026-43500
python-pulp-glue-0.37.0-5.fc43 python-requests-2.33.1-1.fc43
FEDORA-2026-8ad863685a
Packages in this update:
- python-pulp-glue-0.37.0-5.fc43
- python-requests-2.33.1-1.fc43
Bugfixes - Fixed test cleanup for CVE-2026-25645 to avoid leaving unnecessary files in the tmp directory. - Fixed Content-Type header parsing for malformed values. - Improved error consistency for malformed header values.
2.33.0 (2026-03-25)Announcements - 📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at #7271. Give it a try, and report any gaps or feedback you may have in the issue. 📣
Security - CVE-2026-25645 requests.utils.extract_zipped_paths now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.
Improvements - Migrated to a PEP 517 build system using setuptools.
Bugfixes - Fixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+.
Deprecations - Dropped support for Python 3.9 following its end of support.
Documentation - Various typo fixes and doc improvements.
python-pulp-glue-0.37.0-5.fc44 python-requests-2.33.1-1.fc44
FEDORA-2026-44919b3d9f
Packages in this update:
- python-pulp-glue-0.37.0-5.fc44
- python-requests-2.33.1-1.fc44
Bugfixes - Fixed test cleanup for CVE-2026-25645 to avoid leaving unnecessary files in the tmp directory. - Fixed Content-Type header parsing for malformed values. - Improved error consistency for malformed header values.
2.33.0 (2026-03-25)Announcements - 📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at #7271. Give it a try, and report any gaps or feedback you may have in the issue. 📣
Security - CVE-2026-25645 requests.utils.extract_zipped_paths now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.
Improvements - Migrated to a PEP 517 build system using setuptools.
Bugfixes - Fixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+.
Deprecations - Dropped support for Python 3.9 following its end of support.
Documentation - Various typo fixes and doc improvements.
python-jupytext-1.19.1-4.fc42
FEDORA-2026-793b55138d
Packages in this update:
- python-jupytext-1.19.1-4.fc42
This update contains upgrades to various npm packages used during the build to address CVEs, namely:
- CVE-2025-69873 (ajv)
- CVE-2026-0540 (DOMPurify)
- CVE-2026-3449 (@tootallnate/once)
- CVE-2026-4800 (lodash)
- CVE-2026-6321 (fast-uri)
- CVE-2026-41240 (DOMPurify)
This is probably unimportant since these packages are used at build-time only. They are not shipped with python3-jupytext and therefore do not affect runtime.
python-jupytext-1.19.1-4.fc43
FEDORA-2026-85b819b928
Packages in this update:
- python-jupytext-1.19.1-4.fc43
This update contains upgrades to various npm packages used during the build to address CVEs, namely:
- CVE-2025-69873 (ajv)
- CVE-2026-0540 (DOMPurify)
- CVE-2026-3449 (@tootallnate/once)
- CVE-2026-4800 (lodash)
- CVE-2026-6321 (fast-uri)
- CVE-2026-41240 (DOMPurify)
This is probably unimportant since these packages are used at build-time only. They are not shipped with python3-jupytext and therefore do not affect runtime.
python-jupytext-1.19.1-4.fc44
FEDORA-2026-301cbbe347
Packages in this update:
- python-jupytext-1.19.1-4.fc44
This update contains upgrades to various npm packages used during the build to address CVEs, namely:
- CVE-2025-69873 (ajv)
- CVE-2026-0540 (DOMPurify)
- CVE-2026-3449 (@tootallnate/once)
- CVE-2026-4800 (lodash)
- CVE-2026-6321 (fast-uri)
- CVE-2026-41240 (DOMPurify)
This is probably unimportant since these packages are used at build-time only. They are not shipped with python3-jupytext and therefore do not affect runtime.
GitPython-3.1.50-1.el9
FEDORA-EPEL-2026-d67d81b1fd
Packages in this update:
- GitPython-3.1.50-1.el9
Update to 3.1.50; fixes CVE-2026-42215 / GHSA-mv93-w799-cj2w.
Fixes security defects GHSA-rpm5-65cw-6hj4, GHSA-x2qx-6953-8485, GHSA-7545-fcxq-7j24, and GHSA-v87r-6q3f-2j67.
GitPython-3.1.50-1.el10_1
FEDORA-EPEL-2026-99bca16ce8
Packages in this update:
- GitPython-3.1.50-1.el10_1
Update to 3.1.50; fixes CVE-2026-42215 / GHSA-mv93-w799-cj2w.
Fixes security defects GHSA-rpm5-65cw-6hj4, GHSA-x2qx-6953-8485, GHSA-7545-fcxq-7j24, and GHSA-v87r-6q3f-2j67.
GitPython-3.1.50-1.el10_2
FEDORA-EPEL-2026-9c33ae0785
Packages in this update:
- GitPython-3.1.50-1.el10_2
Update to 3.1.50; fixes CVE-2026-42215 / GHSA-mv93-w799-cj2w.
Fixes security defects GHSA-rpm5-65cw-6hj4, GHSA-x2qx-6953-8485, GHSA-7545-fcxq-7j24, and GHSA-v87r-6q3f-2j67.
GitPython-3.1.50-1.el10_3
FEDORA-EPEL-2026-ee98895c61
Packages in this update:
- GitPython-3.1.50-1.el10_3
Update to 3.1.50; fixes CVE-2026-42215 / GHSA-mv93-w799-cj2w.
Fixes security defects GHSA-rpm5-65cw-6hj4, GHSA-x2qx-6953-8485, GHSA-7545-fcxq-7j24, and GHSA-v87r-6q3f-2j67.