The version of the matrix-sdk-crypto crate that is vendored in the fractal package is vulnerable: https://rustsec.org/advisories/RUSTSEC-2024-0356.html https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40648 https://github.com/advisories/GHSA-4qg4-cvh2-crgg Version bundled in fractal: 0.7.0 Version with the fix: 0.7.2 Additionally, I had to download the vendor tarball and check the contents manually because the package does not correctly specify bundled dependencies in RPM metadata. I suggest using the machinery around %cargo_vendor_manifest to automate this process and keep the list of vendored Rust crates accurate.
FEDORA-2024-e826214a67 (fractal-8-1.fc40) has been submitted as an update to Fedora 40. https://bodhi.fedoraproject.org/updates/FEDORA-2024-e826214a67
FEDORA-FLATPAK-2024-275ff7fa00 (fractal-flatpak-8-1) has been submitted as an update to Fedora 40 Flatpaks. https://bodhi.fedoraproject.org/updates/FEDORA-FLATPAK-2024-275ff7fa00
FEDORA-2024-fb85a33c7e (fractal-8-1.fc41) has been submitted as an update to Fedora 41. https://bodhi.fedoraproject.org/updates/FEDORA-2024-fb85a33c7e
FEDORA-2024-fb85a33c7e has been pushed to the Fedora 41 testing repository. Soon you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2024-fb85a33c7e` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2024-fb85a33c7e See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
FEDORA-2024-e826214a67 has been pushed to the Fedora 40 testing repository. Soon you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2024-e826214a67` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2024-e826214a67 See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
FEDORA-FLATPAK-2024-275ff7fa00 has been pushed to the Fedora 40 Flatpaks testing repository. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-FLATPAK-2024-275ff7fa00 See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
FEDORA-2024-fb85a33c7e (fractal-8-1.fc41) has been pushed to the Fedora 41 stable repository. If problem still persists, please make note of it in this bug report.
FEDORA-2024-e826214a67 (fractal-8-1.fc40) has been pushed to the Fedora 40 stable repository. If problem still persists, please make note of it in this bug report.
FEDORA-FLATPAK-2024-275ff7fa00 (fractal-flatpak-8-1) has been pushed to the Fedora 40 Flatpaks stable repository. If problem still persists, please make note of it in this bug report.