More information about this security flaw is available in the following bug: https://bugzilla.redhat.com/show_bug.cgi?id=2369303 Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
I don’t know if this actually has the potential to impact bpfman in a realistic way or not, but the CVE is fixed in rust-idna-1.0.3, so the next successful build of bpfman can certainly close this bug. (I’m not going to do it myself as a rust-sig member because the current rawhide branch FTBFS on s390x.)
Already addressed, check https://koji.fedoraproject.org/koji/taskinfo?taskID=134311774 TL;DR we couldn't use 0.5.6 in rawhide as it is due to some missing requirements, but I bumped rust-idna version.
https://bodhi.fedoraproject.org/updates/FEDORA-2025-fce7df98b0