Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
See https://www.cve.org/CVERecord?id=CVE-2026-32766. This is fixed in astral-tokio-tar 0.6.0, https://src.fedoraproject.org/rpms/rust-astral-tokio-tar/pull-request/3, which must be shipped together with uv 0.10.12 (released yesterday). I expect to be able to make updates for stable branches within the next few days, possibly as soon as today.
FEDORA-2026-23bb71ea52 (maturin-1.9.6-4.fc42, python-fastar-0.8.0-4.fc42, and 5 more) has been submitted as an update to Fedora 42. https://bodhi.fedoraproject.org/updates/FEDORA-2026-23bb71ea52
FEDORA-2026-23bb71ea52 has been pushed to the Fedora 42 testing repository. Soon you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2026-23bb71ea52` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2026-23bb71ea52 See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
FEDORA-2026-23bb71ea52 (maturin-1.9.6-4.fc42, python-fastar-0.8.0-4.fc42, and 5 more) has been pushed to the Fedora 42 stable repository. If problem still persists, please make note of it in this bug report.