Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
See https://www.cve.org/CVERecord?id=CVE-2026-32766. This is fixed in astral-tokio-tar 0.6.0, https://src.fedoraproject.org/rpms/rust-astral-tokio-tar/pull-request/3, which must be shipped together with uv 0.10.12 (released yesterday). I expect to be able to make updates for stable branches within the next few days, possibly as soon as today.
FEDORA-2026-d18cf572b8 (maturin-1.9.6-5.fc43, python-fastar-0.9.0-2.fc43, and 5 more) has been submitted as an update to Fedora 43. https://bodhi.fedoraproject.org/updates/FEDORA-2026-d18cf572b8
FEDORA-2026-d18cf572b8 has been pushed to the Fedora 43 testing repository. Soon you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2026-d18cf572b8` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2026-d18cf572b8 See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
FEDORA-2026-d18cf572b8 (maturin-1.9.6-5.fc43, python-fastar-0.9.0-2.fc43, and 5 more) has been pushed to the Fedora 43 stable repository. If problem still persists, please make note of it in this bug report.