Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
More information is available at https://www.cve.org/CVERecord?id=CVE-2026-33056. This flaw is fixed in version 0.4.45 of the tar crate. Updates for rust-tar-0.4.45 are in testing for all Fedora and EPEL branches, and buildroot overrides are active. Since rust-sig is a co-maintainer on this package, I plan to rebuild it and issue updates for all branches.
(Note: EPEL8 and EPEL9 have versions of stgit that are not written in Rust, so I won’t touch those.)
FEDORA-2026-49156d1598 (stgit-2.5.5-5.fc45) has been submitted as an update to Fedora 45. https://bodhi.fedoraproject.org/updates/FEDORA-2026-49156d1598
FEDORA-2026-49156d1598 (stgit-2.5.5-5.fc45) has been pushed to the Fedora 45 stable repository. If problem still persists, please make note of it in this bug report.
FEDORA-2026-25285d56e4 (stgit-2.5.5-5.fc44) has been submitted as an update to Fedora 44. https://bodhi.fedoraproject.org/updates/FEDORA-2026-25285d56e4
FEDORA-2026-d6b7d7e177 (stgit-2.5.5-5.fc43) has been submitted as an update to Fedora 43. https://bodhi.fedoraproject.org/updates/FEDORA-2026-d6b7d7e177
FEDORA-2026-9e26f48b50 (stgit-2.5.5-5.fc42) has been submitted as an update to Fedora 42. https://bodhi.fedoraproject.org/updates/FEDORA-2026-9e26f48b50
FEDORA-2026-d6b7d7e177 has been pushed to the Fedora 43 testing repository. Soon you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2026-d6b7d7e177` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2026-d6b7d7e177 See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
FEDORA-2026-25285d56e4 has been pushed to the Fedora 44 testing repository. Soon you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2026-25285d56e4` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2026-25285d56e4 See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
FEDORA-2026-9e26f48b50 has been pushed to the Fedora 42 testing repository. Soon you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2026-9e26f48b50` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2026-9e26f48b50 See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
FEDORA-2026-25285d56e4 (stgit-2.5.5-5.fc44) has been pushed to the Fedora 44 stable repository. If problem still persists, please make note of it in this bug report.
FEDORA-2026-d6b7d7e177 (stgit-2.5.5-5.fc43) has been pushed to the Fedora 43 stable repository. If problem still persists, please make note of it in this bug report.
FEDORA-2026-9e26f48b50 (stgit-2.5.5-5.fc42) has been pushed to the Fedora 42 stable repository. If problem still persists, please make note of it in this bug report.