openSUSE-SU-2026:20060-1

See a problem?

Import Source

https://ftp.suse.com/pub/projects/security/osv/openSUSE-SU-2026:20060-1.json

JSON Data

https://api.test.osv.dev/v1/vulns/openSUSE-SU-2026:20060-1

Upstream

CVE-2024-12224

CVE-2025-4574

CVE-2025-58160

Related

Published

2026-01-19T10:42:10Z

Modified

2026-03-12T02:08:04.642104Z

Summary

Security update for cargo-c

Details

This update for cargo-c fixes the following issues:

CVE-2025-4574: crossbeam-channel: Fixed double-free on drop in Channel::discardallmessages (bsc#1243179)
CVE-2025-58160: tracing-subscriber: Fixed log pollution (bsc#1249012)
CVE-2024-12224: idna: Fixed improper validation of Punycode labels (bsc#1243851)

Other fixes: - Fixed service file to have proper versioning - Update to version 0.10.15~git0.3e178d5: * Bump actions/download-artifact from 4 to 5 * Update implib requirement from 0.3.5 to 0.4.0 * Add rlib to the targets when building tests * Allow disabling emission of library version constants in header files * Bump to cargo 0.90 * Fix staticlibraries swallowing sequence of -framework flags * Fix non-POSIX paths in Libdir under Windows * Bump actions-rs-plus/clippy-check from 2.2.1 to 2.3.0 * Fix clippy lints * Bump cargo-0.89, object-0.37.1, cbindgen-0.29

References

Affected packages

openSUSE:Leap 16.0 / cargo-c

Package

Name: cargo-c
Purl: pkg:rpm/opensuse/cargo-c&distro=openSUSE%20Leap%2016.0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.10.15-160000.1.1

Ecosystem specific

{
    "binaries": [
        {
            "cargo-c": "0.10.15-160000.1.1"
        }
    ]
}

Database specific

source

"https://ftp.suse.com/pub/projects/security/osv/openSUSE-SU-2026:20060-1.json"