{"affected":[{"ecosystem_specific":{"binaries":[{"cargo-c":"0.10.15-160000.1.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 16.0","name":"cargo-c","purl":"pkg:rpm/suse/cargo-c&distro=SUSE%20Linux%20Enterprise%20Server%2016.0"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"0.10.15-160000.1.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"cargo-c":"0.10.15-160000.1.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server for SAP applications 16.0","name":"cargo-c","purl":"pkg:rpm/suse/cargo-c&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20applications%2016.0"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"0.10.15-160000.1.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for cargo-c fixes the following issues:\n\n- CVE-2025-4574: crossbeam-channel: Fixed double-free on drop in Channel::discard_all_messages (bsc#1243179)\n- CVE-2025-58160: tracing-subscriber: Fixed log pollution (bsc#1249012)\n- CVE-2024-12224: idna: Fixed improper validation of Punycode labels (bsc#1243851)\n\nOther fixes:\n- Fixed _service file to have proper versioning\n- Update to version 0.10.15~git0.3e178d5:\n  * Bump actions/download-artifact from 4 to 5\n  * Update implib requirement from 0.3.5 to 0.4.0\n  * Add rlib to the targets when building tests\n  * Allow disabling emission of library version constants in header files\n  * Bump to cargo 0.90\n  * Fix static_libraries swallowing sequence of -framework flags\n  * Fix non-POSIX paths in Libdir under Windows\n  * Bump actions-rs-plus/clippy-check from 2.2.1 to 2.3.0\n  * Fix clippy lints\n  * Bump cargo-0.89, object-0.37.1, cbindgen-0.29\n","id":"SUSE-SU-2026:20096-1","modified":"2026-01-19T10:38:15Z","published":"2026-01-19T10:38:15Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2026/suse-su-202620096-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1243179"},{"type":"REPORT","url":"https://bugzilla.suse.com/1243851"},{"type":"REPORT","url":"https://bugzilla.suse.com/1249012"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-12224"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-4574"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-58160"}],"related":["CVE-2024-12224","CVE-2025-4574","CVE-2025-58160"],"summary":"Security update for cargo-c","upstream":["CVE-2024-12224","CVE-2025-4574","CVE-2025-58160"]}