{"affected":[{"ecosystem_specific":{"binaries":[{"cargo-auditable":"0.7.2~0-150500.12.6.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise High Performance Computing 15 SP5-ESPOS","name":"cargo-auditable","purl":"pkg:rpm/suse/cargo-auditable&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-ESPOS"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"0.7.2~0-150500.12.6.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"cargo-auditable":"0.7.2~0-150500.12.6.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise High Performance Computing 15 SP5-LTSS","name":"cargo-auditable","purl":"pkg:rpm/suse/cargo-auditable&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-LTSS"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"0.7.2~0-150500.12.6.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"cargo-auditable":"0.7.2~0-150500.12.6.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 15 SP5-LTSS","name":"cargo-auditable","purl":"pkg:rpm/suse/cargo-auditable&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP5-LTSS"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"0.7.2~0-150500.12.6.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"cargo-auditable":"0.7.2~0-150500.12.6.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 15 SP6-LTSS","name":"cargo-auditable","purl":"pkg:rpm/suse/cargo-auditable&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP6-LTSS"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"0.7.2~0-150500.12.6.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"cargo-auditable":"0.7.2~0-150500.12.6.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server for SAP Applications 15 SP5","name":"cargo-auditable","purl":"pkg:rpm/suse/cargo-auditable&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP5"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"0.7.2~0-150500.12.6.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"cargo-auditable":"0.7.2~0-150500.12.6.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server for SAP Applications 15 SP6","name":"cargo-auditable","purl":"pkg:rpm/suse/cargo-auditable&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP6"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"0.7.2~0-150500.12.6.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"cargo-auditable":"0.7.2~0-150500.12.6.1"}]},"package":{"ecosystem":"openSUSE:Leap 15.6","name":"cargo-auditable","purl":"pkg:rpm/opensuse/cargo-auditable&distro=openSUSE%20Leap%2015.6"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"0.7.2~0-150500.12.6.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for cargo-auditable fixes the following issues:\n\nUpdate to version 0.7.2~0.\n\nSecurity issues fixed:\n\n- CVE-2026-25727: parsing of user-provided input by the RFC 2822 date parser can lead to stack exhaustion\n  (bsc#1257906).\n\nOther updates and bugfixes:\n\n- Update to version 0.7.2~0:\n\n  * mention cargo-dist in README\n  * commit Cargo.lock\n  * bump which dev-dependency to 8.0.0\n  * bump object to 0.37\n  * Upgrade cargo_metadata to 0.23\n  * Expand the set of dist platforms in config\n\n- Update to version 0.7.1~0:\n\n  * Out out of unhelpful clippy lint\n  * Satisfy clippy\n  * Do not assume --crate-name and --out-dir are present in the rustc command, but show warnings if they aren't\n  * Run apt-get update before trying to install packages\n  * run `cargo dist init` on dist 0.30\n  * Drop allow-dirty from dist config, should no longer be needed\n  * Reorder paragraphs in README\n  * Note the maintenance transition for the go extraction library\n  * Editing pass on the adopters: scanners\n  * clarify Docker support\n  * Cargo clippy fix\n  * Add Wolfi OS and Chainguard to adopters\n  * Update mentions around Anchore tooling\n  * README and documentation updates for nightly\n  * Bump dependency version in rust-audit-info\n  * More work on docs\n  * Nicer formatting on format revision documentation\n  * Bump versions\n  * regenerate JSON schema\n  * cargo fmt\n  * Document format field\n  * Make it more clear that RawVersionInfo is private\n  * Add format field to the serialized data\n  * cargo clippy fix\n  * Add special handling for proc macros to treat them as the build dependencies they are\n  * Add a test to ensure proc macros are reported as build dependencies\n  * Add a test fixture for a crate with a proc macro dependency\n  * parse fully qualified package ID specs from SBOMs\n  * select first discovered SBOM file\n  * cargo sbom integration\n  * Get rid of unmaintained wee_alloc in test code to make people's scanners misled by GHSA chill out\n  * Don't fail plan workflow due to manually changed release.yml\n  * Bump Ubuntu version to hopefully fix release.yml workflow\n  * Add test for stripped binary\n  * Bump version to 0.6.7\n  * Populate changelog\n  * README.md: add auditable2cdx, more consistency in text\n  * Placate clippy\n  * Do not emit -Wl if a bare linker is in use\n  * Get rid of a compiler warning\n  * Add bare linker detection function\n  * drop boilerplate from test that's no longer relevant\n  * Add support for recovering rustc codegen options\n  * More lenient parsing of rustc arguments\n  * More descriptive error message in case rustc is killed abruptly\n  * change formatting to fit rustfmt\n  * More descriptive error message in case cargo is killed\n  * Update REPLACING_CARGO.md to fix #195\n  * Clarify osv-scanner support in README\n  * Include the command required to view metadata\n  * Mention wasm-tools support\n  * Switch from broken generic cache action to a Rust-specific one\n  * Fill in various fields in auditable2cdx Cargo.toml\n  * Include osv-scanner in the list, with a caveat\n  * Add link to blint repo to README\n  * Mention that blint supports our data\n  * Consolidate target definitions\n  * Account for WASM test dependencies changing, commit the Cargo.lock so they would stop doing that\n  * Migrate to a maintained toolchain action\n  * Fix author specification\n  * Add link to repository to resolverver Cargo.toml\n  * Bump resolverver to 0.1.0\n  * Add resolverver crate to the tree\n\n- Update to version 0.6.6~0:\n\n  * Note the `object` upgrade in the changelog\n  * Upgrade cyclonedx-bom from 0.5 to 0.8 in auditable-cyclonedx\n  * Upgrade object crate from 0.30 to 0.36 to reduce dependency footprint\n  * Update dependencies in the lock file\n  * Populate changelog\n  * apply clippy lint\n  * add another --emit parsing test\n  * shorter code with cargo fmt\n  * Actually fix cargo-c compatibility\n  * Attempt to fix cargo-capi incompatibility\n  * Refactoring in preparation for fixes\n  * Also read the --emit flag to rustc\n  * Fill in changelogs\n  * Bump versions\n  * Drop cfg'd out tests\n  * Drop obsolete doc line\n  * Move dependency cycle tests from auditable-serde to cargo-auditable crate\n  * Remove cargo_metadata from auditable-serde API surface.\n  * Apply clippy lint\n  * Upgrade miniz_oxide to 0.8.0\n  * Insulate our semver from miniz_oxide semver\n  * Add support for Rust 2024 edition\n  * Update tests\n  * More robust OS detection for riscv feature detection\n  * bump version\n  * update changelog for auditable-extract 0.3.5\n  * Fix wasm component auditable data extraction\n  * Update blocker description in README.md\n  * Add openSUSE to adopters\n  * Update list of know adopters\n  * Fix detection of `riscv64-linux-android` target features\n  * Silence noisy lint\n  * Bump version requirement in rust-audit-info\n  * Fill in changelogs\n  * Bump semver of auditable-info\n  * Drop obsolete comment now that wasm is enabled by default\n  * Remove dependency on cargo-lock\n  * Brag about adoption in the README\n  * Don't use LTO for cargo-dist builds to make them consistent with `cargo install` etc\n  * Also build musl binaries\n  * dist: update dist config for future releases\n  * dist(cargo-auditable): ignore auditable2cdx for now\n  * chore: add cargo-dist\n","id":"SUSE-SU-2026:0505-1","modified":"2026-02-13T14:31:50Z","published":"2026-02-13T14:31:50Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2026/suse-su-20260505-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1257906"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2026-25727"}],"related":["CVE-2026-25727"],"summary":"Security update for cargo-auditable","upstream":["CVE-2026-25727"]}