Debian Rust-Crossbeam-Channel vulnerabilities

CVE-2025-4574 [MEDIUM] CVE-2025-4574: rust-crossbeam-channel - In crossbeam-channel rust crate, the internal `Channel` type's `Drop` method has... In crossbeam-channel rust crate, the internal `Channel` type's `Drop` method has a race condition which could, in some circumstances, lead to a double-free that could result in memory corruption. Scope: local bookworm: resolved bullseye: resolved forky: resolved (fixed in 0.5.15-1) sid: resolved (fixed in 0.5.15-1) trixie: resolved (fixed in 0.5.15-1)

CVE-2020-15254 [HIGH] CVE-2020-15254: firefox - Crossbeam is a set of tools for concurrent programming. In crossbeam-channel bef... Crossbeam is a set of tools for concurrent programming. In crossbeam-channel before version 0.4.4, the bounded channel incorrectly assumes that `Vec::from_iter` has allocated capacity that same as the number of iterator elements. `Vec::from_iter` does not actually guarantee that and may allocate extra memory. The destructor of the `bounded` channel reconstructs `Vec

CVE-2020-35904 [MEDIUM] CVE-2020-35904: rust-crossbeam-channel - An issue was discovered in the crossbeam-channel crate before 0.4.4 for Rust. It... An issue was discovered in the crossbeam-channel crate before 0.4.4 for Rust. It has incorrect expectations about the relationship between the memory allocation and how many iterator elements there are. Scope: local bookworm: resolved (fixed in 0.4.4-1) bullseye: resolved (fixed in 0.4.4-1) forky: resolved (fixed in 0.4.4-1) sid: resolved (fixed in