-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 07 Nov 2025 21:10:39 +0100 Source: lasso Binary: liblasso-perl liblasso-perl-dbgsym liblasso3-dev liblasso3t64 liblasso3t64-dbgsym python3-lasso python3-lasso-dbgsym Architecture: amd64 Version: 2.8.2-9+deb13u1 Distribution: trixie-security Urgency: high Maintainer: amd64 / i386 Build Daemon (x86-ubc-01) Changed-By: Salvatore Bonaccorso Description: liblasso-perl - Library for Liberty Alliance and SAML protocols - Perl bindings liblasso3-dev - Library for Liberty Alliance and SAML protocols - development kit liblasso3t64 - Library for Liberty Alliance and SAML protocols - runtime library python3-lasso - Library for Liberty Alliance and SAML protocols - Python bindings Changes: lasso (2.8.2-9+deb13u1) trixie-security; urgency=high . * Non-maintainer upload by the Security Team. * tests: test that inserted comment do not change node value and still validate signature * xml: prevent assignment of attribute value inside any attribute (CVE-2025-47151) * misc: check xmlSecGetNodeNsHref for possible NULL result (CVE-2025-46404) * xml: do not terminate on an unknown XML node type (CVE-2025-46705) Checksums-Sha1: c76dfebab5a0280d0687a3bccf6815bbd8513160 11048 lasso_2.8.2-9+deb13u1_amd64-buildd.buildinfo c2f8d546e0cbb34da6445cc2429fe41d86d11c6d 171736 liblasso-perl-dbgsym_2.8.2-9+deb13u1_amd64.deb 35346742afb5e8d2f38820e942460a9a5a883f7b 772276 liblasso-perl_2.8.2-9+deb13u1_amd64.deb 29262cf30a91baf66c61a94d23d3b7a9c7d54068 863572 liblasso3-dev_2.8.2-9+deb13u1_amd64.deb 5e36333c5119bd27b84704e6bc8f9b8c1ab30a01 817936 liblasso3t64-dbgsym_2.8.2-9+deb13u1_amd64.deb fe56551fbae055929aa153b4e1993628f80822a4 792132 liblasso3t64_2.8.2-9+deb13u1_amd64.deb 488ec5e07f91ada33e53e27683b8bfa8e9c37c04 323812 python3-lasso-dbgsym_2.8.2-9+deb13u1_amd64.deb 6e10df75935c2bc065e54274cccf121c61f785b8 738964 python3-lasso_2.8.2-9+deb13u1_amd64.deb Checksums-Sha256: 5f1b733f0f75e3f27b20df0ab209dd92cd0e6c8e2ea3cf3e9158b4cb50cc0d1b 11048 lasso_2.8.2-9+deb13u1_amd64-buildd.buildinfo 943f86883df6f38cfbcbf4f9b035a654853c4c357340583f33ee715db601bec2 171736 liblasso-perl-dbgsym_2.8.2-9+deb13u1_amd64.deb b51f9d6a0b600476dc0d8ec901dbe037e738ed9250d06310e4e8d04514504c95 772276 liblasso-perl_2.8.2-9+deb13u1_amd64.deb 543408d40a5d2f68798a85ef8e60bd0bc7993f3bb95f4d740d579a6fdd02e5b4 863572 liblasso3-dev_2.8.2-9+deb13u1_amd64.deb dec235d4782a1065bef38d0b23499a5e0d3d58a6481d7e7033f7716ae265478d 817936 liblasso3t64-dbgsym_2.8.2-9+deb13u1_amd64.deb 27f505116b944314d431fe1a726bc5ad4a450b6ef6bfdcff176ed4ce18583b2c 792132 liblasso3t64_2.8.2-9+deb13u1_amd64.deb 32c7784ebb77738e1e36d90c9edbce687d79143270fd54b2db29a060ae105bd9 323812 python3-lasso-dbgsym_2.8.2-9+deb13u1_amd64.deb e6714422d4650233aee80c5c238cad0032932f5597558e84ebaae894a216699f 738964 python3-lasso_2.8.2-9+deb13u1_amd64.deb Files: 8fee54c178bae465545de7319b0be615 11048 libs optional lasso_2.8.2-9+deb13u1_amd64-buildd.buildinfo d0ec5eb7b4ea63492c8d224e7f6d9d94 171736 debug optional liblasso-perl-dbgsym_2.8.2-9+deb13u1_amd64.deb 3ed77a92e8ec327d50230d515e3876e3 772276 perl optional liblasso-perl_2.8.2-9+deb13u1_amd64.deb babcb97012c2540b4d2638f71578d595 863572 libdevel optional liblasso3-dev_2.8.2-9+deb13u1_amd64.deb a83ede68bf087a0d2f86ac9bcdd2d1c6 817936 debug optional liblasso3t64-dbgsym_2.8.2-9+deb13u1_amd64.deb 1de999000d04eb5aaf226b94033898f4 792132 libs optional liblasso3t64_2.8.2-9+deb13u1_amd64.deb 7f89c6bd5d89aa892995bd870a8f0370 323812 debug optional python3-lasso-dbgsym_2.8.2-9+deb13u1_amd64.deb c30566408a199fa72be525deb4c8dd30 738964 python optional python3-lasso_2.8.2-9+deb13u1_amd64.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEnw0rdzqckKx6dwRTEbCLukZn24oFAmkSTpoACgkQEbCLukZn 24p8Ig//c75T6zoNCpyI/nfrIy+sjrwtGawF9PG5ki1sqFdjtLlpdKFvJI+thp9w m+t3ZP+0MflqdiyMtOThLnzsma7wLtxSJdzc/p7LCv25ZXuL/vdWQtViqNA0l/pB Z5F98kmFU5AF3pkAP5S+UQElQTnUZsf7vQjSSju2+sPXxgsvGSPNt/67kiJOxQuT UJM4hWiyPOprsANLswNr9vwkd3j85zoifzdDuKTHXPKtBwGLQ8v/clpUeULx3Rq4 /Q+K5JHW9iZSEivDLF+RqK8k5Ef2Js9QWFD6Va+A5m1hCiuMcyEV8U0B7UCBF3m8 Z1JZVVsoU9Ud8UqrvzBghu4osfv71Y6xOPe7ThE0G3OYpRe4zpoqqEEz3cl272Hw Xy4yRs0QkX8pcp9AnvjVWpS3r448/VyveTGvaDVA8niKw/RcsDVVcWOgQRgpnOng ssXNA+bInDq2Nsu8LznRmdhLW1g+20LQpeKcLvh7Z8jnhS+SA10V9a9K4TAP/FAg H9ycazZyXdzUipqs9zb7emyiq0HgG2ps71VIBd+m+ecOTZK3JvRjxt1/pn6Wtr4f Ex8tHc21cQXRWlWdRTlO9rxpgNycNMt/V74SsSjyJn1jwiWBxVOjeGVxKzm4WX64 zzs+jNTEGs9oDpt1HewkWYD044U2PcvpD5LpybbS4lcTQjVNoDI= =Tggi -----END PGP SIGNATURE-----