-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 07 Nov 2025 21:10:39 +0100 Source: lasso Binary: liblasso-perl liblasso-perl-dbgsym liblasso3-dev liblasso3t64 liblasso3t64-dbgsym python3-lasso python3-lasso-dbgsym Architecture: arm64 Version: 2.8.2-9+deb13u1 Distribution: trixie-security Urgency: high Maintainer: arm Build Daemon (arm-ubc-01) Changed-By: Salvatore Bonaccorso Description: liblasso-perl - Library for Liberty Alliance and SAML protocols - Perl bindings liblasso3-dev - Library for Liberty Alliance and SAML protocols - development kit liblasso3t64 - Library for Liberty Alliance and SAML protocols - runtime library python3-lasso - Library for Liberty Alliance and SAML protocols - Python bindings Changes: lasso (2.8.2-9+deb13u1) trixie-security; urgency=high . * Non-maintainer upload by the Security Team. * tests: test that inserted comment do not change node value and still validate signature * xml: prevent assignment of attribute value inside any attribute (CVE-2025-47151) * misc: check xmlSecGetNodeNsHref for possible NULL result (CVE-2025-46404) * xml: do not terminate on an unknown XML node type (CVE-2025-46705) Checksums-Sha1: 239fa3aa6b2b19c7de430d2b762656d584de89a1 11035 lasso_2.8.2-9+deb13u1_arm64-buildd.buildinfo df54603d02ab7d548db77259338d8e9aac1ca4df 169500 liblasso-perl-dbgsym_2.8.2-9+deb13u1_arm64.deb 4ea352babf6c6f3da204dd5ce580eda8cf03e16d 719460 liblasso-perl_2.8.2-9+deb13u1_arm64.deb 825d3f042aef933e3e2391b77148aba6e4c5c131 861968 liblasso3-dev_2.8.2-9+deb13u1_arm64.deb 5fecccc4240b9ba40f4e294b9caca4d2b689cb28 817152 liblasso3t64-dbgsym_2.8.2-9+deb13u1_arm64.deb ac975d06a887db093c1e1a1fc1468555c55c99c0 776952 liblasso3t64_2.8.2-9+deb13u1_arm64.deb 30e2c48fd9ec3ab5b183822a1ebbf6bd04a2e6bc 367200 python3-lasso-dbgsym_2.8.2-9+deb13u1_arm64.deb 154ec49516f36ca6b5a583cd2c77cd2fd6fb74fe 732652 python3-lasso_2.8.2-9+deb13u1_arm64.deb Checksums-Sha256: 490037ffa40061402a371fb578c3c9ddb51a750b4f986cb7f02e06613aa090b0 11035 lasso_2.8.2-9+deb13u1_arm64-buildd.buildinfo f280dd4f7ffa4b73c7732170125d9342dc6bb1b85b2e1ab5fb7565fa51128845 169500 liblasso-perl-dbgsym_2.8.2-9+deb13u1_arm64.deb ea922b0827b386dd6d430788d6052620113adee08510dcc640c56d665db152ae 719460 liblasso-perl_2.8.2-9+deb13u1_arm64.deb 46ba063421b794dff280ff99eb9b1fac6645b2f8ae098ebc2d6276f4b20d6dfc 861968 liblasso3-dev_2.8.2-9+deb13u1_arm64.deb 9dd5836e624816f6acc07fb7ccf8f241917be39372002480e5e2a0b08fc81ad2 817152 liblasso3t64-dbgsym_2.8.2-9+deb13u1_arm64.deb 8e2d1b7ffa05840eff094f5ea80e4170a2d6b705ccf16a44443b1a681f735530 776952 liblasso3t64_2.8.2-9+deb13u1_arm64.deb d4be91e3ce773fa22137e9e56a98e83b6cdea1aeff7996272c90757c5c069e87 367200 python3-lasso-dbgsym_2.8.2-9+deb13u1_arm64.deb f765255adfa42ae7a637159e06e0db7fc6e4559442a304d530f71d9128e74707 732652 python3-lasso_2.8.2-9+deb13u1_arm64.deb Files: dfd28609e2facac2f5fe6bbf17a852d2 11035 libs optional lasso_2.8.2-9+deb13u1_arm64-buildd.buildinfo b78134b89099d1cded4d35a147988920 169500 debug optional liblasso-perl-dbgsym_2.8.2-9+deb13u1_arm64.deb 40724f0fb51273a3361ba94347204efe 719460 perl optional liblasso-perl_2.8.2-9+deb13u1_arm64.deb 4f2332bfaa51f229045252ffdd39376d 861968 libdevel optional liblasso3-dev_2.8.2-9+deb13u1_arm64.deb bba218610492775cbd11a915116e9833 817152 debug optional liblasso3t64-dbgsym_2.8.2-9+deb13u1_arm64.deb 6c9fd07929fb50a2dbe0be658fa9ccbc 776952 libs optional liblasso3t64_2.8.2-9+deb13u1_arm64.deb 2b7356a32d91686f3f708c21f89df038 367200 debug optional python3-lasso-dbgsym_2.8.2-9+deb13u1_arm64.deb f732d06b4320623cfe37655de2e62b0f 732652 python optional python3-lasso_2.8.2-9+deb13u1_arm64.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEq41qkgEcGaML+/CnCr/D/stJkDwFAmkST1YACgkQCr/D/stJ kDyqsg//QVetS/Cq4n4RgdG0SZx1m5RAfiVfnQuUoTUcXRFV3lf7r8+Oga0aGjiz 7ZzoWUkH1kcY/tj1nkHnp3a1PnuM6k6l57B7uaaimPHUzdNzg7ahH0BmJ/TTqz5N g33kj0/74FrwCHa6jzylb5VdYsFY4n3kwgcFgeaobtm+1mtXSB6pmtx84ClKzrCE aQ8sC81ox8j5qKOgcHhelK5q3Klt5YhdVqnfuBz42WFJf5EyflpFKWDIP1ry1HtX Siql4GigkFt/kgR66p2Pft/qdr2GE9MbGAJ1p9BCbkGPJ9N1KZv/SP+Tst4qWQz4 6DDsnsN18PlbbfhPzztaXSPbQZnCKUe/shVOo1+6wSWWfPLXhUTeie8s+vQQxRfw vXWPJZB8FVNbUDCdf6kmLB2Xh3Xvk+eTExkWnLdHtVG0646F1iCqJsc92s7a6k/i X/X9j025kqWFES9EPlKT2S63ws8iiBNqxkCmW+uxqsXTh2GIEjfvHks7vvJIjL1L O7V52B3v0bPkILPT84gCg8TRRyTOEYAbdlA41ctvtlnYauD6KrvKc3TjYSd2+QZB mWuT/ozbQtjLJeoCCuI5X6j+ZG4Z+dzS3kopLk0KyMzctudn4aRhzi5Cyl/phbEr YfYU1wkhfKIGsaRNOJgHksKmj66BI2W5PZ5Hw+vJJcFvxpFY7as= =yBNe -----END PGP SIGNATURE-----