-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 07 Nov 2025 21:10:39 +0100 Source: lasso Binary: liblasso-perl liblasso-perl-dbgsym liblasso3-dev liblasso3t64 liblasso3t64-dbgsym python3-lasso python3-lasso-dbgsym Architecture: armhf Version: 2.8.2-9+deb13u1 Distribution: trixie-security Urgency: high Maintainer: arm Build Daemon (arm-ubc-05) Changed-By: Salvatore Bonaccorso Description: liblasso-perl - Library for Liberty Alliance and SAML protocols - Perl bindings liblasso3-dev - Library for Liberty Alliance and SAML protocols - development kit liblasso3t64 - Library for Liberty Alliance and SAML protocols - runtime library python3-lasso - Library for Liberty Alliance and SAML protocols - Python bindings Changes: lasso (2.8.2-9+deb13u1) trixie-security; urgency=high . * Non-maintainer upload by the Security Team. * tests: test that inserted comment do not change node value and still validate signature * xml: prevent assignment of attribute value inside any attribute (CVE-2025-47151) * misc: check xmlSecGetNodeNsHref for possible NULL result (CVE-2025-46404) * xml: do not terminate on an unknown XML node type (CVE-2025-46705) Checksums-Sha1: 8bcbc5a325a2eef992b320c5eca67d6e5eb9f6ae 10914 lasso_2.8.2-9+deb13u1_armhf-buildd.buildinfo 5d90949ca55a343699df0da75e5828b5db1971ed 179292 liblasso-perl-dbgsym_2.8.2-9+deb13u1_armhf.deb 5be342089b7e6e4885c44830fc8ba3d0372c4235 755676 liblasso-perl_2.8.2-9+deb13u1_armhf.deb 267beb51566abdcf621ce47f90357d1a2370bacf 847376 liblasso3-dev_2.8.2-9+deb13u1_armhf.deb d2547a5ba488b4cc1d6f3964107cec892e7fa370 808832 liblasso3t64-dbgsym_2.8.2-9+deb13u1_armhf.deb 91354d1e04f73ebb8bd56286ac10f386ec49186c 768940 liblasso3t64_2.8.2-9+deb13u1_armhf.deb 66b095b2c531b5c06e4cbb62401e2553d76c55d6 370452 python3-lasso-dbgsym_2.8.2-9+deb13u1_armhf.deb 720fb4d2d004596c7ac1dea53f997d77eaab46f8 729972 python3-lasso_2.8.2-9+deb13u1_armhf.deb Checksums-Sha256: af97f3ae22bb4b5c0631b5e5bb9f309cca2a9a3482c65f5cf50e4a02b70d09dc 10914 lasso_2.8.2-9+deb13u1_armhf-buildd.buildinfo 5fdd32a327ca744cc397140bd211fff8537c59f1f44521b29940b44c060310d1 179292 liblasso-perl-dbgsym_2.8.2-9+deb13u1_armhf.deb e96b353cbe0c39978cacae42cbb86ca531a4245dc02f26a957980630ed2fe9cf 755676 liblasso-perl_2.8.2-9+deb13u1_armhf.deb b18fda0c9310a5efe0c374aeb66a283ec74b110dd7c6b7ffb7df548de86cc0b2 847376 liblasso3-dev_2.8.2-9+deb13u1_armhf.deb fe0902efbc7825bcb147dea7e60a4cc8c2504a420c7e9d10587dd93c170d1911 808832 liblasso3t64-dbgsym_2.8.2-9+deb13u1_armhf.deb 96c92bdab26629346076671829a30f3dd7535e2abc2e443184fdb1b9dc21c36b 768940 liblasso3t64_2.8.2-9+deb13u1_armhf.deb 0b69827c92bfe5abb47bbcf18b644db36f13ac712cbf6a8cd517d71c22dc6a3a 370452 python3-lasso-dbgsym_2.8.2-9+deb13u1_armhf.deb 20ac46bd566988df4d97fa28eaa2ddb6029d0c5216de4ed614c23cac020e9e1d 729972 python3-lasso_2.8.2-9+deb13u1_armhf.deb Files: db547c3bf2660bc4c46a96959f6b5f5f 10914 libs optional lasso_2.8.2-9+deb13u1_armhf-buildd.buildinfo e86e162abc7802f6727f6030cb3079aa 179292 debug optional liblasso-perl-dbgsym_2.8.2-9+deb13u1_armhf.deb 3eff17cee2061d2bef320921fff0da7e 755676 perl optional liblasso-perl_2.8.2-9+deb13u1_armhf.deb fc1f9ecb30dcd739e66ca7b280330535 847376 libdevel optional liblasso3-dev_2.8.2-9+deb13u1_armhf.deb d021756b59cd7103ac52d6de667faf74 808832 debug optional liblasso3t64-dbgsym_2.8.2-9+deb13u1_armhf.deb 6c53a935ac2dcb8ebe9fa6dc695b0977 768940 libs optional liblasso3t64_2.8.2-9+deb13u1_armhf.deb 52207eb0b427f5d8cd60097ab8d1117f 370452 debug optional python3-lasso-dbgsym_2.8.2-9+deb13u1_armhf.deb 544368e31486a1d31b0cc326dbc4244e 729972 python optional python3-lasso_2.8.2-9+deb13u1_armhf.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEiIG3Q3DxwDgRKKeyLRECdjCZQkcFAmkST3cACgkQLRECdjCZ Qkcy2g//bklQrpyFWWLY10//x3AIE1iGVdH+MHNaYgP8jF9712W7KjD1xYVKiZbv 6CsQmXF+ZJwXhAcZjR2pCwg9eH2JCyGkhP114sX4ck75ZUYv/DOjCGNrWBwHHdAC N9Wtnm3aFukI5eE4WVIww/nlpelVP9YZJgq/4Pon7MDmxi5YiP0aJXtpbJxubIvH DBprhET+nqtP6t1qicub6Ysyo+qNBvhV4jozZjyBYmBI4fXf7BRBQ31uqsp3imHY IbAJ4cdyxX7hxtMhoC3t3IQ53rrSUv5PhcEQqLj1n1IVbod4fxYiLXFgInfqCF57 fDfrXRgFTJIF/G96oUJgFQDgMG0GeqXXCoECnhTEpurAByzE9MuUlIQZ/k0dpZi9 0bU2o+8Xp2KTqsXUssVM0No/0orhafihr/9TjMXodI0OYJ5YcfrhUZijWwLB4Mhd P0irWUKyqJCZ/8QQKV1ptlDW5LNNiKq2gxKH5gFBttFzPlRU1G4fUVMRpCyAaGBO +5FoEodiOOE0Tkw/q4XrsjRNv0UPeAcIGfzbwn4HHLIRfYeEDd2F+5fUFEJq9NgO 3d9p9U98pbdhJQD8C9xZT7hGff7N35uEWTNhg7MjRzTYaWGexixvOoG6ABprhfdo 3LwY2Jy32zz1znmcg7tZ9I2Xzt57E2kMV7xvihb4EZow8MAThmE= =2w2b -----END PGP SIGNATURE-----