-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 07 Nov 2025 21:10:39 +0100 Source: lasso Binary: liblasso-perl liblasso-perl-dbgsym liblasso3-dev liblasso3t64 liblasso3t64-dbgsym python3-lasso python3-lasso-dbgsym Architecture: i386 Version: 2.8.2-9+deb13u1 Distribution: trixie-security Urgency: high Maintainer: all / amd64 / i386 Build Daemon (x86-conova-01) Changed-By: Salvatore Bonaccorso Description: liblasso-perl - Library for Liberty Alliance and SAML protocols - Perl bindings liblasso3-dev - Library for Liberty Alliance and SAML protocols - development kit liblasso3t64 - Library for Liberty Alliance and SAML protocols - runtime library python3-lasso - Library for Liberty Alliance and SAML protocols - Python bindings Changes: lasso (2.8.2-9+deb13u1) trixie-security; urgency=high . * Non-maintainer upload by the Security Team. * tests: test that inserted comment do not change node value and still validate signature * xml: prevent assignment of attribute value inside any attribute (CVE-2025-47151) * misc: check xmlSecGetNodeNsHref for possible NULL result (CVE-2025-46404) * xml: do not terminate on an unknown XML node type (CVE-2025-46705) Checksums-Sha1: 5577c400c3c8d0013acf311e24191d16666773c8 10934 lasso_2.8.2-9+deb13u1_i386-buildd.buildinfo 93552800ede966eb20d7eac43ff0d16b8a9c1336 168252 liblasso-perl-dbgsym_2.8.2-9+deb13u1_i386.deb d85184172ec3a629dbb447b31e49ff6b6dc44ce0 743340 liblasso-perl_2.8.2-9+deb13u1_i386.deb ad094384e3c9e4a20a0de3761dae3076d7072870 880072 liblasso3-dev_2.8.2-9+deb13u1_i386.deb efe2af74b4153a5670fb3bed7f8edb9aa9b9f7bc 735388 liblasso3t64-dbgsym_2.8.2-9+deb13u1_i386.deb faf812fb8b1283e84381f2d5905b73653f041870 800660 liblasso3t64_2.8.2-9+deb13u1_i386.deb 839f0c691bae954c1ce687b01652eff5e843345d 272628 python3-lasso-dbgsym_2.8.2-9+deb13u1_i386.deb c1a4af258631831c34e142dc1e160f8887590481 733208 python3-lasso_2.8.2-9+deb13u1_i386.deb Checksums-Sha256: 0fa81d17df4a3f5645a9cc56aaf322676f7cab7d3752447faa2cd773d95af81e 10934 lasso_2.8.2-9+deb13u1_i386-buildd.buildinfo b810faaf775d9ef2ad9327c15bc91d6c58796cd307782f8b7205a8489207b82a 168252 liblasso-perl-dbgsym_2.8.2-9+deb13u1_i386.deb aed53f59ca3fc8bcffc73a9fad1af17e8219945513264a0876d78fc054c2d26b 743340 liblasso-perl_2.8.2-9+deb13u1_i386.deb 03e8bce1a7d78931083e4ef249e5755c4a66e029bf3b8e58cd32b9108e922ba5 880072 liblasso3-dev_2.8.2-9+deb13u1_i386.deb 6192a86ac4980097b417f95d18e59fcc6734525994f987d6d07e76a708fa99d6 735388 liblasso3t64-dbgsym_2.8.2-9+deb13u1_i386.deb d99d2bac7257b6010ba35593e1da6e839c80ceac07e880439c1cd8bcf9c49430 800660 liblasso3t64_2.8.2-9+deb13u1_i386.deb a4ab53038ab006bb3fa33e34ede6b2b1648f5952e30befd3e9eff864afd8d7ac 272628 python3-lasso-dbgsym_2.8.2-9+deb13u1_i386.deb f4fdc93779951a9c3dcded0d0fcf49f01550757f21ecb7ecee73cb813bbcf4c0 733208 python3-lasso_2.8.2-9+deb13u1_i386.deb Files: acb5302e8d059947e49d09ebaf8be421 10934 libs optional lasso_2.8.2-9+deb13u1_i386-buildd.buildinfo 09aba256257cce1b48ad6a2d54f9214b 168252 debug optional liblasso-perl-dbgsym_2.8.2-9+deb13u1_i386.deb 3d4090f2e9cc24cbb73dfc21214a2ca9 743340 perl optional liblasso-perl_2.8.2-9+deb13u1_i386.deb b6402799c2888397bfab28242de90729 880072 libdevel optional liblasso3-dev_2.8.2-9+deb13u1_i386.deb 4dc7adee1504db09028c3058a04580f1 735388 debug optional liblasso3t64-dbgsym_2.8.2-9+deb13u1_i386.deb b15cb2621dcc1446c39ae904ffc21466 800660 libs optional liblasso3t64_2.8.2-9+deb13u1_i386.deb b4c1136f4808a007e879802ad62e96ca 272628 debug optional python3-lasso-dbgsym_2.8.2-9+deb13u1_i386.deb 934ac2c6401efb617cf254683b134e5f 733208 python optional python3-lasso_2.8.2-9+deb13u1_i386.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEaPzFtKPtF0JrKPV5iZlfn74WV6kFAmkST5cACgkQiZlfn74W V6mdmg//RWsTgQXjV6jolsK8yGmucQF7qWY2kpWRH1k+Oe4f8iGJZ6ytJvdi9v35 wDbh05B97FjhbXbMyhtPf+7xZQgh1STxtL0VcZl4in4j1TAeQ1xIOz1vpTIMHleV jmB3KAF60vHiy/CHlUkyJ699C0wlAxAe816B5D50H+N3bf5i91wBib5ARFhPNc0b Ahhr3Osttvi/n36fQqutQwHAG6oLtN0ShQMjuScNdB1ucMzwmqYUyoIZCXDHMUTI CAoS+CiFo+kVKL/vVXRtKNThh4AqB4qvPDWpWXQeXnSq8vl7VkjN454MQQjdkklL 88n1cJoApJWkJdW06Zm3IAeqBmWkGzzFUezexILvz93nbKkXIfPBuFOLW4WVF4Yp Br7Epl3aVNrzvfkDd9b9pMGgxhDx2377aSxY4c6ropzm3PE1NqEE089z31OWoHET aq/vj/I6OcpwP0cwo6oMM7xegMP8hzBf21wcbH6AaOT1QNh50mDgjLQ9cyvLFUsC elhviF59sowzdnaUC50A0K0sYjM5WGtrHJmqIlmL14lX8QVqPWcUXG+4j2R+SXqc bLXVZzYQ5KdHuJjzsGv0Q1pnDbk3BFJziuZf3vuiJZjVxDvuMVRZzcbZoTiXwwBo vpTx2Kwp9pYpJhAH90M1XcO1dhhQxDGtr+O7MhtbNxGIwOrRWX8= =JSOd -----END PGP SIGNATURE-----