-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 07 Nov 2025 21:10:39 +0100 Source: lasso Binary: liblasso-perl liblasso-perl-dbgsym liblasso3-dev liblasso3t64 liblasso3t64-dbgsym python3-lasso python3-lasso-dbgsym Architecture: ppc64el Version: 2.8.2-9+deb13u1 Distribution: trixie-security Urgency: high Maintainer: ppc64el Build Daemon (ppc64el-osuosl-02) Changed-By: Salvatore Bonaccorso Description: liblasso-perl - Library for Liberty Alliance and SAML protocols - Perl bindings liblasso3-dev - Library for Liberty Alliance and SAML protocols - development kit liblasso3t64 - Library for Liberty Alliance and SAML protocols - runtime library python3-lasso - Library for Liberty Alliance and SAML protocols - Python bindings Changes: lasso (2.8.2-9+deb13u1) trixie-security; urgency=high . * Non-maintainer upload by the Security Team. * tests: test that inserted comment do not change node value and still validate signature * xml: prevent assignment of attribute value inside any attribute (CVE-2025-47151) * misc: check xmlSecGetNodeNsHref for possible NULL result (CVE-2025-46404) * xml: do not terminate on an unknown XML node type (CVE-2025-46705) Checksums-Sha1: 5ada182553f9a30f1c51aa4312add3e03dc96cec 11077 lasso_2.8.2-9+deb13u1_ppc64el-buildd.buildinfo 1ab6d1ed6c0b3c8b9de874cbb35fa001d6d393fd 171020 liblasso-perl-dbgsym_2.8.2-9+deb13u1_ppc64el.deb 7d1adfe97e19415bb355f1c1d059bcb969d54ae1 737848 liblasso-perl_2.8.2-9+deb13u1_ppc64el.deb c2b2dac70dcda7c58a6a667d16aecb10c39428c7 886668 liblasso3-dev_2.8.2-9+deb13u1_ppc64el.deb 8d6fe997542b5c205afddfe4c9f20ae2ee00aa4e 835728 liblasso3t64-dbgsym_2.8.2-9+deb13u1_ppc64el.deb 4a8bcb809f7deeadce93e5c7b072ea32d60dda22 799384 liblasso3t64_2.8.2-9+deb13u1_ppc64el.deb c45731382945941f6c85e9d68d73bfaeb86367bf 372136 python3-lasso-dbgsym_2.8.2-9+deb13u1_ppc64el.deb 2cef44d36070726f014065cd111fc0617246d1c8 737032 python3-lasso_2.8.2-9+deb13u1_ppc64el.deb Checksums-Sha256: 63a9e99244d09897634dfca6a6d5406543eecd9a3debaaedf03f1309cf94bfd6 11077 lasso_2.8.2-9+deb13u1_ppc64el-buildd.buildinfo 609b45ad2f7611062b6f9a5d66b9ae9c86455196c80259ebd262f1ef1a82669e 171020 liblasso-perl-dbgsym_2.8.2-9+deb13u1_ppc64el.deb bb1bd5697367d76852c7ae36e5198efa812a6ab6edac7030d67c1f6e36c84e28 737848 liblasso-perl_2.8.2-9+deb13u1_ppc64el.deb 2f72b9f5261be6c536f423209511271bb334051d835374ce7c04b8bf8b1977ff 886668 liblasso3-dev_2.8.2-9+deb13u1_ppc64el.deb d4520bd9e41e72a5b7c43f7f19305a1d0e23b2a220376c7c3ea16d0f2e3ab5b4 835728 liblasso3t64-dbgsym_2.8.2-9+deb13u1_ppc64el.deb f4bb4e432728275cf9927c0715e99d7666b3e7e049a0c9b29dad3adcd48da36a 799384 liblasso3t64_2.8.2-9+deb13u1_ppc64el.deb d22c78e9943fd3b89856237be2d43da779598ad47bc8fe55366102b607eccb29 372136 python3-lasso-dbgsym_2.8.2-9+deb13u1_ppc64el.deb f993b313fed43fbfeedda93fc29eef3644ac104dc5f85c9bfdc391b29ad22344 737032 python3-lasso_2.8.2-9+deb13u1_ppc64el.deb Files: 0e6cbdb4f7fd03bb949c94eac7f7b65b 11077 libs optional lasso_2.8.2-9+deb13u1_ppc64el-buildd.buildinfo f45b80fdcd41900f85fc88d4d8db01cc 171020 debug optional liblasso-perl-dbgsym_2.8.2-9+deb13u1_ppc64el.deb 243326941ba0009a032c7dfd9eadaeac 737848 perl optional liblasso-perl_2.8.2-9+deb13u1_ppc64el.deb ae578dac7b20394a086bb11932988c96 886668 libdevel optional liblasso3-dev_2.8.2-9+deb13u1_ppc64el.deb 5becb50c54f605ab8c82e80a2a68f5ce 835728 debug optional liblasso3t64-dbgsym_2.8.2-9+deb13u1_ppc64el.deb f15edef2a10a231b279bced91832dde3 799384 libs optional liblasso3t64_2.8.2-9+deb13u1_ppc64el.deb 9875748c6eef3c36adcbe630e86ad2a3 372136 debug optional python3-lasso-dbgsym_2.8.2-9+deb13u1_ppc64el.deb f59829e5bf87f1d53e541a7474669f1f 737032 python optional python3-lasso_2.8.2-9+deb13u1_ppc64el.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEYo4fOZBRi9qmvTxH1PowSTJ8+YQFAmkST1wACgkQ1PowSTJ8 +YSaEQ//aTbQdjkT2c4PzQf0z6xzRPLufcXdJj5uYnT2PCIsJ72bUQPGkXy9M04D cI6O5fIRVK4MWP5xBvhsd45uW6Q9YgnQwunujPSxPByg6UlHzRM6E8PF5X9a/Cq8 cALICRyXPf5P7q77gZ2rF/SNDHLyKDh5H74uQKQjkeO9OW0njZayfXohszi9CCME s5f8DFLaF12lHqdEzNLupWiFJ3oJL44qtNnDMf9KKSYYnVLtpBWkforHN7KNmQ5D Y3Hsjc5iD4/dPOvF+Io8HMOtDQ6aN3mtBQTYe8vMI1M69D+8QFD4tePDxq+DpR8x 9BShoFT1qcz1Z27KUzGCGTgDxXIw1H1qIsvgsyds5dawq8dVXhk2X7rCL1dFNGk4 5aRpe24mmVZYVbtIP31SJVoNLjheKoZI/qIi7e328iCFs7slnGvXBDzVGHlR8jXI 64MkN5cBTHwOONaYjErc1usFSjUM6WmS5v/YLvlAdS6DRPBeFik2cZY0SAtTx/si mVCeDuTNI/d7AMO+ivuf3xndwWrLC1pnPaZOKImNx2KboxLPWpynCOCS5dzURTow SgusjzbkZlbL1Pqm5XK0w9STYJfuY9vIqaNgAKOxWX24qJzBipJOXpoo/PRnR7Oc xpK4Ep18PO1k6kv9ZKhaUxgLMAzIw+KNBHuHw6RWHDkHyQP2uVo= =B4Ct -----END PGP SIGNATURE-----