-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 07 Nov 2025 21:10:39 +0100 Source: lasso Binary: liblasso-perl liblasso-perl-dbgsym liblasso3-dev liblasso3t64 liblasso3t64-dbgsym python3-lasso python3-lasso-dbgsym Architecture: riscv64 Version: 2.8.2-9+deb13u1 Distribution: trixie-security Urgency: high Maintainer: riscv64 Build Daemon (rv-manda-01) Changed-By: Salvatore Bonaccorso Description: liblasso-perl - Library for Liberty Alliance and SAML protocols - Perl bindings liblasso3-dev - Library for Liberty Alliance and SAML protocols - development kit liblasso3t64 - Library for Liberty Alliance and SAML protocols - runtime library python3-lasso - Library for Liberty Alliance and SAML protocols - Python bindings Changes: lasso (2.8.2-9+deb13u1) trixie-security; urgency=high . * Non-maintainer upload by the Security Team. * tests: test that inserted comment do not change node value and still validate signature * xml: prevent assignment of attribute value inside any attribute (CVE-2025-47151) * misc: check xmlSecGetNodeNsHref for possible NULL result (CVE-2025-46404) * xml: do not terminate on an unknown XML node type (CVE-2025-46705) Checksums-Sha1: b799493786faf58a49bcb5389e1180b996f51857 11025 lasso_2.8.2-9+deb13u1_riscv64-buildd.buildinfo 3479855eabcbf799fb64a804f3da96927647b899 173268 liblasso-perl-dbgsym_2.8.2-9+deb13u1_riscv64.deb ad3edd40aea240a3136270de111684802dc7eeef 772796 liblasso-perl_2.8.2-9+deb13u1_riscv64.deb f756f40ca5b7ae3cc131b5281c2fe511f1663e1b 1139252 liblasso3-dev_2.8.2-9+deb13u1_riscv64.deb de8dc31a441cdc10600f04802ca1d4dc0d3ce136 793932 liblasso3t64-dbgsym_2.8.2-9+deb13u1_riscv64.deb b4a92719b0d5c34a82359f6d000ef3ffe183d165 789944 liblasso3t64_2.8.2-9+deb13u1_riscv64.deb 7d11c924ec1367fbb22469e273348fdd7c542dd0 330508 python3-lasso-dbgsym_2.8.2-9+deb13u1_riscv64.deb 65c7680eef3d09bb0ee21d733db17a10671bca1b 739452 python3-lasso_2.8.2-9+deb13u1_riscv64.deb Checksums-Sha256: 13a3417b3757a2b5bc91db7cdaa85095860e420e4d35de89ff8c08b8cb080431 11025 lasso_2.8.2-9+deb13u1_riscv64-buildd.buildinfo cd892f1b4ea8b36a1ab6f695595e7d82c3296e5d19e5b5335ad20d75033c0135 173268 liblasso-perl-dbgsym_2.8.2-9+deb13u1_riscv64.deb 7f2fa45d267c360040ac138d4b65f17de49907e6819beddfaaef720c9d60b587 772796 liblasso-perl_2.8.2-9+deb13u1_riscv64.deb c19cb4f1d67f250a0b9d49fc64a7be6a69dd0fdaf9e724409a692e3c1b84d404 1139252 liblasso3-dev_2.8.2-9+deb13u1_riscv64.deb b74f96b5d60fdf4b85a644fa0a0cc505056dd2db47418d72d33f6d5e5abc6459 793932 liblasso3t64-dbgsym_2.8.2-9+deb13u1_riscv64.deb 015c18b577cb92dd127226e62918c869068025b0b1b5604fada3b5d84a0f9c72 789944 liblasso3t64_2.8.2-9+deb13u1_riscv64.deb 35b0b3bf0a824e72607adf07e311f3a842d979459a8b57861689d51e47f5597b 330508 python3-lasso-dbgsym_2.8.2-9+deb13u1_riscv64.deb ef8629aa3b4a797cf5459b1856e3ca10fc5b02668644cf39d951b45fbfdc0230 739452 python3-lasso_2.8.2-9+deb13u1_riscv64.deb Files: 9c978362902ab110e7d512bef730069d 11025 libs optional lasso_2.8.2-9+deb13u1_riscv64-buildd.buildinfo 4446bba80a06544c7ff9b0a1cf46274f 173268 debug optional liblasso-perl-dbgsym_2.8.2-9+deb13u1_riscv64.deb 384287a14a1981a63e73b08e258d2ab1 772796 perl optional liblasso-perl_2.8.2-9+deb13u1_riscv64.deb f612d7beec8101699c546d78fbd8885a 1139252 libdevel optional liblasso3-dev_2.8.2-9+deb13u1_riscv64.deb 704b4ca4345684bbccd13a22952d80f8 793932 debug optional liblasso3t64-dbgsym_2.8.2-9+deb13u1_riscv64.deb 0345c8112cc5864202b2fe3f33dd7c41 789944 libs optional liblasso3t64_2.8.2-9+deb13u1_riscv64.deb ecb56d62c8d39eeefd4c65b7aced184f 330508 debug optional python3-lasso-dbgsym_2.8.2-9+deb13u1_riscv64.deb 8ce1cd2301b800a04178e685a791ede0 739452 python optional python3-lasso_2.8.2-9+deb13u1_riscv64.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEr1DoflQE5rwrZmkOdH2L+FrKb9gFAmkSX4sACgkQdH2L+FrK b9g+9A/+MNWBLm6lV3nGG1/94zm8l7YPOvgSjiWWKdhZmbcf8YvZR3Gl33QOXRZV M1OUISm/HAIWBvLVn4jHY0ov6OchznE3ElRqYaXsAZVgHgP1qnoLtkUz1de5FDA3 dBDh0HzcXL9fFnp8GWmMg3AklcLL33tT/wWE3wRmoS2/0kactE63M9Sd7fz6Qp0a l+BPG0dTIc+ueVa6EtIeIZMAWpLz3BP2f8Aud2hj2R3x28JN+ODRDGdCwbwmVd0S V/f9DfkVRNr+83P/hxgO9G7GrAuAXMkkd0mfmbWHUU9yo458VMtu5vJHEXGlzwlJ gUvGsHCAAx0a3ZFgG9+r1gZPJeFwC9wSugEYqehE4KN8rik0etyyXMR/xmtESZ/N q0UswUvvbBJv3t4Y8PtFOvSHFRS4XQE2Q5H5dj3cpUHnwQ1yJ1yzCg/NvLFDxY2b E0C5T8dd/YnOqAnGkjSCSMZrX0DKYhwbsc64lz+yXTFYhnNGhSNdNsSJTJIwo9QW dxwuE5EZztOnYN4niM2RclJrAN2amCfbLKoiPflb3D66OaZJw+iolakCaPQfGvV/ qmUGmJqFxTcnAq6lGSU3PIF0kfpKpw4opGbgDME8Xx917kLX878P4AlHq1qqPNne 85c4ZrZIGDg3g8bJcdDSfFOOyahbs4VtV/3kj9SeACKWcf8UuhU= =7PyQ -----END PGP SIGNATURE-----