-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 07 Nov 2025 21:51:12 +0100 Source: lasso Binary: liblasso-perl liblasso-perl-dbgsym liblasso3 liblasso3-dbgsym liblasso3-dev python3-lasso python3-lasso-dbgsym Architecture: arm64 Version: 2.8.1-1+deb12u1 Distribution: bookworm-security Urgency: high Maintainer: arm Build Daemon (arm-conova-03) Changed-By: Salvatore Bonaccorso Description: liblasso-perl - Library for Liberty Alliance and SAML protocols - Perl bindings liblasso3 - Library for Liberty Alliance and SAML protocols - runtime library liblasso3-dev - Library for Liberty Alliance and SAML protocols - development kit python3-lasso - Library for Liberty Alliance and SAML protocols - Python bindings Changes: lasso (2.8.1-1+deb12u1) bookworm-security; urgency=high . * Non-maintainer upload by the Security Team. * tests: test that inserted comment do not change node value and still validate signature * xml: prevent assignment of attribute value inside any attribute (CVE-2025-47151) * misc: check xmlSecGetNodeNsHref for possible NULL result (CVE-2025-46404) * xml: do not terminate on an unknown XML node type (CVE-2025-46705) Checksums-Sha1: acf4f0cf3151208f2d4f9dfbc44514855a8ffd29 11091 lasso_2.8.1-1+deb12u1_arm64-buildd.buildinfo ee8ffad96811b8f27ca33335e10bbcb03cec28f8 167096 liblasso-perl-dbgsym_2.8.1-1+deb12u1_arm64.deb 7d1fb531110962fab61f0e9a121fe4da59b38353 721660 liblasso-perl_2.8.1-1+deb12u1_arm64.deb b4487bcb9eae5a22f2f9f5de417487990abe804b 794396 liblasso3-dbgsym_2.8.1-1+deb12u1_arm64.deb 8f1abe214dcf64f846a35b8c22d827a94721ed21 865912 liblasso3-dev_2.8.1-1+deb12u1_arm64.deb e35588de9cdeddf4e26436cb0714a963e17202cb 781072 liblasso3_2.8.1-1+deb12u1_arm64.deb b883ae3f338cebe045b585c5f3f7a432cdcb24db 332432 python3-lasso-dbgsym_2.8.1-1+deb12u1_arm64.deb 741750471b95d5aadb221fba504bf4d33bb307e0 732248 python3-lasso_2.8.1-1+deb12u1_arm64.deb Checksums-Sha256: be061e12c6453f0e757eaa7db925f91b7717d3e7761990ef50c739dbe69ab81a 11091 lasso_2.8.1-1+deb12u1_arm64-buildd.buildinfo 69f5b49f1ddd2efa274e78ceea414a39f04b0b4b9b049f57908da8d99d77127a 167096 liblasso-perl-dbgsym_2.8.1-1+deb12u1_arm64.deb 5433e4b8d8c6bcf6fca0f56c372a345e0033563cb56e87eeaaa1bff15bc8a306 721660 liblasso-perl_2.8.1-1+deb12u1_arm64.deb 0b860d12eacf1fef64eabe41e4b8972303e7dea8c7e9d183b97e14b9093ef8d1 794396 liblasso3-dbgsym_2.8.1-1+deb12u1_arm64.deb 9612d0c24878ac26c4eed24b06e5c7b3dd8c450a2b89dc0f1b9dd5ffe4c55946 865912 liblasso3-dev_2.8.1-1+deb12u1_arm64.deb 6cdfee8ca91f4cfca145ec8ae928eb5c406068a9680f56b1e89635427e650e0a 781072 liblasso3_2.8.1-1+deb12u1_arm64.deb 1d95fa13a0510478c0481c6024a6b06a44a3ba3adb6190a1f3ba8450f0f3ef2f 332432 python3-lasso-dbgsym_2.8.1-1+deb12u1_arm64.deb 983e911767e859875b2ad579e0f1a67e562e8f4c3ff37626a4aafc2c0ca89f2c 732248 python3-lasso_2.8.1-1+deb12u1_arm64.deb Files: 0bd070d08a8fdee31a120fa8f2e9294e 11091 libs optional lasso_2.8.1-1+deb12u1_arm64-buildd.buildinfo 3f513b11ef83999a430c6e0e092622c0 167096 debug optional liblasso-perl-dbgsym_2.8.1-1+deb12u1_arm64.deb a08e4cea3b5f96e84d3d3226b5ad7d23 721660 perl optional liblasso-perl_2.8.1-1+deb12u1_arm64.deb 515725812fb8775441bf58be9f8917f2 794396 debug optional liblasso3-dbgsym_2.8.1-1+deb12u1_arm64.deb 5e0be5e0047895dffbd65fe7072ab4dc 865912 libdevel optional liblasso3-dev_2.8.1-1+deb12u1_arm64.deb faf9405bf2720ae224d0ea928318dc50 781072 libs optional liblasso3_2.8.1-1+deb12u1_arm64.deb f44193d178ed73e8fb8f515fb7e7d380 332432 debug optional python3-lasso-dbgsym_2.8.1-1+deb12u1_arm64.deb 410ca087045c973c8bc53f249f48d2c3 732248 python optional python3-lasso_2.8.1-1+deb12u1_arm64.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEVM4SKBZumztS8zr3lST9Us03ywsFAmkSTv8ACgkQlST9Us03 ywsCVg/+NRPP54n7UpCi3V2wWibGpI2KUQWEziyuLk0IBdrx1v/a4NTEC6+bmpht NSVgk6fjVHKJRtj9U3GOt1oGevn9215kJwmkX2J2sKamiqGIdK+eRdIi18uIj2Dv mY0gjpa80lFcRxabQuQbldDRuYSI5L2Jomeh9Tx/4KFF0BWT3SZAF793tbXOYoAf StCHg5gUCnvJmUS4KMeAmPyJMYii0YUSqKUm5VPMiX4fjNM1N9Wxj1nVF0LXLhBO 2IYBoQydBtZTxgDQ4y5ZvXgJBL/lB+AA+HSjKp7BqKIVCEgXcd1f5j7J+Mm2MK8T gm/2sTtV/0g5pDY8oe1bAunSwHdIre7rZnoVNq0me4Qs/mZMwX3kFknlJNI4h85a d9BCsi8B9yOkEjppRHo5ECdZrNuVThMnlbDJ/Pu1XGRT82+5jS6ep2SCgpCbeB9H 9aRXTDyiA7+PTtrSm8ZwmQDCZhkV0LFwYbLDdLteZ7eahMXgBOSQDN7EC9m0rmIa DyGkh/2UcC7BNpn1QAL0PzxVdzX4SDZcFS316qWY+2xlTMnBnmQ0HUgFlHB/L3nj 44gqW2yUE2FOAG81tudk7s1snL+7+WneIiGXCfN56214qStxqXyL5ufFVzFme11t 3n3BsAXsEQoNlLcn+JgA7q/EC+ReD5fRd1wA3aTvdBRo2rWb6lY= =6V49 -----END PGP SIGNATURE-----