-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 07 Nov 2025 21:51:12 +0100 Source: lasso Binary: liblasso-perl liblasso-perl-dbgsym liblasso3 liblasso3-dbgsym liblasso3-dev python3-lasso python3-lasso-dbgsym Architecture: armhf Version: 2.8.1-1+deb12u1 Distribution: bookworm-security Urgency: high Maintainer: arm Build Daemon (arm-ubc-02) Changed-By: Salvatore Bonaccorso Description: liblasso-perl - Library for Liberty Alliance and SAML protocols - Perl bindings liblasso3 - Library for Liberty Alliance and SAML protocols - runtime library liblasso3-dev - Library for Liberty Alliance and SAML protocols - development kit python3-lasso - Library for Liberty Alliance and SAML protocols - Python bindings Changes: lasso (2.8.1-1+deb12u1) bookworm-security; urgency=high . * Non-maintainer upload by the Security Team. * tests: test that inserted comment do not change node value and still validate signature * xml: prevent assignment of attribute value inside any attribute (CVE-2025-47151) * misc: check xmlSecGetNodeNsHref for possible NULL result (CVE-2025-46404) * xml: do not terminate on an unknown XML node type (CVE-2025-46705) Checksums-Sha1: e51ef2f19b92874ddb500e5e550e4298c9d373f5 10935 lasso_2.8.1-1+deb12u1_armhf-buildd.buildinfo e1aad481e29f814f2df1afbc7d8dbc144a7cd36a 177572 liblasso-perl-dbgsym_2.8.1-1+deb12u1_armhf.deb e3cb6e656d5a6f5832bb95ed772cc0baae1c5855 760700 liblasso-perl_2.8.1-1+deb12u1_armhf.deb 7b018879426d01c5adacbc13023375b10091841d 776016 liblasso3-dbgsym_2.8.1-1+deb12u1_armhf.deb 18eaad48872085ac1e09c0d076ad100b5713fd9f 850868 liblasso3-dev_2.8.1-1+deb12u1_armhf.deb ad04a3903f8afe4a77e8bf6d8ebc1fe1bd18f5e0 772124 liblasso3_2.8.1-1+deb12u1_armhf.deb 9487524a91561358010f9aaf63b125f5b5f9e3b1 335984 python3-lasso-dbgsym_2.8.1-1+deb12u1_armhf.deb 13daa0621507d35a0820e26d2dd14061f74498e2 727332 python3-lasso_2.8.1-1+deb12u1_armhf.deb Checksums-Sha256: 0c3d4f1d0ad7923d5f8eeef07000143cb21494b4f99e7260e557690730928421 10935 lasso_2.8.1-1+deb12u1_armhf-buildd.buildinfo dba3c791e5edb00c3a3247b0db642e2949a10cbad48ced9259462dfc6a25fb1b 177572 liblasso-perl-dbgsym_2.8.1-1+deb12u1_armhf.deb fcd540d20f7bdc01fa5320a06b307c01d6b05e7301846c5ac972604020064743 760700 liblasso-perl_2.8.1-1+deb12u1_armhf.deb 298c140d651fe2df7fcd4d1219ed578815728e25a0e2ad3a2653b69fd8b4b707 776016 liblasso3-dbgsym_2.8.1-1+deb12u1_armhf.deb 80299478d5b93b96ff33bdbed65dabe51cd505f3d372055f4db1eaf36cc6b2fe 850868 liblasso3-dev_2.8.1-1+deb12u1_armhf.deb 766db04f2edd33bb9f2cd2ed2342c2fae2e539813cb05dbae806f91c54bd6043 772124 liblasso3_2.8.1-1+deb12u1_armhf.deb 5f8747af60531d61c586f85af912ed782e12af4edc173f0aa3aef4277e482d72 335984 python3-lasso-dbgsym_2.8.1-1+deb12u1_armhf.deb eddc5f30a9d8a543dde6206bcf7327321e9ff046a81c300d19988e36ccf7cda2 727332 python3-lasso_2.8.1-1+deb12u1_armhf.deb Files: a7e0626487e4347cda296933643d1030 10935 libs optional lasso_2.8.1-1+deb12u1_armhf-buildd.buildinfo 14a0b1f77623cda4064a710ccad7ae60 177572 debug optional liblasso-perl-dbgsym_2.8.1-1+deb12u1_armhf.deb 030e5b16c4fb6ba1c57f110e980f37db 760700 perl optional liblasso-perl_2.8.1-1+deb12u1_armhf.deb 42023cf5f7ea627f25b1a42c5c551679 776016 debug optional liblasso3-dbgsym_2.8.1-1+deb12u1_armhf.deb 041cb8dac77e1c54b5b00e1a1c9ade78 850868 libdevel optional liblasso3-dev_2.8.1-1+deb12u1_armhf.deb ba2ad28aef3bdd0ddc12e6d55b774bc2 772124 libs optional liblasso3_2.8.1-1+deb12u1_armhf.deb ff18d73e878abf87f063c273eb7d9e9b 335984 debug optional python3-lasso-dbgsym_2.8.1-1+deb12u1_armhf.deb 5b33532eab5ba20f1119f225cc694cbc 727332 python optional python3-lasso_2.8.1-1+deb12u1_armhf.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEbIns2iWsAAdAqh2MS/ZIXkV8oLAFAmkSTyAACgkQS/ZIXkV8 oLBpHA/+PRdD+RDdbnjSejBGJEZI3HQBC750qMmYeduiYsgbIs1Ha0gLzKDvAzX5 8i+0swKT5k+soY3JtUSlen6mIB6KdkhYifo7WcqcR/+Vvk/PPGAXVAe6xM2fDjV8 9PL6SoYVOC27qlktg0Ha4I5DteLjKW+9bRiNO721xKYXB5wrHth2y/L+8yPyFqpP b+RrX3YZSvJy1hPM2seRgEE54rft9CI3c9+9WZ+bIb25ajrbGItSkvXPMFhaOAxc wQ81Qw3HjKVTUYOj46vUv85RBTy4EStlIBvG8L/B+z3xfTeI10JAFr7x4g5RY4bD Fj4/kzWkx/j5v5dFt70SjkTclkbHTw7af8Q6WoDO5noK0cOKiSEWZRYrMIdtO01a M2QrKUC0eWPWWuQFONqArEAsYU2HuGGfpb+BWytP+kccqgfdLprBRPK5CH8ngf5z nvoHjJtnjElb77Vzq+hjHvz1/1jMjr2gnEcCbeQeyEOQTeA23cCrRDukOwOkak9k K54BAtF7iKzFe0+vwrH0wlZ0AoesyrMLls/QT5uLkg0foYgeWyqppodCltMFAFbN MIv6sR6SkPRkyUoSYTBHeQt6mBDEjTqMOro9Q4tthEcObE0um/pNiink/IjX3pp3 uAq7YfhaH2xzADFL1wVykNCVaR+iUfR+6YDtg/sGGuD07bCSL24= =sPvr -----END PGP SIGNATURE-----