-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 07 Nov 2025 21:51:12 +0100 Source: lasso Binary: liblasso-perl liblasso-perl-dbgsym liblasso3 liblasso3-dbgsym liblasso3-dev python3-lasso python3-lasso-dbgsym Architecture: i386 Version: 2.8.1-1+deb12u1 Distribution: bookworm-security Urgency: high Maintainer: i386 Build Daemon (x86-grnet-01) Changed-By: Salvatore Bonaccorso Description: liblasso-perl - Library for Liberty Alliance and SAML protocols - Perl bindings liblasso3 - Library for Liberty Alliance and SAML protocols - runtime library liblasso3-dev - Library for Liberty Alliance and SAML protocols - development kit python3-lasso - Library for Liberty Alliance and SAML protocols - Python bindings Changes: lasso (2.8.1-1+deb12u1) bookworm-security; urgency=high . * Non-maintainer upload by the Security Team. * tests: test that inserted comment do not change node value and still validate signature * xml: prevent assignment of attribute value inside any attribute (CVE-2025-47151) * misc: check xmlSecGetNodeNsHref for possible NULL result (CVE-2025-46404) * xml: do not terminate on an unknown XML node type (CVE-2025-46705) Checksums-Sha1: fbb30ea3907b98c46d75567c515982e10f415686 11017 lasso_2.8.1-1+deb12u1_i386-buildd.buildinfo d8f4f353c75eb3efd583a918767dc179d7879de2 166172 liblasso-perl-dbgsym_2.8.1-1+deb12u1_i386.deb d8bf52c0d2461d07c1df0ca316606fab9f2ac00b 747340 liblasso-perl_2.8.1-1+deb12u1_i386.deb cdb64830764eaa8d1c7a9df809b78c2ba71edc32 699588 liblasso3-dbgsym_2.8.1-1+deb12u1_i386.deb 0824bce41231c5a9edd7c8e244dbfc78613614e2 888264 liblasso3-dev_2.8.1-1+deb12u1_i386.deb 375d491fa0c332276bb05c9acb4b478404595560 808036 liblasso3_2.8.1-1+deb12u1_i386.deb 7a934e6efed5794ce773cc53e272f3010d0af38e 271448 python3-lasso-dbgsym_2.8.1-1+deb12u1_i386.deb 9f25aa114a3b43c4bbdcb13e09dfa78347ce7976 733580 python3-lasso_2.8.1-1+deb12u1_i386.deb Checksums-Sha256: 368f3bd8466b878e3c151acea5d3b183bf0f0b1c9bbd602162e89b5222db826a 11017 lasso_2.8.1-1+deb12u1_i386-buildd.buildinfo 6ed3578a39a1eff797c80bbbec74a4bfe95022e662cd74eb6437fb9f4be20479 166172 liblasso-perl-dbgsym_2.8.1-1+deb12u1_i386.deb c0696cb327170b9810e93aabaf68e143e619ace0c3ea3643654f9ead76285ba6 747340 liblasso-perl_2.8.1-1+deb12u1_i386.deb 244deca5e9bf99b6d56778014dce39e7affc6c7ac801f0b6cf37f48c054daf5b 699588 liblasso3-dbgsym_2.8.1-1+deb12u1_i386.deb 8843679dd83b2d51370c00cc4571c6bb332a96166bc5a1c1727e04038d287d91 888264 liblasso3-dev_2.8.1-1+deb12u1_i386.deb e3df8327e0225ca908e028571c9e326321ec9d8e159ff045bbd5f22436a1df6d 808036 liblasso3_2.8.1-1+deb12u1_i386.deb 21fc56f9634a2858bd0e33194bb5f6e615a7901d01b0ee4807b85b66cb4bf5b5 271448 python3-lasso-dbgsym_2.8.1-1+deb12u1_i386.deb b2663acd9fb633c1d7a38295cfab32f0b6fa308984d82e5631cb22b41d35dcfc 733580 python3-lasso_2.8.1-1+deb12u1_i386.deb Files: cecc44786d8b21043665c9ba74f4d1bc 11017 libs optional lasso_2.8.1-1+deb12u1_i386-buildd.buildinfo 608805fd563d473730986b3ff70e0b25 166172 debug optional liblasso-perl-dbgsym_2.8.1-1+deb12u1_i386.deb 57c20b16ae7365641707544fea7197ba 747340 perl optional liblasso-perl_2.8.1-1+deb12u1_i386.deb f933b93814b907cfa235f680dcbecb79 699588 debug optional liblasso3-dbgsym_2.8.1-1+deb12u1_i386.deb 8bbd542d27b0e7c35ea440a41c80d507 888264 libdevel optional liblasso3-dev_2.8.1-1+deb12u1_i386.deb 985f3c1e2dc149da31a47ce30fe8fd48 808036 libs optional liblasso3_2.8.1-1+deb12u1_i386.deb 01fc984b73f69ebcd828da6cc67c229c 271448 debug optional python3-lasso-dbgsym_2.8.1-1+deb12u1_i386.deb ae0c07535d0674237cd2c89045fc7472 733580 python optional python3-lasso_2.8.1-1+deb12u1_i386.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEv2qEY4xQXyY/2dWIvGw9w6VrLCcFAmkST0EACgkQvGw9w6Vr LCfGrg//dqKBlkH3hMRYq9xTwT3e/YguhO0BHk47Gh9XNM2OiCQEjuYA/x218n2+ y4CYrW0eI5o+vx+xoEDw6gnLT8t+yS8L0zaC4GXGXVpCsn0Vxpfuqj9wimzdJuCC S3FhAXtxIIVsXxRdSnfTcRXEyvLSu3BE8XuGZsHfTibbJ2FQQHZ0CckAr8NtQ2Ry t4gf/cy7aOdU2hmR0AxrVt6y2Wpprl/7nx8wha/w5kaT5Vj1dqN+TbDt/fs0ZhPK PvUjUHQqukSK/v4yWYiX8bTM7pnroXWrNP19Dv0u2R9T1PWsIcjr95u9oRRXJHFJ OYzPI6Jfu9rpdrBdqaeaB/W8m8RvG0unp+TfYlDRdxf9JNdnf4Tsnfg1Vc95jeN8 FQGTpQQCuCP5CIc6FqL6YbzTtN8lyMth1u+SroySVTl0euR1Wc3onVHcLzn5CqgD Rlt1Boy/jjfULlPPtLULW2MF7Rm5wL6pRy8XJbmaT5jt+m/bvlqYPiyQmffqzuEo xOt/nXJiZ4PdH5WPT01Wd3U00mTPdz1cPVhFBhRzPot0yLGUXoCCsiI0dsZsgWX/ NNXACUnNa0atFRZxUiSFG1wIz05dwZh4gtweHg8vZ7+tExnlGtSToTvu3hQbxWcr /UbHtVc8JN0ekMxwzxiZ0ruFJ8DqUapxAB/+ydeua8lObkAzdFg= =Mxa2 -----END PGP SIGNATURE-----