-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 07 Nov 2025 21:51:12 +0100 Source: lasso Binary: liblasso-perl liblasso-perl-dbgsym liblasso3 liblasso3-dbgsym liblasso3-dev python3-lasso python3-lasso-dbgsym Architecture: ppc64el Version: 2.8.1-1+deb12u1 Distribution: bookworm-security Urgency: high Maintainer: ppc64el Build Daemon (ppc64el-conova-01) Changed-By: Salvatore Bonaccorso Description: liblasso-perl - Library for Liberty Alliance and SAML protocols - Perl bindings liblasso3 - Library for Liberty Alliance and SAML protocols - runtime library liblasso3-dev - Library for Liberty Alliance and SAML protocols - development kit python3-lasso - Library for Liberty Alliance and SAML protocols - Python bindings Changes: lasso (2.8.1-1+deb12u1) bookworm-security; urgency=high . * Non-maintainer upload by the Security Team. * tests: test that inserted comment do not change node value and still validate signature * xml: prevent assignment of attribute value inside any attribute (CVE-2025-47151) * misc: check xmlSecGetNodeNsHref for possible NULL result (CVE-2025-46404) * xml: do not terminate on an unknown XML node type (CVE-2025-46705) Checksums-Sha1: 1f4775e184a811e9722286ee536e47de8bdf8256 11118 lasso_2.8.1-1+deb12u1_ppc64el-buildd.buildinfo 5b83fbc5efb6705a797fb1a11a3d21b626be7b82 168592 liblasso-perl-dbgsym_2.8.1-1+deb12u1_ppc64el.deb ac6a93e599a57e9b80abe983f76f0b5446654b07 742304 liblasso-perl_2.8.1-1+deb12u1_ppc64el.deb 71eb6214437dc2bab9555088cc031705a0254e2a 810836 liblasso3-dbgsym_2.8.1-1+deb12u1_ppc64el.deb 2596c73bc8f8e6cf93ff6275030492e5646550a9 892324 liblasso3-dev_2.8.1-1+deb12u1_ppc64el.deb 84c7393ea5cdb2e22244ad7c14ad6e7e9502ac3a 805864 liblasso3_2.8.1-1+deb12u1_ppc64el.deb 438ae6a358da9bd4660ece0b268d1f6f2f1a22ae 350408 python3-lasso-dbgsym_2.8.1-1+deb12u1_ppc64el.deb 64f91f198dd28b8e0b2f25cdf6863f99f94e10ce 738536 python3-lasso_2.8.1-1+deb12u1_ppc64el.deb Checksums-Sha256: 627257a2a22211736a8fd8904f30091d462f803a6e0b4a0f5320c0bc26d89544 11118 lasso_2.8.1-1+deb12u1_ppc64el-buildd.buildinfo 7b76a1aa6f4329999e260d5be3d4af75cf171372919b49cf41210955bb804e06 168592 liblasso-perl-dbgsym_2.8.1-1+deb12u1_ppc64el.deb 5ea8f8eff2396672fb4933b1f42bd5843cc43770175c6aefde71dea57acb9041 742304 liblasso-perl_2.8.1-1+deb12u1_ppc64el.deb 4a98c12aa9d3c317c1cdea158c6a5d37000935d3a3bde9bc7594c8b5bc18dff8 810836 liblasso3-dbgsym_2.8.1-1+deb12u1_ppc64el.deb a59f4ff1bfd990b3bcb24cf66166d1f6a64fe0385b77517f70cb96ee887e09a7 892324 liblasso3-dev_2.8.1-1+deb12u1_ppc64el.deb 1b027c04e5bec7d6632b7218eaed501a7cd77d067a346c2f0c8211910931a5a1 805864 liblasso3_2.8.1-1+deb12u1_ppc64el.deb 2854a9e93828199b466e52f4d56b24ba2ce8470e5a9e9ed66aeef21d6f90bfaf 350408 python3-lasso-dbgsym_2.8.1-1+deb12u1_ppc64el.deb b07240803a5fb8f79b4a3bc6c49ebd07cee405c4c2f869bea91ab6a7c2a03cbe 738536 python3-lasso_2.8.1-1+deb12u1_ppc64el.deb Files: 8c39143c39513e89527efce6e415d104 11118 libs optional lasso_2.8.1-1+deb12u1_ppc64el-buildd.buildinfo 1a93e01183d850e355d16f35cea40bf5 168592 debug optional liblasso-perl-dbgsym_2.8.1-1+deb12u1_ppc64el.deb 6591e134661a47b1f4af7c581cafc5bb 742304 perl optional liblasso-perl_2.8.1-1+deb12u1_ppc64el.deb 9b6373687a31dc3e774a9283894ca428 810836 debug optional liblasso3-dbgsym_2.8.1-1+deb12u1_ppc64el.deb 3f7e2ecbfd64fd731fdc9852fad2a87d 892324 libdevel optional liblasso3-dev_2.8.1-1+deb12u1_ppc64el.deb 0bd06f45729be5a15e07049d00384524 805864 libs optional liblasso3_2.8.1-1+deb12u1_ppc64el.deb 9366e065e969ed7ee5a7e90196ed9375 350408 debug optional python3-lasso-dbgsym_2.8.1-1+deb12u1_ppc64el.deb 27d093396bb4a9298959025b61cf0757 738536 python optional python3-lasso_2.8.1-1+deb12u1_ppc64el.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEvNkWZvjZkiWgJGRETMSrGPLkYxUFAmkSTyEACgkQTMSrGPLk YxWsehAArXlvoVV/W71FeqI8oaXKjgIDMnTJm0zuDF4ulIOHenErIDKXLUN4nZGM e0byLbWs1aXrptJt1RzZLQzVugBqtJR5aJDPnlna3962YJeEHdCQod5vRy7Q8eEs 9BJS6D3p2KwhATmA9yBNJ6IX8dOAWlkqkTJZrjEWFOSlkA4tqlioCqD0S15WIznm eqhAD7NQwpZUSqXWRydgPkoHH7AfLK5EAd8LWc4JcCbAjRK3juD/OnuzzspekrCD 8pPZSPNPnqUwLAkXH5/1aFQHfHOXzwWaAX0HivFrCJjqK16byofatosSV+faqx58 jSt5A+7KF0jeQ1NPcKrMfLh8+ciKafMjsPYFmBtWYqahguVE0gwSoztPrWhH7tDN UMnYpV0FlyGUJrRYa229XU51la34feweztqwwFaJ9S/i3mbIonNFYRDpFueiOm5G nvA5rccWbu1lwXI5rOw2c/VygTIC4AaYhIqp0XUkEhWZgZR/wxUUSsSxuwvZfime u4HFmr4zmmfIVdQey00CCALtCylTy97rOlxO4EUEA49t1Ef1YomQwYb2+jnCO2ey X1NMeH5LDgS7upUTK3VwFAwC8jY88OvoJn3m/ajFg0B/Odng9+yJkRtle1qPYi6r 5tzrDCSgSJCh2iR3IhOkPaV1fhIlEom64ktxygeqvIZdX4rHLwA= =r2Vu -----END PGP SIGNATURE-----