-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 07 Nov 2025 21:51:12 +0100
Source: lasso
Architecture: source
Version: 2.8.1-1+deb12u1
Distribution: bookworm-security
Urgency: high
Maintainer: Frederic Peters <fpeters@debian.org>
Changed-By: Salvatore Bonaccorso <carnil@debian.org>
Changes:
 lasso (2.8.1-1+deb12u1) bookworm-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * tests: test that inserted comment do not change node value and still
     validate signature
   * xml: prevent assignment of attribute value inside any attribute
     (CVE-2025-47151)
   * misc: check xmlSecGetNodeNsHref for possible NULL result (CVE-2025-46404)
   * xml: do not terminate on an unknown XML node type (CVE-2025-46705)
Checksums-Sha1:
 3cef2b4846bf409f9147d070252628514ef79e1c 2281 lasso_2.8.1-1+deb12u1.dsc
 d6c130ff3947046a1eef10c1f275e0ffc9122322 4022868 lasso_2.8.1.orig.tar.gz
 b3c1772d35f4ab008a746c7895b8134b5a908bfb 14836 lasso_2.8.1-1+deb12u1.debian.tar.xz
 9f944df5bf54247742b6ad7f4208ca4e5b7ddbd0 6645 lasso_2.8.1-1+deb12u1_source.buildinfo
Checksums-Sha256:
 a3f8fc9d8ff8db60629a8520822713269ee8c84b847abf871284cf9f1242af85 2281 lasso_2.8.1-1+deb12u1.dsc
 b7d0c98f6c6614faeeb292a18f2d836c0bc378d59a5d7481e810bb6c69ec9ddf 4022868 lasso_2.8.1.orig.tar.gz
 415dcbaf3ef6d0212a4cc0ec26c4d57c0679f46b91c6e7c416d49aaafcc21b7f 14836 lasso_2.8.1-1+deb12u1.debian.tar.xz
 0b8d595cd7a66b3a9250e6f46330cf36cddf1dc1a680f084aa8e28c9c4d9c57b 6645 lasso_2.8.1-1+deb12u1_source.buildinfo
Files:
 66c97c2c5bfca3785597b2dbccaf84a6 2281 libs optional lasso_2.8.1-1+deb12u1.dsc
 ecc5c663753477f52bdc27e14588e571 4022868 libs optional lasso_2.8.1.orig.tar.gz
 123abd1731363d332c76aa87225a1e14 14836 libs optional lasso_2.8.1-1+deb12u1.debian.tar.xz
 6af9f1620d3ea4b81c4737cafd5281d4 6645 libs optional lasso_2.8.1-1+deb12u1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmkSRtJfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89E/1EQAKLV9niSmMukkWiujfp7zyJVKMz9nnV4
nGVY+384/LRBp5xPVGpdOJjiilwd2FrjR30Re9wkYncZFZjadthH8skJQ6ZYYSO/
1rY4rELMUxLtOK1tp4J089w2gyOWjvOuG+XCQtzTkejMkO64hTzn/6HH2soAIAue
ievv8bnVIouRwiQ1LdKlOJMKMN/AWN1VRzZE3um/K9M4wBI+cdTguekepNEEQOwn
owGSiv2Vx+ilnz57G6qbYNYlXL4SabyA3DpdH0uiKwTckKVi83zDiUTnsv4KM4hH
6rK7uAyYma27EW/moBrWDswYzF5KSa/0JN9cyGqX0SbM3GgQyCHNs9qHb1BpNAzl
1uMVApv6KK/XGDgUdacDDzd/XPtTEMSrE6Yxy3yq8jW7WXupbjGfgw7KFDgzIfrR
2NP7mZRrhk19CwRWghx6RrKiMhOKTYacVbKCZXfIOyJKS4mUtD2mie4YcgQtSxy2
lUOZlM1ffbg/VzotlDZgbklItob+wbKUDkUFtvhx0ZsCDK3fZr2jfMBcuQXVhztH
p3whsZneS7308227AzFdj72hCKrrAENJ0RE6xGhDuypXkUg+1LXg47PKKX82QeCF
tezny3SSUpetL6tnQHAH0cIEnhVkAwj6E6xbGArfzoeDq3y8I2DYuUcSUwMpqSPD
8nn6jHZ5hOp9
=3jsR
-----END PGP SIGNATURE-----