-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 06 Dec 2025 14:23:17 +0100 Source: lasso Architecture: source Version: 2.6.1-3+deb11u1 Distribution: bullseye-security Urgency: high Maintainer: Frederic Peters <[email protected]> Changed-By: Sylvain Beucler <[email protected]> Changes: lasso (2.6.1-3+deb11u1) bullseye-security; urgency=high . * Non-maintainer upload by the LTS Security Team. * CVE-2025-46404: A denial of service vulnerability exists in the lasso_provider_verify_saml_signature functionality. A specially crafted SAML response can lead to a denial of service. * CVE-2025-46705: A denial of service vulnerability exists in the g_assert_not_reached functionality. A specially crafted SAML assertion response can lead to a denial of service. * CVE-2025-46784: A denial of service vulnerability exists in the lasso_node_init_from_messagee_with_format functionality. A specially crafted SAML response can lead to a memory depletion, resulting in denial of service. * CVE-2025-47151: A type confusion vulnerability exists in the lasso_node_impl_init_from_xml functionality. A specially crafted SAML response can lead to an arbitrary code execution. (RCE) * Run full test suite on build. * Setup Salsa CI. * Setup git-buildpackage. * Import autopkgtest configuration from sid. * Fix lasso_log@Base symbol version. * Fix Standards-Version 4.4 -> 4.4.0 to avoid a Lintian hard error. Checksums-Sha1: e72482a28e2406bc7082a8745771dd254c48ddec 2172 lasso_2.6.1-3+deb11u1.dsc 0ab89b159d52cd503182cbbeff0327c80e3ed93d 4514418 lasso_2.6.1.orig.tar.gz 18be864f15c0e97034d95d8afac73b4df81fa5ae 22264 lasso_2.6.1-3+deb11u1.debian.tar.xz 0fe3e64201d6d2b2f2544de8a3728cd206ab8096 9303 lasso_2.6.1-3+deb11u1_source.buildinfo Checksums-Sha256: 8f2c86337c02b6d43885e68dd632f1ee7fd99e1e7192553c7889aa38eb0aa5f4 2172 lasso_2.6.1-3+deb11u1.dsc f8a8dbce238802f6bb9c3b8bd528b4dce2a1dc44e2d34d8d839aa54fbc8ed1de 4514418 lasso_2.6.1.orig.tar.gz 03e09af884ba4bcf5d5fd4a70a7e98648315041c2c8b4b018cb6061a875a8696 22264 lasso_2.6.1-3+deb11u1.debian.tar.xz 2c0e21728177d3ffca9e3f38e0da4cc4bd319f14764cd332f3f014b266d4976e 9303 lasso_2.6.1-3+deb11u1_source.buildinfo Files: d837a9a07c7076440d4a34849d90ebf4 2172 libs optional lasso_2.6.1-3+deb11u1.dsc c9554fb61179d52d38fd0497fec0c37b 4514418 libs optional lasso_2.6.1.orig.tar.gz 3269bb2cc0c842249eb156572e1d7892 22264 libs optional lasso_2.6.1-3+deb11u1.debian.tar.xz 049ce54fcb80564a282c3b9e5052ec36 9303 libs optional lasso_2.6.1-3+deb11u1_source.buildinfo
-----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE1vEOfV7HXWKqBieIDTl9HeUlXjAFAmk2qnMACgkQDTl9HeUl XjCmvBAAwOZe+ogMv7+yRT7UbiJ3bdexwfB5nPjZDK7OD1sEOvJiwUo9rvSY/3y9 IK4ngFjkTilZPxxq7COWJFUTy4QFmrqv0MHa+GZbZiKRY4eqQrigDf7I5bpVR5Rx 0r0050qZLgr5UoG+Iv+u6z+lB14jSd5yYdMOMmMs+7lqybuqUw58e/zEGbwyr/Js MVGApLDJzRSTyO4EwPvDBEwtQCQiFrmx+V7ucICresALnSLjMGJeOJKI/hDyZNNp RO1BsWPr1LuEz0dhxKzxk5zB1zkM9iC3OOAMrchIczMzunF/440zyUiyVeRxaszQ eGi7304LW7kaDTdZIVRAC/FQVYKKGUlJmhPnXuctly8t8QbyrxZCzaMmkvhhSYqG J39nz2o6esDT3DDGAVGn3Lbl71Unn8jmSp3K0OhsRZkkwCgVr0kSrHLLge4TQFDq 4K9OcC5rSGY7I9JSute2uISdNneBI/OsCjzkOsN6FTiVXU6SLXth26uHc/Qe0AmN eTp5tSZyDKbOFx7kSGqPx+xoq9Lj9/SevptWYZOcaUpPFIET7sCAmU9A6A301fcg r4GqCZHKgUHPH/fHGHfS7RleRRz23vTYeaxBrtZ/pY7rbcBKtA5hWNzgDdWWje3Y +VdhpU+8YJFCs1KZS9wQCyouxFsMCtdkGONP+4JP7k6MbFleCQI= =LTfb -----END PGP SIGNATURE-----
pgpSzx3ZKlwqR.pgp
Description: PGP signature
