-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-6058-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso November 15, 2025 https://www.debian.org/security/faq - -------------------------------------------------------------------------
Package : lasso CVE ID : CVE-2025-46404 CVE-2025-46705 CVE-2025-47151 Keane O'Kelley discovered several vulnerabilities in lasso, a library implementing Liberty Alliance and SAML protocols, which could result in denial of service or the execution of arbitrary code. For the oldstable distribution (bookworm), these problems have been fixed in version 2.8.1-1+deb12u1. For the stable distribution (trixie), these problems have been fixed in version 2.8.2-9+deb13u1. We recommend that you upgrade your lasso packages. For the detailed security status of lasso please refer to its security tracker page at: https://security-tracker.debian.org/tracker/lasso Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: [email protected] -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmkY2NxfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0R3ig//bjZORbTs9wSNMtR/W5exs8Frv4PC9RBNeEugybA+bqf+OqShdR8PcXo8 Om2F01jC3Vi9hgSrU2FJZghDrLMJSNiCLLKXjHtW90TdklAXkBSRAcG5okb/W+QT 3glW5jhp9R/nv60wlP18nzOYKFVewQriJiDISN1bXbFy00bfFAIwX8ERMKxziqd3 6LsJtATtxicdUiSSvQhHXLXcC4kFVg/FOvErFmsQOgYhf/T2glp/k1oVdHkSczKP 5mZDSSAnelzF/tRduNRy6HuZnXMqkUFx8Lslpxnbxp0bpqX7hqPXRKhWKKcoUPip GzubSVqt6YA4v4oTEZEYkWiol48jR64QPZnYaXb7dbnsZO7w0vHEnp4LOHeFO2Ge nNTDT3bh74Qqiz+dCiVMKW8zZ0Xq3HYup5UzuE5ZeQmfP3QcA/Tj3fnxV1/i3NJM UazrJDZpJ4dwYBM1DLbb3l/uJ6kJGT5nxdj0hVtF+GVwIgMa+qu7Gi1BO/ZqvD5W ZwArn1dAHDOTHd8sd+Tzpxw6mkufqYpylHHKkIueQKXAJ7UCu5sbUF2foU6f+pRz zZnLLfc0gieHyXmNgn3TSEwgugWpCJjxWbPskw9wcay8hyIhJ6CfA6feceUUP/hw eAXHKVYtHiQrJZVAdAy5vz9JvXmMn6BI8L3OkP+1kVcaOAgsOyY= =dlwI -----END PGP SIGNATURE-----
