Register | Log in

lasso

Choose email to subscribe with

general

source: lasso (main)
version: 2.9.0-3
maintainer: Frederic Peters (DMD) (LowNMU)
arch: any
std-ver: 4.7.2
VCS: unknown

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 2.6.1-3
oldstable: 2.8.1-1
old-sec: 2.8.1-1+deb12u1
old-p-u: 2.8.1-1+deb12u1
stable: 2.8.2-9
stable-sec: 2.8.2-9+deb13u1
stable-p-u: 2.8.2-9+deb13u1
testing: 2.9.0-3
unstable: 2.9.0-3

versioned links

2.6.1-3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.8.1-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.8.1-1+deb12u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.8.2-9: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.8.2-9+deb13u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.9.0-3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

liblasso-perl
liblasso3-dev
liblasso3t64
python3-lasso

action needed

4 security issues in bullseye high

There are 4 open security issues in bullseye.

4 important issues:

CVE-2025-46404: A denial of service vulnerability exists in the lasso_provider_verify_saml_signature functionality of Entr'ouvert Lasso 2.5.1. A specially crafted SAML response can lead to a denial of service. An attacker can send a malformed SAML response to trigger this vulnerability.
CVE-2025-46705: A denial of service vulnerability exists in the g_assert_not_reached functionality of Entr'ouvert Lasso 2.5.1 and 2.8.2. A specially crafted SAML assertion response can lead to a denial of service. An attacker can send a malformed SAML response to trigger this vulnerability.
CVE-2025-46784: A denial of service vulnerability exists in the lasso_node_init_from_message_with_format functionality of Entr'ouvert Lasso 2.5.1. A specially crafted SAML response can lead to a memory depletion, resulting in denial of service. An attacker can send a malformed SAML response to trigger this vulnerability.
CVE-2025-47151: A type confusion vulnerability exists in the lasso_node_impl_init_from_xml functionality of Entr'ouvert Lasso 2.5.1 and 2.8.2. A specially crafted SAML response can lead to an arbitrary code execution. An attacker can send a malformed SAML response to trigger this vulnerability.

Created: 2025-11-06 Last update: 2025-11-15 21:00

Fails to build during reproducibility testing normal

A package building reproducibly enables third parties to verify that the source matches the distributed binaries. It has been identified that this source package produced different results, failed to build or had other issues in a test environment. Please read about how to improve the situation!

Created: 2025-11-18 Last update: 2025-11-22 13:31

news

[2025-11-19] Accepted lasso 2.8.1-1+deb12u1 (source) into oldstable-proposed-updates (Debian FTP Masters) (signed by: Salvatore Bonaccorso)
[2025-11-19] Accepted lasso 2.8.2-9+deb13u1 (source) into proposed-updates (Debian FTP Masters) (signed by: Salvatore Bonaccorso)
[2025-11-15] Accepted lasso 2.8.1-1+deb12u1 (source) into oldstable-security (Debian FTP Masters) (signed by: Salvatore Bonaccorso)
[2025-11-15] Accepted lasso 2.8.2-9+deb13u1 (source) into stable-security (Debian FTP Masters) (signed by: Salvatore Bonaccorso)
[2025-08-25] lasso 2.9.0-3 MIGRATED to testing (Debian testing watch)
[2025-08-23] Accepted lasso 2.9.0-3 (source) into unstable (Frederic Peters)
[2025-08-23] lasso 2.9.0-2 MIGRATED to testing (Debian testing watch)
[2025-08-15] Accepted lasso 2.9.0-2 (source) into unstable (Frederic Peters)
[2025-08-15] Accepted lasso 2.9.0-1 (source) into unstable (Frederic Peters)
[2025-04-15] lasso 2.8.2-9 MIGRATED to testing (Debian testing watch)
[2025-04-12] Accepted lasso 2.8.2-9 (source) into unstable (Frederic Peters)
[2025-02-20] lasso 2.8.2-8 MIGRATED to testing (Debian testing watch)
[2025-02-17] Accepted lasso 2.8.2-8 (source) into unstable (Frederic Peters)
[2025-01-11] lasso 2.8.2-7 MIGRATED to testing (Debian testing watch)
[2025-01-09] Accepted lasso 2.8.2-7 (source) into unstable (Frederic Peters)
[2024-12-10] lasso 2.8.2-6 MIGRATED to testing (Debian testing watch)
[2024-12-07] Accepted lasso 2.8.2-6 (source) into unstable (Frederic Peters)
[2024-09-08] lasso 2.8.2-5 MIGRATED to testing (Debian testing watch)
[2024-09-05] Accepted lasso 2.8.2-5 (source) into unstable (Frederic Peters)
[2024-08-31] lasso 2.8.2-4 MIGRATED to testing (Debian testing watch)
[2024-08-29] Accepted lasso 2.8.2-4 (source) into unstable (Frederic Peters)
[2024-07-07] lasso 2.8.2-3 MIGRATED to testing (Debian testing watch)
[2024-07-05] Accepted lasso 2.8.2-3 (source) into unstable (Frederic Peters)
[2024-05-03] lasso 2.8.2-2 MIGRATED to testing (Debian testing watch)
[2024-03-02] Accepted lasso 2.8.2-2 (source) into unstable (Frederic Peters)
[2024-02-28] Accepted lasso 2.8.2-1.1 (source) into unstable (Lukas Märdian)
[2024-02-01] Accepted lasso 2.8.2-1.1~exp1 (source) into experimental (Graham Inggs)
[2024-01-01] lasso 2.8.2-1 MIGRATED to testing (Debian testing watch)
[2023-12-30] Accepted lasso 2.8.2-1 (source amd64) into unstable (Frederic Peters)
[2023-12-30] Accepted lasso 2.8.1-4 (source) into unstable (Frederic Peters)

1
2

bugs [bug history graph]

all: 0

links

homepage
lintian
buildd: logs, reproducibility, cross
popcon
browse source code
edit tags
other distros
security tracker
debian patches
debci

ubuntu

[Information about Ubuntu for Debian Developers]

version: 2.9.0-3
1 bug

Debian Package Tracker — Copyright 2013-2025 The Distro Tracker Developers

Report problems to the tracker.debian.org pseudo-package in the Debian BTS.

Documentation — Bugs — Git Repository — Contributing