Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <debian-lts-changes@lists.debian.org> , <dispatch@tracker.debian.org>
Subject: Accepted ruby-saml 1.11.0-1+deb11u2 (source) into oldstable-security
Date: Fri, 04 Apr 2025 23:00:19 +0000
Signed by: Daniel Leidert <dleidert@debian.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 05 Apr 2025 00:37:32 +0200
Source: ruby-saml
Architecture: source
Version: 1.11.0-1+deb11u2
Distribution: bullseye-security
Urgency: medium
Maintainer: Debian Ruby Extras Maintainers <pkg-ruby-extras-maintainers@lists.alioth.debian.org>
Changed-By: Daniel Leidert <dleidert@debian.org>
Closes: 1100441
Changes:
 ruby-saml (1.11.0-1+deb11u2) bullseye-security; urgency=medium
 .
   * Non-maintainer upload by the Debian LTS Team.
   * d/patches/CVE-2025-25291-and-CVE-2025-25292.patch. Add patch to fix
     CVE-2025-25291 and CVE-2025-25292 (closes: #1100441).
     - Fix an authentication bypass vulnerability.
   * d/patches/CVE-2025-25293-1.patch, d/patches/CVE-2025-25293-2.patch: Add
     patches to fix CVE-2025-25293.
     - Minimize a Zlib deflate decompression bomb.
     - Fix a remote Denial of Service (DoS) caused by compressed SAML
       responses.
Checksums-Sha1:
 55b33832193d49ac90f7fc7aac3163bcf7e90bbf 2114 ruby-saml_1.11.0-1+deb11u2.dsc
 c6226ccc9e9985450e409269d609ce8379ce1fe3 14896 ruby-saml_1.11.0-1+deb11u2.debian.tar.xz
 f3d7baefd594aebf923a837aa45f748c0b9e5c1c 9899 ruby-saml_1.11.0-1+deb11u2_amd64.buildinfo
Checksums-Sha256:
 fa47a88085771279a2ed0a3a22e1e0845c2230d0681ba1944330169d72583846 2114 ruby-saml_1.11.0-1+deb11u2.dsc
 8cef2d99538a4c9d7e2c415aaeae5c47609126f5becd6c457aa3f8b56c22a92f 14896 ruby-saml_1.11.0-1+deb11u2.debian.tar.xz
 5bf8817da8b3fee2659c907041d903986ed3d12650773e520f2f73011165d5ab 9899 ruby-saml_1.11.0-1+deb11u2_amd64.buildinfo
Files:
 8d6cb6d2446516e6a497d31021f1ef15 2114 ruby optional ruby-saml_1.11.0-1+deb11u2.dsc
 0f68aaac27077aa6be8d95bc650086b5 14896 ruby optional ruby-saml_1.11.0-1+deb11u2.debian.tar.xz
 9ec2fe10c788431d72622e161969c9a0 9899 ruby optional ruby-saml_1.11.0-1+deb11u2_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEvu1N7VVEpMA+KD3HS80FZ8KW0F0FAmfwYT8ACgkQS80FZ8KW
0F31DhAAuudi34MCZdqHn+Wrdhwj0hONTHWhkz+n+6yQ7x555CmRTBeV0+WjmXUL
roAXJB7VdVdvwT70uhqUpwXFXIjxQSsFuQ+3cpJXDXPGq5jl9C7zNZkmAYOPKiw1
u85ig1onRpaKNkNcRnCYTrM707DYmMoaunQijUsv2oYlzE5jmq97Dn54iIDTbwac
9J1FtkkGLDj9n9ZxVH24D6HYQ0VQIogloWH6l8H0OaU3APOotW+rwj3NDSx4u63z
fiiqCF3y+ct6W4uOjjKfIax8yxV65B52ychFF7X8CmQLg8UK96M1TFikZNcB50zw
a8DS1mlL1/k4UKerizgsBKh18lnwsc/4xsRzoI8bIDf36Rf79P8X2qa0GdRRYW7t
FVeac5whWt/BoheK+b4GW9q9wcdUqg3CrI42MqpRLgjgiPvId0zwRAh9/dRGfTsk
aPeULLFCeELnw9m6q22VyaqLMT7F/c6hgIXqpECI96gmvAEHvJWcE9eNBa6h1qg6
65HD1OSdQ7c8/fmit/43ZQFYXAji0bCw0NJhXkc8wSL1m3yAE97dYiZgXfaanB9v
P2xM7OU3rUAPWmtUIUAo8vzASsARtvw8wCzTgisHoxdpYALUyS30f7oG4rXmLElp
GOSmP/KtRUmexcSvBskk0XKduKBblTwY8nR5uThGWLRDE9QvAwQ=
=W5I2
-----END PGP SIGNATURE-----

News for package ruby-saml