Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <dispatch@tracker.debian.org> , <debian-lts-changes@lists.debian.org>
Subject: Accepted lasso 2.6.1-3+deb11u1 (source) into oldoldstable-security
Date: Mon, 08 Dec 2025 11:30:21 +0000
Signed by: Sylvain Beucler <beuc@beuc.net>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 06 Dec 2025 14:23:17 +0100
Source: lasso
Architecture: source
Version: 2.6.1-3+deb11u1
Distribution: bullseye-security
Urgency: high
Maintainer: Frederic Peters <fpeters@debian.org>
Changed-By: Sylvain Beucler <beuc@debian.org>
Changes:
 lasso (2.6.1-3+deb11u1) bullseye-security; urgency=high
 .
   * Non-maintainer upload by the LTS Security Team.
   * CVE-2025-46404: A denial of service vulnerability exists in the
     lasso_provider_verify_saml_signature functionality. A specially
     crafted SAML response can lead to a denial of service.
   * CVE-2025-46705: A denial of service vulnerability exists in the
     g_assert_not_reached functionality. A specially crafted SAML assertion
     response can lead to a denial of service.
   * CVE-2025-46784: A denial of service vulnerability exists in the
     lasso_node_init_from_messagee_with_format functionality. A specially
     crafted SAML response can lead to a memory depletion, resulting in
     denial of service.
   * CVE-2025-47151: A type confusion vulnerability exists in the
     lasso_node_impl_init_from_xml functionality. A specially crafted SAML
     response can lead to an arbitrary code execution. (RCE)
   * Run full test suite on build.
   * Setup Salsa CI.
   * Setup git-buildpackage.
   * Import autopkgtest configuration from sid.
   * Fix lasso_log@Base symbol version.
   * Fix Standards-Version 4.4 -> 4.4.0 to avoid a Lintian hard error.
Checksums-Sha1:
 e72482a28e2406bc7082a8745771dd254c48ddec 2172 lasso_2.6.1-3+deb11u1.dsc
 0ab89b159d52cd503182cbbeff0327c80e3ed93d 4514418 lasso_2.6.1.orig.tar.gz
 18be864f15c0e97034d95d8afac73b4df81fa5ae 22264 lasso_2.6.1-3+deb11u1.debian.tar.xz
 0fe3e64201d6d2b2f2544de8a3728cd206ab8096 9303 lasso_2.6.1-3+deb11u1_source.buildinfo
Checksums-Sha256:
 8f2c86337c02b6d43885e68dd632f1ee7fd99e1e7192553c7889aa38eb0aa5f4 2172 lasso_2.6.1-3+deb11u1.dsc
 f8a8dbce238802f6bb9c3b8bd528b4dce2a1dc44e2d34d8d839aa54fbc8ed1de 4514418 lasso_2.6.1.orig.tar.gz
 03e09af884ba4bcf5d5fd4a70a7e98648315041c2c8b4b018cb6061a875a8696 22264 lasso_2.6.1-3+deb11u1.debian.tar.xz
 2c0e21728177d3ffca9e3f38e0da4cc4bd319f14764cd332f3f014b266d4976e 9303 lasso_2.6.1-3+deb11u1_source.buildinfo
Files:
 d837a9a07c7076440d4a34849d90ebf4 2172 libs optional lasso_2.6.1-3+deb11u1.dsc
 c9554fb61179d52d38fd0497fec0c37b 4514418 libs optional lasso_2.6.1.orig.tar.gz
 3269bb2cc0c842249eb156572e1d7892 22264 libs optional lasso_2.6.1-3+deb11u1.debian.tar.xz
 049ce54fcb80564a282c3b9e5052ec36 9303 libs optional lasso_2.6.1-3+deb11u1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE1vEOfV7HXWKqBieIDTl9HeUlXjAFAmk2qnMACgkQDTl9HeUl
XjCmvBAAwOZe+ogMv7+yRT7UbiJ3bdexwfB5nPjZDK7OD1sEOvJiwUo9rvSY/3y9
IK4ngFjkTilZPxxq7COWJFUTy4QFmrqv0MHa+GZbZiKRY4eqQrigDf7I5bpVR5Rx
0r0050qZLgr5UoG+Iv+u6z+lB14jSd5yYdMOMmMs+7lqybuqUw58e/zEGbwyr/Js
MVGApLDJzRSTyO4EwPvDBEwtQCQiFrmx+V7ucICresALnSLjMGJeOJKI/hDyZNNp
RO1BsWPr1LuEz0dhxKzxk5zB1zkM9iC3OOAMrchIczMzunF/440zyUiyVeRxaszQ
eGi7304LW7kaDTdZIVRAC/FQVYKKGUlJmhPnXuctly8t8QbyrxZCzaMmkvhhSYqG
J39nz2o6esDT3DDGAVGn3Lbl71Unn8jmSp3K0OhsRZkkwCgVr0kSrHLLge4TQFDq
4K9OcC5rSGY7I9JSute2uISdNneBI/OsCjzkOsN6FTiVXU6SLXth26uHc/Qe0AmN
eTp5tSZyDKbOFx7kSGqPx+xoq9Lj9/SevptWYZOcaUpPFIET7sCAmU9A6A301fcg
r4GqCZHKgUHPH/fHGHfS7RleRRz23vTYeaxBrtZ/pY7rbcBKtA5hWNzgDdWWje3Y
+VdhpU+8YJFCs1KZS9wQCyouxFsMCtdkGONP+4JP7k6MbFleCQI=
=LTfb
-----END PGP SIGNATURE-----
News for package lasso
