[ubuntu/noble-updates] lasso 2.8.2-2ubuntu0.1 (Accepted)
Ubuntu Archive Robot
ubuntu-archive-robot at lists.canonical.com
Tue Nov 18 17:28:26 UTC 2025
lasso (2.8.2-2ubuntu0.1) noble-security; urgency=medium
* SECURITY UPDATE: DoS in lasso_provider_verify_saml_signature
- debian/patches/CVE-2025-46404.patch: check xmlSecGetNodeNsHref for
possible NULL result in lasso/id-ff/provider.c.
- CVE-2025-46404
* SECURITY UPDATE: DoS in g_assert_not_reached
- debian/patches/CVE-2025-46705-pre1.patch: test that inserted comment
do not change node value in bindings/python/tests/profiles_tests.py,
lasso/xml/xml.c.
- debian/patches/CVE-2025-46705.patch: do not terminate on an unknown
XML node type in lasso/xml/xml.c.
- CVE-2025-46705
* SECURITY UPDATE: type confusion issue in lasso_node_impl_init_from_xml
- debian/patches/CVE-2025-47151.patch: prevent assignment of attribute
value inside any attribute in lasso/xml/misc_text_node.c,
lasso/xml/saml-2.0/saml2_attribute_value.c, lasso/xml/xml.c.
- CVE-2025-47151
Date: 2025-11-17 14:55:12.172194+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
https://launchpad.net/ubuntu/+source/lasso/2.8.2-2ubuntu0.1
-------------- next part --------------
Sorry, changesfile not available.
More information about the noble-changes
mailing list