[ubuntu/plucky-security] lasso 2.8.2-8ubuntu0.1 (Accepted)
Marc Deslauriers
marc.deslauriers at canonical.com
Tue Nov 18 14:51:19 UTC 2025
lasso (2.8.2-8ubuntu0.1) plucky-security; urgency=medium
* SECURITY UPDATE: DoS in lasso_provider_verify_saml_signature
- debian/patches/CVE-2025-46404.patch: check xmlSecGetNodeNsHref for
possible NULL result in lasso/id-ff/provider.c.
- CVE-2025-46404
* SECURITY UPDATE: DoS in g_assert_not_reached
- debian/patches/CVE-2025-46705-pre1.patch: test that inserted comment
do not change node value in bindings/python/tests/profiles_tests.py,
lasso/xml/xml.c.
- debian/patches/CVE-2025-46705.patch: do not terminate on an unknown
XML node type in lasso/xml/xml.c.
- CVE-2025-46705
* SECURITY UPDATE: type confusion issue in lasso_node_impl_init_from_xml
- debian/patches/CVE-2025-47151.patch: prevent assignment of attribute
value inside any attribute in lasso/xml/misc_text_node.c,
lasso/xml/saml-2.0/saml2_attribute_value.c, lasso/xml/xml.c.
- CVE-2025-47151
Date: 2025-11-17 14:10:12.981328+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/+source/lasso/2.8.2-8ubuntu0.1
-------------- next part --------------
Sorry, changesfile not available.
More information about the plucky-changes
mailing list