-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4397-1 [email protected] https://www.debian.org/lts/security/ Sylvain Beucler December 08, 2025 https://wiki.debian.org/LTS - -------------------------------------------------------------------------
Package : lasso Version : 2.6.1-3+deb11u1 CVE ID : CVE-2025-46404 CVE-2025-46705 CVE-2025-46784 CVE-2025-47151 Keane O'Kelley discovered several vulnerabilities in lasso, a library implementing Liberty Alliance and SAML protocols, which could result in denial of service or the execution of arbitrary code. For Debian 11 bullseye, these problems have been fixed in version 2.6.1-3+deb11u1. We recommend that you upgrade your lasso packages. For the detailed security status of lasso please refer to its security tracker page at: https://security-tracker.debian.org/tracker/lasso Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE1vEOfV7HXWKqBieIDTl9HeUlXjAFAmk2rQQACgkQDTl9HeUl XjDmig/7Bv+SE+Eh+fTFlPnWPThifIiNuABSSYVRWVZtMhXhVearGOZ5t4fGw6sp N4SkkWPSG0Wvi6up2GS6UBPt0vmymP750TTD1eCrS/B6Kbawwag6QtZfIyHKgNyi 2FGRYqP93jMvyXp3sgFJqbRaHUTB6nNjiYe+/yLy2oB3zt44cl3Y6QWMbxRe/iRa nMSlSDY3fKfcU/dtQbx/D2Z2XSnI9wnDT6kE+AdgLQKFX88l2DCVm4beoQvFT9md SgGUaeF1Zb7D7PICRx6aqTu2dD5Cv9fFk0kSUWt5bGJ0BqDqfCNGzWKWw4Kg+ZSk TC95G7r3O+OTPbbZCWqxqFylKtKnBN7D0ApmH3lnZ62+qsk6YJJzvUMAFC0aaDUc LASG2ytk2ZqSogDF7+WYKf/IvIna2QyW8iy+FvwTiwdx9IT6WkcQDmlMcO/JARxc uPwMtxdUueRJfrpq75WFXrzvnCQYHHAAl/Url8WgUbzmpDEp8J7MAanZ1KkGvymS HGk0BD7+zKaUAcTR9Hlti2GxTVNyt+cRsVX6V43OygQp6ruqq5W0GTwMxD63UONH c/dHE+FRLuORnGYQFUM8qQp3/KTALaKOb2c4YKn3lbEMEQfqH9WmyhWLdEfalHis +kwS/j+wo38a8+v39950/QvujqeMT8hbS6WO44oBdu6yZfv5YmA= =xMow -----END PGP SIGNATURE-----
