From b0b8993d2e13ed24671c2b4e886700c4bfce3aa2 Mon Sep 17 00:00:00 2001
From: Paragon Initiative Enterprises <security@paragonie.com>
Date: Tue, 30 Dec 2025 13:29:18 -0500
Subject: [PATCH 1/2] Add sodium_compat < 1.25, 2.5

---
 paragonie/sodium_compat/2025-12-30.yaml | 11 +++++++++++
 1 file changed, 11 insertions(+)
 create mode 100644 paragonie/sodium_compat/2025-12-30.yaml

diff --git a/paragonie/sodium_compat/2025-12-30.yaml b/paragonie/sodium_compat/2025-12-30.yaml
new file mode 100644
index 000000000..70812459b
--- /dev/null
+++ b/paragonie/sodium_compat/2025-12-30.yaml
@@ -0,0 +1,11 @@
+title:     Missing check that a point is on the prime subgroup for Edwards25519
+link:      https://00f.net/2025/12/30/libsodium-vulnerability
+cve:       ~
+branches:
+    master:
+        time:     2025-12-30 00:00:00
+        versions: ['>=2', '<2.5.0']
+    1.x:
+        time:     2025-12-30 00:00:00
+        versions: ['<1.25.0']
+reference: composer://paragonie/sodium_compat

From 5b0e2f7ecdba7102b4bc447ca3f27fb32b1f5315 Mon Sep 17 00:00:00 2001
From: Paragon Initiative Enterprises <security@paragonie.com>
Date: Tue, 30 Dec 2025 13:32:51 -0500
Subject: [PATCH 2/2] Fix version number

---
 paragonie/sodium_compat/2025-12-30.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/paragonie/sodium_compat/2025-12-30.yaml b/paragonie/sodium_compat/2025-12-30.yaml
index 70812459b..faa4f6f60 100644
--- a/paragonie/sodium_compat/2025-12-30.yaml
+++ b/paragonie/sodium_compat/2025-12-30.yaml
@@ -7,5 +7,5 @@ branches:
         versions: ['>=2', '<2.5.0']
     1.x:
         time:     2025-12-30 00:00:00
-        versions: ['<1.25.0']
+        versions: ['<1.24.0']
 reference: composer://paragonie/sodium_compat