[ubuntu/artful-proposed] pyjwt 1.4.2-1ubuntu1 (Accepted)
Leonidas S. Barbosa
leo.barbosa at canonical.com
Wed Aug 30 18:37:13 UTC 2017
pyjwt (1.4.2-1ubuntu1) artful; urgency=medium
* SECURITY UPDATE: symmetric/asymmetric key confusion attacks
- debian/patches/CVE-2017-11424.patch: Throw if key is an PKCS1
PEM-encoded public key in jwt/algorithms.py, jwt/api_jws.py,
jwt/api_jwt.py, tests/keys/testkey_pkcs1.pub.pem,
tests/test_algorithms.py, tests/test_api_jws.py, tests/test_api_jwt.py.
- CVE-2017-11424
Date: Mon, 28 Aug 2017 15:39:22 -0300
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Signed-By: Jamie Strandboge <jamie at ubuntu.com>
https://launchpad.net/ubuntu/+source/pyjwt/1.4.2-1ubuntu1
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Mon, 28 Aug 2017 15:39:22 -0300
Source: pyjwt
Binary: python-jwt python3-jwt
Architecture: source
Version: 1.4.2-1ubuntu1
Distribution: artful
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Leonidas S. Barbosa <leo.barbosa at canonical.com>
Description:
python-jwt - Python implementation of JSON Web Token
python3-jwt - Python 3 implementation of JSON Web Token
Changes:
pyjwt (1.4.2-1ubuntu1) artful; urgency=medium
.
* SECURITY UPDATE: symmetric/asymmetric key confusion attacks
- debian/patches/CVE-2017-11424.patch: Throw if key is an PKCS1
PEM-encoded public key in jwt/algorithms.py, jwt/api_jws.py,
jwt/api_jwt.py, tests/keys/testkey_pkcs1.pub.pem,
tests/test_algorithms.py, tests/test_api_jws.py, tests/test_api_jwt.py.
- CVE-2017-11424
Checksums-Sha1:
2b1e39b085aef8bea384631789f6c524df219217 2537 pyjwt_1.4.2-1ubuntu1.dsc
cad90b592871734c91dcda0290a5e414004abaed 5600 pyjwt_1.4.2-1ubuntu1.debian.tar.xz
993595dc3f58a23164fde1f072b2f1f8319db61e 7589 pyjwt_1.4.2-1ubuntu1_source.buildinfo
Checksums-Sha256:
6772faff72aec48f841feec0706fc9e59cd9c9dd20036b34259baba5ce253265 2537 pyjwt_1.4.2-1ubuntu1.dsc
e09ac318ffa93522abfac1df4031a6a5070cafd0df07578a165622e15daf0b14 5600 pyjwt_1.4.2-1ubuntu1.debian.tar.xz
e658e69217dd9f102cbfd1567d22ab9396d36bfa9c0aaa5e0bdc7c9e7169ffac 7589 pyjwt_1.4.2-1ubuntu1_source.buildinfo
Files:
fe97ccd6b45b9cef53aac520b3855492 2537 python optional pyjwt_1.4.2-1ubuntu1.dsc
dc0c683142270f4dc090a31f99aa0002 5600 python optional pyjwt_1.4.2-1ubuntu1.debian.tar.xz
9df7ad4006f07909079caa594390160d 7589 python optional pyjwt_1.4.2-1ubuntu1_source.buildinfo
Original-Maintainer: Debian Python Modules Team <python-modules-team at lists.alioth.debian.org>
-----BEGIN PGP SIGNATURE-----
iQIcBAEBCgAGBQJZpwVjAAoJEFHb3FjMVZVzWAUP/jRfTimewA4RFdiRYWC6UisW
ZCZ3JmOpmpuCtfwgENHK1hjzgJm+7/zf80qCi8viU8BGOTQN1/LoruG1Oax2aJgi
p0EoRaRXkYFC8ZSArGfkKY62aJrRiiPTtiHf6AG0kUa4i9bzk81rireUyXNwdVQY
QqgOQ/WwGsrHuf4/BrInxHK8Q3ZGhey/f/nek89WG0IrOp/i3i/305TldkH29BXG
jDoSMiC3x52gxTFUNIYQfH9XYzpzFdOt3xKpI+RRV2/PXnrWlauRL8ohu5EjFpBZ
Om/5ZWR9tAHBns2l0EPQdKPvnpXwzdC7oPbg35RXhWY7hWTSuT0RaCUC0s4vL8Et
xs/PRQq8vcc0SYtepmEi0kmJxMQWhvj3twteuoyMWDL3Fi4VuM9XkrrGpCSwJHY2
eb6Go+H/0ilw3/X/eHbp7wGacER2PgroCL/pULsfJU1jBXC5nlMPnHbBCDHHj09r
b7brfdA6WRIibaIAw/m7XwPqF4CoGoteQDgOL7t3YSnwb2fEyD5GdMKgdaUg454v
cbO+IrGblAAvinazZtUt1x7SGCgyIuvCxgIa+K6I0ZXWRDgf+lIP06wBryLXIhw7
a2w9gulLV1qtwQGKtFUXcudTyoYQOj2MTJ6PBH10KzHwIzHtHE+9dal8rGFfOk3C
7uAG9y4QDRissQYJ7MTQ
=0IU3
-----END PGP SIGNATURE-----
More information about the Artful-changes
mailing list