[ubuntu/artful-proposed] pyjwt 1.4.2-1ubuntu1 (Accepted)

Leonidas S. Barbosa leo.barbosa at canonical.com
Wed Aug 30 18:37:13 UTC 2017


pyjwt (1.4.2-1ubuntu1) artful; urgency=medium

  * SECURITY UPDATE: symmetric/asymmetric key confusion attacks
    - debian/patches/CVE-2017-11424.patch: Throw if key is an PKCS1
      PEM-encoded public key in jwt/algorithms.py, jwt/api_jws.py,
      jwt/api_jwt.py, tests/keys/testkey_pkcs1.pub.pem,
      tests/test_algorithms.py, tests/test_api_jws.py, tests/test_api_jwt.py.
    - CVE-2017-11424

Date: Mon, 28 Aug 2017 15:39:22 -0300
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Signed-By: Jamie Strandboge <jamie at ubuntu.com>
https://launchpad.net/ubuntu/+source/pyjwt/1.4.2-1ubuntu1
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 28 Aug 2017 15:39:22 -0300
Source: pyjwt
Binary: python-jwt python3-jwt
Architecture: source
Version: 1.4.2-1ubuntu1
Distribution: artful
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Leonidas S. Barbosa <leo.barbosa at canonical.com>
Description:
 python-jwt - Python implementation of JSON Web Token
 python3-jwt - Python 3 implementation of JSON Web Token
Changes:
 pyjwt (1.4.2-1ubuntu1) artful; urgency=medium
 .
   * SECURITY UPDATE: symmetric/asymmetric key confusion attacks
     - debian/patches/CVE-2017-11424.patch: Throw if key is an PKCS1
       PEM-encoded public key in jwt/algorithms.py, jwt/api_jws.py,
       jwt/api_jwt.py, tests/keys/testkey_pkcs1.pub.pem,
       tests/test_algorithms.py, tests/test_api_jws.py, tests/test_api_jwt.py.
     - CVE-2017-11424
Checksums-Sha1:
 2b1e39b085aef8bea384631789f6c524df219217 2537 pyjwt_1.4.2-1ubuntu1.dsc
 cad90b592871734c91dcda0290a5e414004abaed 5600 pyjwt_1.4.2-1ubuntu1.debian.tar.xz
 993595dc3f58a23164fde1f072b2f1f8319db61e 7589 pyjwt_1.4.2-1ubuntu1_source.buildinfo
Checksums-Sha256:
 6772faff72aec48f841feec0706fc9e59cd9c9dd20036b34259baba5ce253265 2537 pyjwt_1.4.2-1ubuntu1.dsc
 e09ac318ffa93522abfac1df4031a6a5070cafd0df07578a165622e15daf0b14 5600 pyjwt_1.4.2-1ubuntu1.debian.tar.xz
 e658e69217dd9f102cbfd1567d22ab9396d36bfa9c0aaa5e0bdc7c9e7169ffac 7589 pyjwt_1.4.2-1ubuntu1_source.buildinfo
Files:
 fe97ccd6b45b9cef53aac520b3855492 2537 python optional pyjwt_1.4.2-1ubuntu1.dsc
 dc0c683142270f4dc090a31f99aa0002 5600 python optional pyjwt_1.4.2-1ubuntu1.debian.tar.xz
 9df7ad4006f07909079caa594390160d 7589 python optional pyjwt_1.4.2-1ubuntu1_source.buildinfo
Original-Maintainer: Debian Python Modules Team <python-modules-team at lists.alioth.debian.org>

-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJZpwVjAAoJEFHb3FjMVZVzWAUP/jRfTimewA4RFdiRYWC6UisW
ZCZ3JmOpmpuCtfwgENHK1hjzgJm+7/zf80qCi8viU8BGOTQN1/LoruG1Oax2aJgi
p0EoRaRXkYFC8ZSArGfkKY62aJrRiiPTtiHf6AG0kUa4i9bzk81rireUyXNwdVQY
QqgOQ/WwGsrHuf4/BrInxHK8Q3ZGhey/f/nek89WG0IrOp/i3i/305TldkH29BXG
jDoSMiC3x52gxTFUNIYQfH9XYzpzFdOt3xKpI+RRV2/PXnrWlauRL8ohu5EjFpBZ
Om/5ZWR9tAHBns2l0EPQdKPvnpXwzdC7oPbg35RXhWY7hWTSuT0RaCUC0s4vL8Et
xs/PRQq8vcc0SYtepmEi0kmJxMQWhvj3twteuoyMWDL3Fi4VuM9XkrrGpCSwJHY2
eb6Go+H/0ilw3/X/eHbp7wGacER2PgroCL/pULsfJU1jBXC5nlMPnHbBCDHHj09r
b7brfdA6WRIibaIAw/m7XwPqF4CoGoteQDgOL7t3YSnwb2fEyD5GdMKgdaUg454v
cbO+IrGblAAvinazZtUt1x7SGCgyIuvCxgIa+K6I0ZXWRDgf+lIP06wBryLXIhw7
a2w9gulLV1qtwQGKtFUXcudTyoYQOj2MTJ6PBH10KzHwIzHtHE+9dal8rGFfOk3C
7uAG9y4QDRissQYJ7MTQ
=0IU3
-----END PGP SIGNATURE-----


More information about the Artful-changes mailing list