UbuntuUpdates.org

Package "pyjwt"

Name: pyjwt

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • Python 3 implementation of JSON Web Token

Latest version: 2.3.0-1ubuntu0.2
Release: jammy (22.04)
Level: updates
Repository: main

Links



Other versions of "pyjwt" in Jammy

Repository Area Version
base main 2.3.0-1
security main 2.3.0-1ubuntu0.2

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 2.3.0-1ubuntu0.2 2022-08-17 04:07:03 UTC

  pyjwt (2.3.0-1ubuntu0.2) jammy-security; urgency=medium

  * SECURITY REGRESSION: Revert inadvertent package version bump to 2.4.0
    (LP: #1986487)
    - debian/patches/CVE-2022-29217.patch: Comment out the part which
      bumps the internal package version number to 2.4.0

 -- Alex Murray <email address hidden> Wed, 17 Aug 2022 10:05:29 +0930

Source diff to previous version
1986487 python3-jwt (2.3.0-1ubuntu0.1) contains pyjwt 2.4.0 metadata but install 2.3.0 library
CVE-2022-29217 PyJWT is a Python implementation of RFC 7519. PyJWT supports multiple different JWT signing algorithms. With JWT, an attacker submitting the JWT toke

Version: 2.3.0-1ubuntu0.1 2022-07-20 04:07:15 UTC

  pyjwt (2.3.0-1ubuntu0.1) jammy-security; urgency=medium

  * SECURITY UPDATE: Signing key confusion via public key signature
    - debian/patches/CVE-2022-29217.patch: update jwt/algorithms.py to
      disallow using SSH keys as a HMAC secret.
    - CVE-2022-29217

 -- Alex Murray <email address hidden> Tue, 19 Jul 2022 14:26:57 +0930

CVE-2022-29217 PyJWT is a Python implementation of RFC 7519. PyJWT supports multiple different JWT signing algorithms. With JWT, an attacker submitting the JWT toke



About   -   Send Feedback to @ubuntu_updates