-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2024-7cc9a030d9 2024-06-18 10:06:42.538893 --------------------------------------------------------------------------------
Name : python-authlib Product : Fedora 40 Version : 1.3.1 Release : 1.fc40 URL : https://github.com/lepture/authlib Summary : Build OAuth and OpenID Connect servers in Python Description : Python library for building OAuth and OpenID Connect servers. JWS, JWK, JWA, JWT are included.
-------------------------------------------------------------------------------- Update Information:
Update to v1.3.1 (CVE-2024-37568) -------------------------------------------------------------------------------- ChangeLog:
* Tue Jun 11 2024 Kai A. Hiller V02460@gmail.com - 1.3.1-1 - Update to v1.3.1 (CVE-2024-37568) * Fri Jun 7 2024 Python Maint python-maint@redhat.com - 1.3.0-5 - Bootstrap for Python 3.13 * Tue Apr 23 2024 Miro Hron��ok miro@hroncok.cz - 1.3.0-4 - Convert the --without check bcond to --without tests - Limit test deps when not running them - Run import check even when not running tests -------------------------------------------------------------------------------- References:
[ 1 ] Bug #2291129 - CVE-2024-37568 python-authlib: Algorithm confusion when verifying JSON Web Tokens with asymmetric public keys https://bugzilla.redhat.com/show_bug.cgi?id=2291129 --------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-7cc9a030d9' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------
package-announce@lists.fedoraproject.org