[SECURITY] Fedora 22 Update: python-jwt-1.3.0-1.fc22
updates at fedoraproject.org
updates at fedoraproject.org
Tue Jun 30 00:13:25 UTC 2015
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2015-10350
2015-06-20 13:45:56
--------------------------------------------------------------------------------
Name : python-jwt
Product : Fedora 22
Version : 1.3.0
Release : 1.fc22
URL : http://pypi.python.org/pypi/pyjwt
Summary : JSON Web Token implementation in Python
Description :
A Python implementation of JSON Web Token draft 01. This library provides a
means of representing signed content using JSON data structures, including
claims to be transferred between two parties encoded as digitally signed and
encrypted JSON objects.
--------------------------------------------------------------------------------
Update Information:
Latest upstream with security fix for http://seclists.org/oss-sec/2015/q2/3 https://github.com/jpadilla/pyjwt/commit/88a9fc56bdc6c870aa6af93bda401414a217db2a
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jun 17 2015 Ralph Bean <rbean at redhat.com> - 1.3.0-1
- new version
- start running the test suite.
* Fri Mar 27 2015 Ralph Bean <rbean at redhat.com> - 1.0.1-1
- new version
* Thu Mar 19 2015 Ralph Bean <rbean at redhat.com> - 1.0.0-1
- new version
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1231173 - python-jwt: token verification bypass with "none" algorithm
https://bugzilla.redhat.com/show_bug.cgi?id=1231173
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update python-jwt' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
More information about the package-announce
mailing list