[ubuntu/resolute-proposed] pyjwt 2.10.1-4ubuntu1 (Accepted)
Hlib Korzhynskyy
hlib.korzhynskyy at canonical.com
Mon Mar 30 15:45:43 UTC 2026
pyjwt (2.10.1-4ubuntu1) resolute; urgency=medium
* SECURITY UPDATE: Incorrect authorization of invalid JWS token.
- debian/patches/CVE-2026-32597.patch: Add _supported_crit and checks
for valid crit header in jwt/api_jws.py. Add tests in
tests/test_api_jws.py and tests/test_api_jwt.py.
- CVE-2026-32597
Date: Mon, 30 Mar 2026 12:15:21 -0230
Changed-By: Hlib Korzhynskyy <hlib.korzhynskyy at canonical.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Signed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/+source/pyjwt/2.10.1-4ubuntu1
-------------- next part --------------
Format: 1.8
Date: Mon, 30 Mar 2026 12:15:21 -0230
Source: pyjwt
Built-For-Profiles: derivative.ubuntu noudeb
Architecture: source
Version: 2.10.1-4ubuntu1
Distribution: resolute
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Hlib Korzhynskyy <hlib.korzhynskyy at canonical.com>
Changes:
pyjwt (2.10.1-4ubuntu1) resolute; urgency=medium
.
* SECURITY UPDATE: Incorrect authorization of invalid JWS token.
- debian/patches/CVE-2026-32597.patch: Add _supported_crit and checks
for valid crit header in jwt/api_jws.py. Add tests in
tests/test_api_jws.py and tests/test_api_jwt.py.
- CVE-2026-32597
Checksums-Sha1:
137e38874f02295adda0230c9881a91d9ad71a2b 2438 pyjwt_2.10.1-4ubuntu1.dsc
1e3d6269a4a0efcdbd418fd741ade428e0c06bc4 8072 pyjwt_2.10.1-4ubuntu1.debian.tar.xz
1239396a0847f080bd420ace8ed98011f72f60e2 9182 pyjwt_2.10.1-4ubuntu1_source.buildinfo
Checksums-Sha256:
6c4ccc3a4244458cc0f138ecc9a5299d8cdd4de3f6cb4dce290b9bba19dc96bd 2438 pyjwt_2.10.1-4ubuntu1.dsc
75d553084c4b7fb85cf0ac700b0788943bc6d48f0c5aa82b473703feb303f28c 8072 pyjwt_2.10.1-4ubuntu1.debian.tar.xz
f5546cfd294ca789d4a73885cdb0a7132f28d2ec116134885ac188570432934d 9182 pyjwt_2.10.1-4ubuntu1_source.buildinfo
Files:
1430ed0713f358a7240a927f87330fa9 2438 python optional pyjwt_2.10.1-4ubuntu1.dsc
4ef166a1ccc4ba220683dc393a9a3188 8072 python optional pyjwt_2.10.1-4ubuntu1.debian.tar.xz
4a6876ac52aef9e7b815cf61f9dac0cb 9182 python optional pyjwt_2.10.1-4ubuntu1_source.buildinfo
Original-Maintainer: Debian Python Team <team+python at tracker.debian.org>
More information about the Resolute-changes
mailing list