[Bug 1986487] [NEW] python3-jwt (2.3.0-1ubuntu0.1) contains pyjwt 2.4.0 metadata but install 2.3.0 library

Leighton 1986487 at bugs.launchpad.net
Mon Aug 15 02:05:49 UTC 2022


Public bug reported:

The security update version of this package contains the metadata for
PyJWT 2.4.0, not 2.3.0 that it installs. This doesn't happen in the
2.3.0-1 package.

# dpkg -L python3-jwt
/.
/usr
/usr/lib
/usr/lib/python3
/usr/lib/python3/dist-packages
/usr/lib/python3/dist-packages/PyJWT-2.4.0.egg-info
/usr/lib/python3/dist-packages/PyJWT-2.4.0.egg-info/PKG-INFO
/usr/lib/python3/dist-packages/PyJWT-2.4.0.egg-info/dependency_links.txt
/usr/lib/python3/dist-packages/PyJWT-2.4.0.egg-info/not-zip-safe
/usr/lib/python3/dist-packages/PyJWT-2.4.0.egg-info/requires.txt
/usr/lib/python3/dist-packages/PyJWT-2.4.0.egg-info/top_level.txt
/usr/lib/python3/dist-packages/jwt
/usr/lib/python3/dist-packages/jwt/__init__.py
/usr/lib/python3/dist-packages/jwt/algorithms.py
/usr/lib/python3/dist-packages/jwt/api_jwk.py
/usr/lib/python3/dist-packages/jwt/api_jws.py
/usr/lib/python3/dist-packages/jwt/api_jwt.py
/usr/lib/python3/dist-packages/jwt/exceptions.py
/usr/lib/python3/dist-packages/jwt/help.py
/usr/lib/python3/dist-packages/jwt/jwks_client.py
/usr/lib/python3/dist-packages/jwt/py.typed
/usr/lib/python3/dist-packages/jwt/utils.py
/usr/share
/usr/share/doc
/usr/share/doc/python3-jwt
/usr/share/doc/python3-jwt/NEWS.Debian.gz
/usr/share/doc/python3-jwt/README.rst
/usr/share/doc/python3-jwt/changelog.Debian.gz
/usr/share/doc/python3-jwt/copyright

# dpkg -s python3-jwt
Package: python3-jwt
Status: install ok installed
Priority: optional
Section: python
Installed-Size: 82
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Architecture: all
Source: pyjwt
Version: 2.3.0-1ubuntu0.1
Depends: python3:any
Recommends: python3-cryptography
Suggests: python3-crypto
Description: Python 3 implementation of JSON Web Token
 PyJWT implements the JSON Web Token draft 01, a way of representing
 signed content using JSON data structures.
 .
 Supported algorithms for cryptographic signing:
 .
   * HS256 - HMAC using SHA-256 hash algorithm (default)
   * HS384 - HMAC using SHA-384 hash algorithm
   * HS512 - HMAC using SHA-512 hash algorithm
   * RS256 - RSASSA-PKCS1-v1_5 signature algorithm using SHA-256 hash
     algorithm
   * RS384 - RSASSA-PKCS1-v1_5 signature algorithm using SHA-384 hash
     algorithm
   * RS512 - RSASSA-PKCS1-v1_5 signature algorithm using SHA-512 hash
     algorithm
 .
 Supported reserved claim names:
   - "exp" (Expiration Time) Claim
 .
 This package contains the Python 3 version of the library.
Homepage: https://github.com/jpadilla/pyjwt
Original-Maintainer: Debian Python Team <team+python at tracker.debian.org>

** Affects: pyjwt (Ubuntu)
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Ubuntu
OpenStack, which is subscribed to pyjwt in Ubuntu.
https://bugs.launchpad.net/bugs/1986487

Title:
  python3-jwt (2.3.0-1ubuntu0.1) contains pyjwt 2.4.0 metadata but
  install 2.3.0 library

Status in pyjwt package in Ubuntu:
  New

Bug description:
  The security update version of this package contains the metadata for
  PyJWT 2.4.0, not 2.3.0 that it installs. This doesn't happen in the
  2.3.0-1 package.

  # dpkg -L python3-jwt
  /.
  /usr
  /usr/lib
  /usr/lib/python3
  /usr/lib/python3/dist-packages
  /usr/lib/python3/dist-packages/PyJWT-2.4.0.egg-info
  /usr/lib/python3/dist-packages/PyJWT-2.4.0.egg-info/PKG-INFO
  /usr/lib/python3/dist-packages/PyJWT-2.4.0.egg-info/dependency_links.txt
  /usr/lib/python3/dist-packages/PyJWT-2.4.0.egg-info/not-zip-safe
  /usr/lib/python3/dist-packages/PyJWT-2.4.0.egg-info/requires.txt
  /usr/lib/python3/dist-packages/PyJWT-2.4.0.egg-info/top_level.txt
  /usr/lib/python3/dist-packages/jwt
  /usr/lib/python3/dist-packages/jwt/__init__.py
  /usr/lib/python3/dist-packages/jwt/algorithms.py
  /usr/lib/python3/dist-packages/jwt/api_jwk.py
  /usr/lib/python3/dist-packages/jwt/api_jws.py
  /usr/lib/python3/dist-packages/jwt/api_jwt.py
  /usr/lib/python3/dist-packages/jwt/exceptions.py
  /usr/lib/python3/dist-packages/jwt/help.py
  /usr/lib/python3/dist-packages/jwt/jwks_client.py
  /usr/lib/python3/dist-packages/jwt/py.typed
  /usr/lib/python3/dist-packages/jwt/utils.py
  /usr/share
  /usr/share/doc
  /usr/share/doc/python3-jwt
  /usr/share/doc/python3-jwt/NEWS.Debian.gz
  /usr/share/doc/python3-jwt/README.rst
  /usr/share/doc/python3-jwt/changelog.Debian.gz
  /usr/share/doc/python3-jwt/copyright

  # dpkg -s python3-jwt
  Package: python3-jwt
  Status: install ok installed
  Priority: optional
  Section: python
  Installed-Size: 82
  Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
  Architecture: all
  Source: pyjwt
  Version: 2.3.0-1ubuntu0.1
  Depends: python3:any
  Recommends: python3-cryptography
  Suggests: python3-crypto
  Description: Python 3 implementation of JSON Web Token
   PyJWT implements the JSON Web Token draft 01, a way of representing
   signed content using JSON data structures.
   .
   Supported algorithms for cryptographic signing:
   .
     * HS256 - HMAC using SHA-256 hash algorithm (default)
     * HS384 - HMAC using SHA-384 hash algorithm
     * HS512 - HMAC using SHA-512 hash algorithm
     * RS256 - RSASSA-PKCS1-v1_5 signature algorithm using SHA-256 hash
       algorithm
     * RS384 - RSASSA-PKCS1-v1_5 signature algorithm using SHA-384 hash
       algorithm
     * RS512 - RSASSA-PKCS1-v1_5 signature algorithm using SHA-512 hash
       algorithm
   .
   Supported reserved claim names:
     - "exp" (Expiration Time) Claim
   .
   This package contains the Python 3 version of the library.
  Homepage: https://github.com/jpadilla/pyjwt
  Original-Maintainer: Debian Python Team <team+python at tracker.debian.org>

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/pyjwt/+bug/1986487/+subscriptions




More information about the Ubuntu-openstack-bugs mailing list