[Bug 1986487] Re: python3-jwt (2.3.0-1ubuntu0.1) contains pyjwt 2.4.0 metadata but install 2.3.0 library
Launchpad Bug Tracker
1986487 at bugs.launchpad.net
Wed Aug 17 01:48:57 UTC 2022
This bug was fixed in the package pyjwt - 2.3.0-1ubuntu0.2
---------------
pyjwt (2.3.0-1ubuntu0.2) jammy-security; urgency=medium
* SECURITY REGRESSION: Revert inadvertent package version bump to 2.4.0
(LP: #1986487)
- debian/patches/CVE-2022-29217.patch: Comment out the part which
bumps the internal package version number to 2.4.0
-- Alex Murray <alex.murray at canonical.com> Wed, 17 Aug 2022 10:05:29
+0930
** Changed in: pyjwt (Ubuntu)
Status: New => Fix Released
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-29217
--
You received this bug notification because you are a member of Ubuntu
OpenStack, which is subscribed to pyjwt in Ubuntu.
https://bugs.launchpad.net/bugs/1986487
Title:
python3-jwt (2.3.0-1ubuntu0.1) contains pyjwt 2.4.0 metadata but
install 2.3.0 library
Status in pyjwt package in Ubuntu:
Fix Released
Bug description:
The security update version of this package contains the metadata for
PyJWT 2.4.0, not 2.3.0 that it installs. This doesn't happen in the
2.3.0-1 package.
# dpkg -L python3-jwt
/.
/usr
/usr/lib
/usr/lib/python3
/usr/lib/python3/dist-packages
/usr/lib/python3/dist-packages/PyJWT-2.4.0.egg-info
/usr/lib/python3/dist-packages/PyJWT-2.4.0.egg-info/PKG-INFO
/usr/lib/python3/dist-packages/PyJWT-2.4.0.egg-info/dependency_links.txt
/usr/lib/python3/dist-packages/PyJWT-2.4.0.egg-info/not-zip-safe
/usr/lib/python3/dist-packages/PyJWT-2.4.0.egg-info/requires.txt
/usr/lib/python3/dist-packages/PyJWT-2.4.0.egg-info/top_level.txt
/usr/lib/python3/dist-packages/jwt
/usr/lib/python3/dist-packages/jwt/__init__.py
/usr/lib/python3/dist-packages/jwt/algorithms.py
/usr/lib/python3/dist-packages/jwt/api_jwk.py
/usr/lib/python3/dist-packages/jwt/api_jws.py
/usr/lib/python3/dist-packages/jwt/api_jwt.py
/usr/lib/python3/dist-packages/jwt/exceptions.py
/usr/lib/python3/dist-packages/jwt/help.py
/usr/lib/python3/dist-packages/jwt/jwks_client.py
/usr/lib/python3/dist-packages/jwt/py.typed
/usr/lib/python3/dist-packages/jwt/utils.py
/usr/share
/usr/share/doc
/usr/share/doc/python3-jwt
/usr/share/doc/python3-jwt/NEWS.Debian.gz
/usr/share/doc/python3-jwt/README.rst
/usr/share/doc/python3-jwt/changelog.Debian.gz
/usr/share/doc/python3-jwt/copyright
# dpkg -s python3-jwt
Package: python3-jwt
Status: install ok installed
Priority: optional
Section: python
Installed-Size: 82
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Architecture: all
Source: pyjwt
Version: 2.3.0-1ubuntu0.1
Depends: python3:any
Recommends: python3-cryptography
Suggests: python3-crypto
Description: Python 3 implementation of JSON Web Token
PyJWT implements the JSON Web Token draft 01, a way of representing
signed content using JSON data structures.
.
Supported algorithms for cryptographic signing:
.
* HS256 - HMAC using SHA-256 hash algorithm (default)
* HS384 - HMAC using SHA-384 hash algorithm
* HS512 - HMAC using SHA-512 hash algorithm
* RS256 - RSASSA-PKCS1-v1_5 signature algorithm using SHA-256 hash
algorithm
* RS384 - RSASSA-PKCS1-v1_5 signature algorithm using SHA-384 hash
algorithm
* RS512 - RSASSA-PKCS1-v1_5 signature algorithm using SHA-512 hash
algorithm
.
Supported reserved claim names:
- "exp" (Expiration Time) Claim
.
This package contains the Python 3 version of the library.
Homepage: https://github.com/jpadilla/pyjwt
Original-Maintainer: Debian Python Team <team+python at tracker.debian.org>
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/pyjwt/+bug/1986487/+subscriptions
More information about the Ubuntu-openstack-bugs
mailing list