[SECURITY] Fedora 21 Update: python-jwt-1.3.0-1.fc21
updates at fedoraproject.org
updates at fedoraproject.org
Tue Jun 30 00:08:24 UTC 2015
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2015-10249
2015-06-20 13:38:05
--------------------------------------------------------------------------------
Name : python-jwt
Product : Fedora 21
Version : 1.3.0
Release : 1.fc21
URL : http://pypi.python.org/pypi/pyjwt
Summary : JSON Web Token implementation in Python
Description :
A Python implementation of JSON Web Token draft 01. This library provides a
means of representing signed content using JSON data structures, including
claims to be transferred between two parties encoded as digitally signed and
encrypted JSON objects.
--------------------------------------------------------------------------------
Update Information:
Latest upstream with security fix for http://seclists.org/oss-sec/2015/q2/3 https://github.com/jpadilla/pyjwt/commit/88a9fc56bdc6c870aa6af93bda401414a217db2a
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1231173 - python-jwt: token verification bypass with "none" algorithm
https://bugzilla.redhat.com/show_bug.cgi?id=1231173
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update python-jwt' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
More information about the package-announce
mailing list