| Revision Date: | 2021-06-18 | Version: | 1 |
| Title: | Security update for python-PyJWT (Moderate) |
| Description: |
This update for python-PyJWT fixes the following issues:
python-JWT was updated to 1.5.3. (bsc#1186173)
update to version 1.5.3:
* Changed
+ Increase required version of the cryptography package to >=1.4.0.
* Fixed
+ Remove uses of deprecated functions from the cryptography package. + Warn about missing algorithms param to decode() only when verify param is True #281
update to version 1.5.2:
- Ensure correct arguments order in decode super call [7c1e61d][7c1e61d] - Change optparse for argparse. [#238][238] - Guard against PKCS1 PEM encododed public keys [#277][277] - Add deprecation warning when decoding without specifying `algorithms` [#277][277] - Improve deprecation messages [#270][270] - PyJWT.decode: move verify param into options [#271][271] - Support for Python 3.6 [#262][262] - Expose jwt.InvalidAlgorithmError [#264][264] - Add support for ECDSA public keys in RFC 4253 (OpenSSH) format [#244][244] - Renamed commandline script `jwt` to `jwt-cli` to avoid issues with the script clobbering the `jwt` module in some circumstances. [#187][187] - Better error messages when using an algorithm that requires the cryptography package, but it isn't available [#230][230] - Tokens with future 'iat' values are no longer rejected [#190][190] - Non-numeric 'iat' values now raise InvalidIssuedAtError instead of DecodeError - Remove rejection of future 'iat' claims [#252][252] - Add back 'ES512' for backward compatibility (for now) [#225][225] - Fix incorrectly named ECDSA algorithm [#219][219] - Fix rpm build [#196][196] - Add JWK support for HMAC and RSA keys [#202][202]
|
| Family: | unix | Class: | patch |
| Status: | | Reference(s): | 1186173
CVE-2017-12880
SUSE-SU-2021:2010-1
|
| Platform(s): | SUSE OpenStack Cloud 7
| Product(s): | |
| Definition Synopsis |
| SUSE OpenStack Cloud 7 is installed AND python-PyJWT-1.5.3-3.13.1 is installed
|