Your message dated Fri, 10 Jul 2015 07:19:36 +0000
with message-id <[email protected]>
and subject line Bug#780630: fixed in pyjwt 1.3.0-1
has caused the Debian Bug report #780630,
regarding pyjwt: python{,3}-jwt missing dependency on python{,3}-crypto
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
780630: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=780630
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: pyjwt
Version: 0.2.1-1
Severity: normal
Dear Maintainer,
According to
http://self-issued.info/docs/draft-jones-json-web-token-01.html ,
a jwt implementation is required to support RSA signatures in order
to be conforming. In order for pyjwt to support RSA signatures, the
relevant version of PyCrypto needs to be installed; however, it is
not listed in the suggests, recommends, or depends for python{,3}-jwt.
Also note that upstream, as of the v0.4.0 release, has switched to using
the cryptography python module instead of PyCrypto.
-- System Information:
Debian Release: jessie/sid
APT prefers vivid-updates
APT policy: (500, 'vivid-updates'), (500, 'vivid-security'), (500, 'vivid')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 3.16.0-22-generic (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: upstart (via init_is_upstart())
--- End Message ---
--- Begin Message ---
Source: pyjwt
Source-Version: 1.3.0-1
We believe that the bug you reported is fixed in the latest version of
pyjwt, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Daniele Tricoli <[email protected]> (supplier of updated pyjwt package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 10 Jul 2015 02:12:06 +0200
Source: pyjwt
Binary: python-jwt python3-jwt
Architecture: source all
Version: 1.3.0-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Python Modules Team
<[email protected]>
Changed-By: Daniele Tricoli <[email protected]>
Description:
python-jwt - Python implementation of JSON Web Token
python3-jwt - Python 3 implementation of JSON Web Token
Closes: 780630
Changes:
pyjwt (1.3.0-1) unstable; urgency=medium
.
* New upstream release.
- Add a check so that asymmetric keys cannot be used as HMAC
secrets. See for more details:
https://auth0.com/blog/2015/03/31/critical-vulnerabilities-in-json-web-token-libraries/
* debian/control
- Update Homepage field.
- Add python{,3}-cryptography to Build-Depends and Recommends.
(Closes: #780630)
- Add python{,3}-crypto to Suggests.
- Bump Standards-Version to 3.9.6 (no changes needed).
* debian/copyright
- Update Upstream-Contact to reflect new upstream author.
- Update copyright years.
* debian/patches/01_do-not-use-pytest-runner.patch
- Remove pytest-runner form setup_requires since it's not packaged for
Debian yet.
* debian/watch
- Use pypi.debian.net redirector.
Checksums-Sha1:
cdb9fcfc6ca2bd73b34ddddde94b6c44ad8c8fa8 2109 pyjwt_1.3.0-1.dsc
6c4e0c600dc02d91cf1a84623152039cb3ac07a8 61828 pyjwt_1.3.0.orig.tar.gz
b4a16f96c182306334073a314b84eb96d47392e5 3428 pyjwt_1.3.0-1.debian.tar.xz
cb6471853c042cbc5dae21b43106d18ea981b2a4 21580 python-jwt_1.3.0-1_all.deb
b3a6028cddf683d9c691a4a62b680e1bb588cde5 17228 python3-jwt_1.3.0-1_all.deb
Checksums-Sha256:
00c189187e3b479063199613192970b84d054fa07ad73f45cfa881d63c94370e 2109
pyjwt_1.3.0-1.dsc
fc230244ec4e4014d6eeae894ac852e820a4c843dc209d4f77e76d564f46ee49 61828
pyjwt_1.3.0.orig.tar.gz
f71c811984485a8d81174ea33a8bf4ec5ddd40833fdb30dbc3b51b38b144270d 3428
pyjwt_1.3.0-1.debian.tar.xz
4cd983bda1adc4ad90f31003018271676ccfaafe7a82cd156765df6187091246 21580
python-jwt_1.3.0-1_all.deb
e8a995f4296a6b783247303dd62a634ec2ffc1724aaa6959c1a5784adcc49000 17228
python3-jwt_1.3.0-1_all.deb
Files:
f02bc6b60efbcba9c383d7542d1f936f 2109 python optional pyjwt_1.3.0-1.dsc
545550fd5a918775b7e970a3854373f6 61828 python optional pyjwt_1.3.0.orig.tar.gz
6763df761599bc6891a8f9e3d7fc687e 3428 python optional
pyjwt_1.3.0-1.debian.tar.xz
11cbc0f9c49a6ba1638e4458b4162d23 21580 python optional
python-jwt_1.3.0-1_all.deb
947839556a35f7aaeba7973e49c4bd70 17228 python optional
python3-jwt_1.3.0-1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCgAGBQJVn3BbAAoJEK728aKnRXZFeFQQAKoYN0EJ8ziQtL2h2ixM8YEO
7KxgHkCvH2LPlEZxoMARmSDQFjbMNGsPKvakjfgmPq8EktTvqPkQ/Trxl65TxCtj
u7NCAg62Gy9Iq3lmxQGbUhSFkKCeEh61dn5by8Oy2eBF9MvLFwPPitF14GgVkp9P
jvDoqdTYrT6XQ1IaX3bufSWqiLYPfnSO+ZxYOhPCjmQpqg5aWRfEJxm/xxsQCW5D
xE1kEzRxj9mQzV3iKvr+aV5pyOyfwtzpwRwt68lfvTSS3cPygs9GL314BjJAOXCE
aJfhPkrPhLp1to7oFzjNqRiZb0EROB2VeOt4Zsb0bgplXKkAFjn8aBBg5rnymxa1
rt9IluCz7ZpPBEAkSXRIY5BU8CQcTElDHHuttYPoXt48a+urALKxGHzAVWpON4hX
4rJPo/zC9qrf2y8J+mxdN755blHAJnRN8qhituXO+mxj/f7oIehazf2tToaUPbjc
3DXMYSNUH/p3BVJ6whNo0G46TdOQopkynJka+zWq70APrKRit35kIfdnK4XvX96M
12Qnqt4VQ+PSXhcaab1EddNOc40Tmw1CXeVOyitBdv1FKtknChyCR/bg+AzA+pKP
Gqc0dIEMIFr9Vu1fIqVrx5+fMj6DdBHjNfNuRibe9rOFK7+Sx8Wk0NDAmKkP8FJs
QJ6uFsoDsAMqPYDQrOEZ
=If/1
-----END PGP SIGNATURE-----
--- End Message ---
