Package: pyjwt
Version: 0.2.1-1
Severity: grave
Tags: security
See http://www.openwall.com/lists/oss-security/2015/04/01/4
Relevant upstream commit:
https://github.com/jpadilla/pyjwt/commit/88a9fc56.patch
However, I was not able to get this commit to apply cleanly on the version
packaged in Debian.
Not sure if worth backporting the fix or upgrading to the latest upstream
version.
-- System Information:
Debian Release: jessie/sid
APT prefers trusty-updates
APT policy: (500, 'trusty-updates'), (500, 'trusty-security'), (500,
'trusty'), (100, 'trusty-backports')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 3.13.0-48-generic (SMP w/4 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
_______________________________________________
Secure-testing-team mailing list
[email protected]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-team
