Описание
Security update for python-PyJWT
This update for python-PyJWT fixes the following issues:
python-JWT was updated to 1.5.3. (bsc#1186173)
update to version 1.5.3:
-
Changed
- Increase required version of the cryptography package to
=1.4.0.
- Increase required version of the cryptography package to
-
Fixed
- Remove uses of deprecated functions from the cryptography package.
- Warn about missing algorithms param to decode() only when verify param is True #281
update to version 1.5.2:
- Ensure correct arguments order in decode super call [7c1e61d][7c1e61d]
- Change optparse for argparse. [#238][238]
- Guard against PKCS1 PEM encododed public keys [#277][277]
- Add deprecation warning when decoding without specifying
algorithms[#277][277] - Improve deprecation messages [#270][270]
- PyJWT.decode: move verify param into options [#271][271]
- Support for Python 3.6 [#262][262]
- Expose jwt.InvalidAlgorithmError [#264][264]
- Add support for ECDSA public keys in RFC 4253 (OpenSSH) format [#244][244]
- Renamed commandline script
jwttojwt-clito avoid issues with the script clobbering thejwtmodule in some circumstances. [#187][187] - Better error messages when using an algorithm that requires the cryptography package, but it isn't available [#230][230]
- Tokens with future 'iat' values are no longer rejected [#190][190]
- Non-numeric 'iat' values now raise InvalidIssuedAtError instead of DecodeError
- Remove rejection of future 'iat' claims [#252][252]
- Add back 'ES512' for backward compatibility (for now) [#225][225]
- Fix incorrectly named ECDSA algorithm [#219][219]
- Fix rpm build [#196][196]
- Add JWK support for HMAC and RSA keys [#202][202]
Список пакетов
Image SLES12-SP4-Azure-BYOS
python3-PyJWT-1.5.3-3.13.1
Image SLES12-SP4-EC2-HVM-BYOS
python3-PyJWT-1.5.3-3.13.1
Image SLES12-SP4-SAP-Azure
python3-PyJWT-1.5.3-3.13.1
Image SLES12-SP4-SAP-Azure-BYOS
python3-PyJWT-1.5.3-3.13.1
Image SLES12-SP4-SAP-EC2-HVM
python3-PyJWT-1.5.3-3.13.1
Image SLES12-SP4-SAP-EC2-HVM-BYOS
python3-PyJWT-1.5.3-3.13.1
Image SLES12-SP5-Azure-BYOS
python3-PyJWT-1.5.3-3.13.1
Image SLES12-SP5-Azure-Basic-On-Demand
python3-PyJWT-1.5.3-3.13.1
Image SLES12-SP5-Azure-HPC-BYOS
python3-PyJWT-1.5.3-3.13.1
Image SLES12-SP5-Azure-HPC-On-Demand
python3-PyJWT-1.5.3-3.13.1
Image SLES12-SP5-Azure-SAP-BYOS
python-PyJWT-1.5.3-3.13.1
python3-PyJWT-1.5.3-3.13.1
Image SLES12-SP5-Azure-SAP-On-Demand
python-PyJWT-1.5.3-3.13.1
python3-PyJWT-1.5.3-3.13.1
Image SLES12-SP5-Azure-Standard-On-Demand
python3-PyJWT-1.5.3-3.13.1
Image SLES12-SP5-EC2-BYOS
python3-PyJWT-1.5.3-3.13.1
Image SLES12-SP5-EC2-ECS-On-Demand
python3-PyJWT-1.5.3-3.13.1
Image SLES12-SP5-EC2-On-Demand
python3-PyJWT-1.5.3-3.13.1
Image SLES12-SP5-EC2-SAP-BYOS
python3-PyJWT-1.5.3-3.13.1
Image SLES12-SP5-EC2-SAP-On-Demand
python3-PyJWT-1.5.3-3.13.1
Image SLES12-SP5-OCI-BYOS-BYOS
python3-PyJWT-1.5.3-3.13.1
Image SLES12-SP5-OCI-BYOS-SAP-BYOS
python3-PyJWT-1.5.3-3.13.1
SUSE Linux Enterprise Module for Public Cloud 12
python-PyJWT-1.5.3-3.13.1
python3-PyJWT-1.5.3-3.13.1
SUSE OpenStack Cloud 7
python-PyJWT-1.5.3-3.13.1
Ссылки
- Link for SUSE-SU-2021:2010-1
- E-Mail link for SUSE-SU-2021:2010-1
- SUSE Security Ratings
- SUSE Bug 1186173
- SUSE CVE CVE-2017-12880 page
Описание
DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-11424. Reason: This candidate is a duplicate of CVE-2017-11424. Notes: All CVE users should reference CVE-2017-11424 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage
Затронутые продукты
Image SLES12-SP4-Azure-BYOS:python3-PyJWT-1.5.3-3.13.1
Image SLES12-SP4-EC2-HVM-BYOS:python3-PyJWT-1.5.3-3.13.1
Image SLES12-SP4-SAP-Azure-BYOS:python3-PyJWT-1.5.3-3.13.1
Image SLES12-SP4-SAP-Azure:python3-PyJWT-1.5.3-3.13.1
Ссылки
- CVE-2017-12880
- SUSE Bug 1054106