[Secure-testing-commits] r35073 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Sat Jun 20 14:24:24 UTC 2015
Author: carnil
Date: 2015-06-20 14:24:24 +0000 (Sat, 20 Jun 2015)
New Revision: 35073
Modified:
data/CVE/list
Log:
Add jessie tagged entry for pyjwt until (possibly) CVE assigned
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-06-20 14:08:19 UTC (rev 35072)
+++ data/CVE/list 2015-06-20 14:24:24 UTC (rev 35073)
@@ -4979,6 +4979,8 @@
NOTE: http://www.openwall.com/lists/oss-security/2015/04/02/1
CVE-2015-XXXX [Signature Bypass in several JSON Web Token Libraries]
- pyjwt <unfixed> (bug #781640)
+ [jessie] - pyjwt 0.2.1-1+deb8u1
+ NOTE: Added workaround item to reflect entry fixed status, remove once CVE assigned
- ruby-jwt <unfixed>
NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/04/01/4
NOTE: https://auth0.com/blog/2015/03/31/critical-vulnerabilities-in-json-web-token-libraries/
More information about the Secure-testing-commits
mailing list