[Python-modules-commits] r33300 - in packages/pyjwt/trunk/debian (changelog)
eriol-guest at users.alioth.debian.org
eriol-guest at users.alioth.debian.org
Wed Jul 8 01:16:18 UTC 2015
Date: Wednesday, July 8, 2015 @ 01:16:17
Author: eriol-guest
Revision: 33300
Add note about the check on asymmetric keys
Modified:
packages/pyjwt/trunk/debian/changelog
Modified: packages/pyjwt/trunk/debian/changelog
===================================================================
--- packages/pyjwt/trunk/debian/changelog 2015-07-07 21:18:10 UTC (rev 33299)
+++ packages/pyjwt/trunk/debian/changelog 2015-07-08 01:16:17 UTC (rev 33300)
@@ -1,12 +1,15 @@
pyjwt (1.3.0-1) UNRELEASED; urgency=medium
* New upstream release.
+ - Add a check so that asymmetric keys cannot be used as HMAC
+ secrets. See for more details:
+ https://auth0.com/blog/2015/03/31/critical-vulnerabilities-in-json-web-token-libraries/
* debian/control
- Update Homepage field.
* debian/watch
- Use pypi.debian.net redirector.
- -- Daniele Tricoli <eriol at mornie.org> Tue, 24 Feb 2015 04:49:38 +0100
+ -- Daniele Tricoli <eriol at mornie.org> Wed, 08 Jul 2015 02:57:14 +0200
pyjwt (0.2.1-1) unstable; urgency=low
More information about the Python-modules-commits
mailing list