[Python-modules-commits] r33023 - in packages/pyjwt/branches/0.2.1/debian (changelog)
eriol-guest at users.alioth.debian.org
eriol-guest at users.alioth.debian.org
Thu Jun 18 17:42:27 UTC 2015
Date: Thursday, June 18, 2015 @ 17:42:26
Author: eriol-guest
Revision: 33023
Mention an article explaining vulnerability since there is not a CVE
Modified:
packages/pyjwt/branches/0.2.1/debian/changelog
Modified: packages/pyjwt/branches/0.2.1/debian/changelog
===================================================================
--- packages/pyjwt/branches/0.2.1/debian/changelog 2015-06-18 15:32:53 UTC (rev 33022)
+++ packages/pyjwt/branches/0.2.1/debian/changelog 2015-06-18 17:42:26 UTC (rev 33023)
@@ -2,7 +2,9 @@
* debian/patches/01_not-use-asymmetric-keys-as-HMAC.patch
- Add a check so that asymmetric keys cannot be used as HMAC
- secrets. (Closes: #781640)
+ secrets. See for more details:
+ https://auth0.com/blog/2015/03/31/critical-vulnerabilities-in-json-web-token-libraries/
+ (Closes: #781640)
-- Daniele Tricoli <eriol at mornie.org> Fri, 05 Jun 2015 03:25:03 +0200
More information about the Python-modules-commits
mailing list