[Python-modules-commits] r33023 - in packages/pyjwt/branches/0.2.1/debian (changelog)

eriol-guest at users.alioth.debian.org eriol-guest at users.alioth.debian.org
Thu Jun 18 17:42:27 UTC 2015


    Date: Thursday, June 18, 2015 @ 17:42:26
  Author: eriol-guest
Revision: 33023

Mention an article explaining vulnerability since there is not a CVE

Modified:
  packages/pyjwt/branches/0.2.1/debian/changelog

Modified: packages/pyjwt/branches/0.2.1/debian/changelog
===================================================================
--- packages/pyjwt/branches/0.2.1/debian/changelog	2015-06-18 15:32:53 UTC (rev 33022)
+++ packages/pyjwt/branches/0.2.1/debian/changelog	2015-06-18 17:42:26 UTC (rev 33023)
@@ -2,7 +2,9 @@
 
   * debian/patches/01_not-use-asymmetric-keys-as-HMAC.patch
     - Add a check so that asymmetric keys cannot be used as HMAC
-      secrets. (Closes: #781640)
+      secrets. See for more details:
+      https://auth0.com/blog/2015/03/31/critical-vulnerabilities-in-json-web-token-libraries/
+      (Closes: #781640)
 
  -- Daniele Tricoli <eriol at mornie.org>  Fri, 05 Jun 2015 03:25:03 +0200
 




More information about the Python-modules-commits mailing list