[Python-modules-team] Bug#781640: Downgrading bug severity
Daniele Tricoli
eriol at mornie.org
Sat Apr 11 17:37:20 UTC 2015
Hello,
sorry for the delay and thanks Thomas: I had forgotten to subscribe to pyjwt :
(
On Thursday 09 April 2015 09:19:03 Thomas Goirand wrote:
> If the package isn't vulnerable, shouldn't this bug report be closed? If
> that's the case, then I'll let you close it. In the mean while, I'll
> downgrade the severity to normal, in order to not remove the package
> (and its rev-dependencies) from testing.
My plan is to package pyjwt 1.0.1 soon: it's not vulnerable since the fix
mentioned by Luke was applied to 1.0.0.
I'm leaving this open for now, but I agree with Thomas: 0.2.1 is not
vulnerable to alg=”none” bug, so we can close this bug.
Kind regards,
--
Daniele Tricoli 'Eriol'
http://mornie.org
More information about the Python-modules-team
mailing list