Site icon 지락문화예술공작단

USN-5526-2: PyJWT regression

USN-5526-2: PyJWT regression

USN-5526-1 fixed vulnerabilities in PyJWT. Unfortunately this caused a
regression by incrementing the internal package version number on Ubuntu
22.04 LTS. This update fixes the problem.

We apologize for the inconvenience.

Original advisory details:

Aapo Oksman discovered that PyJWT incorrectly handled signatures
constructed from SSH public keys. A remote attacker could use this to forge
a JWT signature.
Source: USN-5526-2: PyJWT regression

Exit mobile version