UbuntuUpdates.org

Package "pyjwt"

Name: pyjwt

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • Python 3 implementation of JSON Web Token
Latest version: 2.3.0-1ubuntu0.3
Release: jammy (22.04)
Level: security
Repository: main

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Other versions of "pyjwt" in Jammy

Repository Area Version
base main 2.3.0-1
updates main 2.3.0-1ubuntu0.3

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 2.3.0-1ubuntu0.3 2026-03-30 21:08:08 UTC

  pyjwt (2.3.0-1ubuntu0.3) jammy-security; urgency=medium

  * SECURITY UPDATE: Incorrect authorization of invalid JWS token.
    - debian/patches/CVE-2026-32597.patch: Add _supported_crit and checks
      for valid crit header in jwt/api_jws.py. Add tests in
      tests/test_api_jws.py and tests/test_api_jwt.py.
    - CVE-2026-32597

 -- Hlib Korzhynskyy <email address hidden> Thu, 26 Mar 2026 14:58:14 -0230
Source diff to previous version
CVE-2026-32597 PyJWT is a JSON Web Token implementation in Python. Prior to 2.12.0, PyJWT does not validate the crit (Critical) Header Parameter defined in RFC 7515

Version: 2.3.0-1ubuntu0.2 2022-08-18 15:07:12 UTC

  pyjwt (2.3.0-1ubuntu0.2) jammy-security; urgency=medium

  * SECURITY REGRESSION: Revert inadvertent package version bump to 2.4.0
    (LP: #1986487)
    - debian/patches/CVE-2022-29217.patch: Comment out the part which
      bumps the internal package version number to 2.4.0

 -- Alex Murray <email address hidden> Wed, 17 Aug 2022 10:05:29 +0930
Source diff to previous version
1986487 python3-jwt (2.3.0-1ubuntu0.1) contains pyjwt 2.4.0 metadata but install 2.3.0 library
CVE-2022-29217 PyJWT is a Python implementation of RFC 7519. PyJWT supports multiple different JWT signing algorithms. With JWT, an attacker submitting the JWT toke

Version: 2.3.0-1ubuntu0.1 2022-07-20 01:07:56 UTC

  pyjwt (2.3.0-1ubuntu0.1) jammy-security; urgency=medium

  * SECURITY UPDATE: Signing key confusion via public key signature
    - debian/patches/CVE-2022-29217.patch: update jwt/algorithms.py to
      disallow using SSH keys as a HMAC secret.
    - CVE-2022-29217

 -- Alex Murray <email address hidden> Tue, 19 Jul 2022 14:26:57 +0930
CVE-2022-29217 PyJWT is a Python implementation of RFC 7519. PyJWT supports multiple different JWT signing algorithms. With JWT, an attacker submitting the JWT toke


About   -   Send Feedback to @ubuntu_updates