Accepted pyjwt 2.6.0-1+deb12u1 (source) into oldstable-proposed-updates

Sun, 10 May 2026 02:34:31 -0700 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 28 Apr 2026 16:47:59 +0200
Source: pyjwt
Architecture: source
Version: 2.6.0-1+deb12u1
Distribution: bookworm-security
Urgency: high
Maintainer: Debian Python Team <[email protected]>
Changed-By: Jochen Sprickerhof <[email protected]>
Closes: 1130662
Changes:
 pyjwt (2.6.0-1+deb12u1) bookworm-security; urgency=high
 .
   * Team upload.
   * Fix CVE-2026-32597: PyJWT did not validate the crit (Critical) Header
     Parameter defined in RFC 7515 ยง4.1.11. When a JWS token contains a crit
     array listing extensions that PyJWT does not understand, the library
     accepts the token instead of rejecting it. This violates the MUST
     requirement in the RFC. (Closes: #1130662)
Checksums-Sha1:
 58c3ef79830bdad7e6bec01d8f63feb6ceb0df73 2261 pyjwt_2.6.0-1+deb12u1.dsc
 014819b05552f6ed1696738e80fcdfc3b044ea79 72984 pyjwt_2.6.0.orig.tar.gz
 35e32d6c298f8526d329f6cf791e60947f10ca76 6456 
pyjwt_2.6.0-1+deb12u1.debian.tar.xz
 5d3e6bb62916ac2eec8368c8195e1906843a07e0 7235 
pyjwt_2.6.0-1+deb12u1_source.buildinfo
Checksums-Sha256:
 d8b1ce01c1a767b4fdb9d57fe52475d28c7b5f3ca1f6f2e44ab87a2c9b84d4a5 2261 
pyjwt_2.6.0-1+deb12u1.dsc
 69285c7e31fc44f68a1feb309e948e0df53259d579295e6cfe2b1792329f05fd 72984 
pyjwt_2.6.0.orig.tar.gz
 9beff2b49c616dffef58afc933c75ce49c467806c194e4c6d5ff8aab445292cd 6456 
pyjwt_2.6.0-1+deb12u1.debian.tar.xz
 24b24ccb98d19760d1a8bab6d9acaadac676d21860d82b2eedb207362c05f02f 7235 
pyjwt_2.6.0-1+deb12u1_source.buildinfo
Files:
 8770fdf629e71bf5b0c879b9c8f231e1 2261 python optional pyjwt_2.6.0-1+deb12u1.dsc
 aeed6d3a581ae383b2288a2079fa562d 72984 python optional pyjwt_2.6.0.orig.tar.gz
 171ae958e8db8396778e111a2a06f4b7 6456 python optional 
pyjwt_2.6.0-1+deb12u1.debian.tar.xz
 50411e2d94b5e6fff904bc82a00a99b6 7235 python optional 
pyjwt_2.6.0-1+deb12u1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEc7KZy9TurdzAF+h6W//cwljmlDMFAmn5edgACgkQW//cwljm
lDMF3A//XvWFLaOep2lkjThcRsNXbMRLPIsEl0bZPfDvjX3aCH9NQDabUz4I93jU
PFLGrFgE1ydR8lgsWtPLpZKTqStfnLsu0A+WtqZ9FInXEyVTTmyRxRVqohMHwfU2
h22G+3zfVOiZhBNW/axzR6X/AKg4os5lNv40IUw3gL98p2PbvT90mfWJcz/sQpqX
0UrHIHoxgk29vAn/Fssp3U1IOIUT7Z61Kte96gTAKrY/16a/BCgXPVhDPutrTx2N
fs6l5NVozv65PcWQ5ggTSOVIF5ERwI3VqwKTMMfDl05QNWS/9AZg8Fgjq0odW1J6
mlb9c+fkxZtm6PrTamLx3zR63pYdbLVYb5qVI8N4TUhCX1NO9HxW07wX7VmiIXxq
Fl2Jj7DjhBMzFHhNV73EyZL4octECYLJTvzoH6GcaWBDLMcuGINxbPeiLRQQSXvP
oi9X6qGh6Wcnp5xrMWTyg8aXyFq5/NVdbt5fzMGdhr8GPieEGqCg4GkT+eIQZ3ad
a7NmapSFWr+NzumUXJ5K9/35iI4DHBTXmbjsQ6F8plPs0KR7kYWPDxNsRPk6IYnd
PWFNoWmFjSPsIaynftyUlR0D+AEVNuODUGLV6OWec2oxW5rCptRqnd7InYv0bUX8
nir0zwh3tDaAS9HKC6f8NP4K1i41+sLy04+FSEh0LLhLiqzUfYo=
=R6eE
-----END PGP SIGNATURE-----

Attachment: pgp5MKd5k3KA9.pgp
Description: PGP signature

Reply via email to