Security update for python-PyJWT
This update for python-PyJWT fixes the following issues:
- CVE-2017-12880: fix symmetric/asymmetric confusion when handling PKCS1 public keys (bsc#1054106)
This update was imported from the SUSE:SLE-12-SP1:Update update project.
-
Submitted by
Jan Matejek (matejcik)
Fixed bugs
bnc#1054106
VUL-0: CVE-2017-12880: python-PyJWT: In PyJWT 1.5.0 and below the 'invalid_strings' check in'HMACAlgorithm.prepare_key' does not account for all PEM encoded public keys.Specifically, the PKCS1 PEM encoded format would be allowed because i
