Overview

File _patchinfo of Package patchinfo.5887

<patchinfo incident="5887">
  <issue id="1054106" tracker="bnc">VUL-0: CVE-2017-12880: python-PyJWT: In PyJWT 1.5.0 and below the 'invalid_strings' check in'HMACAlgorithm.prepare_key' does not account for all PEM encoded public keys.Specifically, the PKCS1 PEM encoded format would be allowed because i</issue>
  <issue id="2017-12880" tracker="cve" />
  <category>security</category>
  <rating>moderate</rating>
  <packager>matejcik</packager>
  <description>This update for python-PyJWT fixes the following issues:

- CVE-2017-12880: fix symmetric/asymmetric confusion when handling PKCS1 public keys (bsc#1054106)
</description>
  <summary>Security update for python-PyJWT</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places