File _patchinfo of Package patchinfo.19926

<patchinfo incident="19926">
  <issue tracker="bnc" id="1186173">pyJWT exception issue on SLES12-SP3</issue>
  <issue tracker="cve" id="2017-12880"/>
  <packager>glaubitz</packager>
  <rating>moderate</rating>
  <category>security</category>
  <summary>Security update for python-PyJWT</summary>
  <description>This update for python-PyJWT fixes the following issues:

python-JWT was updated to 1.5.3. (bsc#1186173)

update to version 1.5.3:

  * Changed

    + Increase required version of the cryptography package to
      &gt;=1.4.0.

  * Fixed

    + Remove uses of deprecated functions from the cryptography
      package.
    + Warn about missing algorithms param to decode() only when verify
      param is True #281


update to version 1.5.2:

- Ensure correct arguments order in decode super call [7c1e61d][7c1e61d]
- Change optparse for argparse. [#238][238]
- Guard against PKCS1 PEM encododed public keys [#277][277]
- Add deprecation warning when decoding without specifying `algorithms` [#277][277]
- Improve deprecation messages [#270][270]
- PyJWT.decode: move verify param into options [#271][271]
- Support for Python 3.6 [#262][262]
- Expose jwt.InvalidAlgorithmError [#264][264]
- Add support for ECDSA public keys in RFC 4253 (OpenSSH) format [#244][244]
- Renamed commandline script `jwt` to `jwt-cli` to avoid issues with the script clobbering the `jwt` module in some circumstances. [#187][187]
- Better error messages when using an algorithm that requires the cryptography package, but it isn't available [#230][230]
- Tokens with future 'iat' values are no longer rejected [#190][190]
- Non-numeric 'iat' values now raise InvalidIssuedAtError instead of DecodeError
- Remove rejection of future 'iat' claims [#252][252]
- Add back 'ES512' for backward compatibility (for now) [#225][225]
- Fix incorrectly named ECDSA algorithm [#219][219]
- Fix rpm build [#196][196]
- Add JWK support for HMAC and RSA keys [#202][202]

</description>
</patchinfo>