Overview

File _patchinfo of Package patchinfo.28087

<patchinfo incident="28087">
  <issue tracker="bnc" id="1199756">VUL-0: CVE-2022-29217: python27-PyJWT,python-PyJWT: Key confusion through non-blocklisted public key formats</issue>
  <issue tracker="bnc" id="1176785">[Trackerbug] Update Azure CLI packages to latest version in SLE-15</issue>
  <issue tracker="bnc" id="1199282">Update azure SDK and cli to support aarch64 image creation</issue>
  <issue tracker="jsc" id="SLE-24629"/>
  <issue tracker="jsc" id="PM-2352"/>
  <issue tracker="jsc" id="ECO-3105"/>
  <issue tracker="jsc" id="PM-3243"/>
  <issue tracker="cve" id="2022-29217"/>
  <packager>glaubitz</packager>
  <rating>critical</rating>
  <category>security</category>
  <summary>Security update for python-PyJWT</summary>
  <description>This update for python-PyJWT fixes the following issues:

- CVE-2022-29217: Fixed Key confusion through non-blocklisted public key formats (bsc#1199756).

- Update in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629)

- Update to 2.4.0 (bsc#1199756)
    - Explicit check the key for ECAlgorithm
    - Don't use implicit optionals
    - documentation fix: show correct scope 
    - fix: Update copyright information
    - Don't mutate options dictionary in .decode_complete()
    - Add support for Python 3.10
    - api_jwk: Add PyJWKSet.__getitem__
    - Update usage.rst
    - Docs: mention performance reasons for reusing RSAPrivateKey
      when encoding
    - Fixed typo in usage.rst
    - Add detached payload support for JWS encoding and decoding
    - Replace various string interpolations with f-strings by

</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places