Overview

File CVE-2024-33664.patch of Package python-python-jose.18400

From ff3357d9f91b93bc957aac9bc5a447c5c0bb74da Mon Sep 17 00:00:00 2001
From: "alistair.watts@groupbc.com" <alistair.watts@groupbc.com>
Date: Tue, 7 May 2024 14:50:53 +0100
Subject: [PATCH] Fix for CVE-2024-33664. JWE limited to 250K

---
 jose/constants.py |  2 ++
 jose/jwe.py       | 24 ++++++++++++++++++------
 tests/test_jwe.py | 34 +++++++++++++++++++++++++++++++++-
 3 files changed, 53 insertions(+), 7 deletions(-)

Index: python-jose-3.0.1/jose/constants.py
===================================================================
--- python-jose-3.0.1.orig/jose/constants.py
+++ python-jose-3.0.1/jose/constants.py
@@ -37,3 +37,6 @@ class Algorithms(object):
 
 
 ALGORITHMS = Algorithms()
+
+
+JWE_SIZE_LIMIT = 250 * 1024
openSUSE Build Service is sponsored by
Places