PyJWT regression
Discription

USN-5526-1 fixed vulnerabilities in PyJWT. Unfortunately this caused a
regression by incrementing the internal package version number on Ubuntu
22.04 LTS. This update fixes the problem.

We apologize for the inconvenience.

Original advisory details:

Aapo Oksman discovered that PyJWT incorrectly handled signatures
constructed from SSH public keys. A remote attacker could use this to forge
a JWT signature.Read More

Back to Main

Subscribe for the latest news: