Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <dispatch@tracker.debian.org> , <debian-lts-changes@lists.debian.org>
Subject: Accepted pyjwt 1.7.1-2+deb11u1 (source) into oldoldstable-security
Date: Tue, 05 May 2026 14:30:15 +0000
Signed by: Jochen Sprickerhof <jspricke@debian.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 28 Apr 2026 17:17:11 +0200
Source: pyjwt
Architecture: source
Version: 1.7.1-2+deb11u1
Distribution: bullseye-security
Urgency: high
Maintainer: Debian Python Modules Team <python-modules-team@lists.alioth.debian.org>
Changed-By: Jochen Sprickerhof <jspricke@debian.org>
Changes:
 pyjwt (1.7.1-2+deb11u1) bullseye-security; urgency=high
 .
   * Non-maintainer upload by the LTS Team.
   * Fix CVE-2026-32597: PyJWT did not validate the crit (Critical) Header
     Parameter defined in RFC 7515 §4.1.11. When a JWS token contains a crit
     array listing extensions that PyJWT does not understand, the library
     accepts the token instead of rejecting it. This violates the MUST
     requirement in the RFC.
Checksums-Sha1:
 9cef0bdafc12577b97e9778538dc857ce095f257 2251 pyjwt_1.7.1-2+deb11u1.dsc
 10067a763a8b788e3573a6d6cab32240a1d8dea0 41979 pyjwt_1.7.1.orig.tar.gz
 ebd906bb824db71b67a4e6fada593b5c2d90c0ef 6592 pyjwt_1.7.1-2+deb11u1.debian.tar.xz
 cbec3693404a67c52c11f0aef6081f3885f7f396 7264 pyjwt_1.7.1-2+deb11u1_source.buildinfo
Checksums-Sha256:
 f50a1a79a2bf7faa0c4c24050b7e3f07ec3de11f6ef77b74ffc2c1af38e031bb 2251 pyjwt_1.7.1-2+deb11u1.dsc
 8d59a976fb773f3e6a39c85636357c4f0e242707394cadadd9814f5cbaa20e96 41979 pyjwt_1.7.1.orig.tar.gz
 b2bf6455cda8584a3076a9649de8dd6fb7470e28c2ffa5a04da61d879bd08d33 6592 pyjwt_1.7.1-2+deb11u1.debian.tar.xz
 c568aa3ecfcf17892e15cb4efe1658cfe687e6b09f8147153166ebfffd8e48f7 7264 pyjwt_1.7.1-2+deb11u1_source.buildinfo
Files:
 fdbe18e384f4290e2f460f646836aa2a 2251 python optional pyjwt_1.7.1-2+deb11u1.dsc
 a4712f980c008696e13e09504120b2a0 41979 python optional pyjwt_1.7.1.orig.tar.gz
 8b177d07060356a2614651b5ba11b22d 6592 python optional pyjwt_1.7.1-2+deb11u1.debian.tar.xz
 2e550546f4e1cb28dea9d23542ca0108 7264 python optional pyjwt_1.7.1-2+deb11u1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJIBAEBCgAyFiEEc7KZy9TurdzAF+h6W//cwljmlDMFAmn5+kIUHGpzcHJpY2tl
QGRlYmlhbi5vcmcACgkQW//cwljmlDOi0g//ZkM97bK6NG+qeUQ0XtlYQIxHTpdJ
rlA4g0eoN7kFjMEW0X6ovkUNYLFN48MqZg/PKZe1uI7RocWOBxOi22nDXCPXw6w9
lmxCADH8dSNHPK1na3AAB1EvVUAkjJ1heMiYDk49utrF4TirYVqe7CBGG+fDHB4Y
k+3RPOe/3Sh3S+b20+vu+7UOH1snqs188sZm8MizF6xf4xFg7QUoIY9vYStH/LZF
HYNCiSBZys8iSeVDtJhrg407100H742wzWBsvPY10fhIlpbNOYmIBLi/7ccS7KaE
Bx0+kmjviepQuMsYcb2LVFJbxx66iwEeKQaaLxk0Cxl6V6VPCY4V+VhTQhlZeFVc
VDa2DttpMUHCqwnJZTijlBE3uwUnvbP0yOXyygExegKbg0oKC6OWcksQarrGfEb7
xiLe9Srni9m2tAs3DAX0HDbJJ9EJTAXIGxfg+okN+OQcoXPCAvrlf32nDSSXETnm
Av8btwsSOjOWEKRBZ+BjoClon4QfZb4yxGV0n+mBvappWZtXtAYHbsFyjwTE9rB7
IOnRn0MIAVpHl9T6dC0BPWrFjVijIgknRHZjKNyALxAdloNHFXDeAYlK5gr9V70d
uks68yMxetUekCDCpGL/zNKPvgUUf4lWdGuDYBB4DO83G6z9aIl5at9+RN13d/id
8E9ws8Qtv4nxEik=
=PKV2
-----END PGP SIGNATURE-----

News for package pyjwt