Register | Log in

python-jose

Choose email to subscribe with

general

source: python-jose (main)
version: 3.3.0+dfsg-4
maintainer: Debian Python Team (DMD)
uploaders: Michael Fladischer [DMD] – Adam Cecile [DMD]
arch: all
std-ver: 4.6.0.1
VCS: Git (Browse)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

stable: 3.3.0+dfsg-4

versioned links

3.3.0+dfsg-4: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

python-jose-doc
python3-jose

package is gone

This package is not in any development repository. This probably means that the package has been removed (or has been renamed). Thus the information here is of little interest ... the package is going to disappear unless someone takes it over and reintroduces it.

action needed

2 security issues in trixie high

There are 2 open security issues in trixie.

2 important issues:

CVE-2024-33663: python-jose through 3.3.0 has algorithm confusion with OpenSSH ECDSA keys and other key formats. This is similar to CVE-2022-29217.
CVE-2024-33664: python-jose through 3.3.0 allows attackers to cause a denial of service (resource consumption) during a decode via a crafted JSON Web Encryption (JWE) token with a high compression ratio, aka a "JWT bomb." This is similar to CVE-2024-21319.

Created: 2024-04-26 Last update: 2024-08-04 05:39

2 security issues in sid high

There are 2 open security issues in sid.

2 important issues:

CVE-2024-33663: python-jose through 3.3.0 has algorithm confusion with OpenSSH ECDSA keys and other key formats. This is similar to CVE-2022-29217.
CVE-2024-33664: python-jose through 3.3.0 allows attackers to cause a denial of service (resource consumption) during a decode via a crafted JSON Web Encryption (JWE) token with a high compression ratio, aka a "JWT bomb." This is similar to CVE-2024-21319.

Created: 2024-04-26 Last update: 2024-06-30 13:24

No known security issue in bookworm wishlist

There are 2 open security issues in bookworm.

2 ignored issues:

CVE-2024-33663: python-jose through 3.3.0 has algorithm confusion with OpenSSH ECDSA keys and other key formats. This is similar to CVE-2022-29217.
CVE-2024-33664: python-jose through 3.3.0 allows attackers to cause a denial of service (resource consumption) during a decode via a crafted JSON Web Encryption (JWE) token with a high compression ratio, aka a "JWT bomb." This is similar to CVE-2024-21319.

Created: 2024-04-26 Last update: 2024-11-16 20:05

news

[2024-08-08] python-jose REMOVED from testing (Debian testing watch)
[2024-08-04] Removed 3.3.0+dfsg-5 from unstable (Debian FTP Masters)
[2024-05-09] python-jose 3.3.0+dfsg-5 MIGRATED to testing (Debian testing watch)
[2024-05-05] Accepted python-jose 3.3.0+dfsg-5 (source) into unstable (Alexandre Detiste)
[2022-11-30] python-jose 3.3.0+dfsg-4 MIGRATED to testing (Debian testing watch)
[2022-11-27] Accepted python-jose 3.3.0+dfsg-4 (source) into unstable (Jelmer Vernooĳ) (signed by: Jelmer Vernooij)
[2022-06-30] python-jose 3.3.0+dfsg-3 MIGRATED to testing (Debian testing watch)
[2022-06-26] Accepted python-jose 3.3.0+dfsg-3 (source) into unstable (Sandro Tosi)
[2022-06-02] python-jose 3.3.0+dfsg-2 MIGRATED to testing (Debian testing watch)
[2022-05-30] Accepted python-jose 3.3.0+dfsg-2 (source) into unstable (Sophie Brun)
[2022-02-16] Accepted python-jose 3.3.0+dfsg-1 (source all) into unstable, unstable (Debian FTP Masters) (signed by: Michael Fladischer)

bugs [bug history graph]

all: 0

links

homepage
buildd: logs
popcon
browse source code
edit tags
other distros
security tracker
debci

Debian Package Tracker — Copyright 2013-2018 The Distro Tracker Developers

Report problems to the tracker.debian.org pseudo-package in the Debian BTS.

Documentation — Bugs — Git Repository — Contributing