Debian Package Tracker
Register | Log in
Subscribe

python-jose

Choose email to subscribe with

general
  • source: python-jose (main)
  • version: 3.3.0+dfsg-4
  • maintainer: Debian Python Team (DMD)
  • uploaders: Michael Fladischer [DMD] – Adam Cecile [DMD]
  • arch: all
  • std-ver: 4.6.0.1
  • VCS: Git (Browse)
versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]
[pool directory]
  • stable: 3.3.0+dfsg-4
versioned links
  • 3.3.0+dfsg-4: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
binaries
  • python-jose-doc
  • python3-jose
package is gone
This package is not in any development repository. This probably means that the package has been removed (or has been renamed). Thus the information here is of little interest ... the package is going to disappear unless someone takes it over and reintroduces it.
action needed
2 security issues in trixie high

There are 2 open security issues in trixie.

2 important issues:
  • CVE-2024-33663: python-jose through 3.3.0 has algorithm confusion with OpenSSH ECDSA keys and other key formats. This is similar to CVE-2022-29217.
  • CVE-2024-33664: python-jose through 3.3.0 allows attackers to cause a denial of service (resource consumption) during a decode via a crafted JSON Web Encryption (JWE) token with a high compression ratio, aka a "JWT bomb." This is similar to CVE-2024-21319.
Created: 2024-04-26 Last update: 2024-08-04 05:39
2 security issues in sid high

There are 2 open security issues in sid.

2 important issues:
  • CVE-2024-33663: python-jose through 3.3.0 has algorithm confusion with OpenSSH ECDSA keys and other key formats. This is similar to CVE-2022-29217.
  • CVE-2024-33664: python-jose through 3.3.0 allows attackers to cause a denial of service (resource consumption) during a decode via a crafted JSON Web Encryption (JWE) token with a high compression ratio, aka a "JWT bomb." This is similar to CVE-2024-21319.
Created: 2024-04-26 Last update: 2024-06-30 13:24
No known security issue in bookworm wishlist

There are 2 open security issues in bookworm.

2 ignored issues:
  • CVE-2024-33663: python-jose through 3.3.0 has algorithm confusion with OpenSSH ECDSA keys and other key formats. This is similar to CVE-2022-29217.
  • CVE-2024-33664: python-jose through 3.3.0 allows attackers to cause a denial of service (resource consumption) during a decode via a crafted JSON Web Encryption (JWE) token with a high compression ratio, aka a "JWT bomb." This is similar to CVE-2024-21319.
Created: 2024-04-26 Last update: 2025-02-27 05:02
news
[rss feed]
  • [2024-08-08] python-jose REMOVED from testing (Debian testing watch)
  • [2024-08-04] Removed 3.3.0+dfsg-5 from unstable (Debian FTP Masters)
  • [2024-05-09] python-jose 3.3.0+dfsg-5 MIGRATED to testing (Debian testing watch)
  • [2024-05-05] Accepted python-jose 3.3.0+dfsg-5 (source) into unstable (Alexandre Detiste)
  • [2022-11-30] python-jose 3.3.0+dfsg-4 MIGRATED to testing (Debian testing watch)
  • [2022-11-27] Accepted python-jose 3.3.0+dfsg-4 (source) into unstable (Jelmer Vernooij) (signed by: Jelmer Vernooij)
  • [2022-06-30] python-jose 3.3.0+dfsg-3 MIGRATED to testing (Debian testing watch)
  • [2022-06-26] Accepted python-jose 3.3.0+dfsg-3 (source) into unstable (Sandro Tosi)
  • [2022-06-02] python-jose 3.3.0+dfsg-2 MIGRATED to testing (Debian testing watch)
  • [2022-05-30] Accepted python-jose 3.3.0+dfsg-2 (source) into unstable (Sophie Brun)
  • [2022-02-16] Accepted python-jose 3.3.0+dfsg-1 (source all) into unstable, unstable (Debian FTP Masters) (signed by: Michael Fladischer)
bugs [bug history graph]
  • all: 0
links
  • homepage
  • buildd: logs
  • popcon
  • browse source code
  • edit tags
  • other distros
  • security tracker
  • debci

Debian Package Tracker — Copyright 2013-2025 The Distro Tracker Developers
Report problems to the tracker.debian.org pseudo-package in the Debian BTS.
Documentation — Bugs — Git Repository — Contributing