-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 28 Apr 2026 16:43:00 +0200
Source: pyjwt
Binary: python-jwt-doc python3-jwt
Architecture: all
Version: 2.10.1-2+deb13u1
Distribution: trixie-security
Urgency: medium
Maintainer: all Build Daemon (x86-grnet-02) <buildd_all-x86-grnet-02@buildd.debian.org>
Changed-By: Jochen Sprickerhof <jspricke@debian.org>
Description:
 python-jwt-doc - Python 3 implementation of JSON Web Token (Documentation)
 python3-jwt - Python 3 implementation of JSON Web Token
Closes: 1130662
Changes:
 pyjwt (2.10.1-2+deb13u1) trixie-security; urgency=medium
 .
   * Team upload
   * Fix CVE-2026-32597: PyJWT did not validate the crit (Critical) Header
     Parameter defined in RFC 7515 §4.1.11. When a JWS token contains a crit
     array listing extensions that PyJWT does not understand, the library
     accepts the token instead of rejecting it. This violates the MUST
     requirement in the RFC. (Closes: #1130662)
Checksums-Sha1:
 6af068923cbf9ef04c6ce40fc415bad009cd8afe 8702 pyjwt_2.10.1-2+deb13u1_all-buildd.buildinfo
 7e7df1298ae020088918d3d388fcb13527cd12fe 69864 python-jwt-doc_2.10.1-2+deb13u1_all.deb
 f72268b61e4680370e6cde31a7608f910320c1fb 31768 python3-jwt_2.10.1-2+deb13u1_all.deb
Checksums-Sha256:
 85dcdb60e25783d3f4eef55743bc906fc6ac073dcb6e7c14079bf3457fe30e84 8702 pyjwt_2.10.1-2+deb13u1_all-buildd.buildinfo
 d1086f158999adf27ac982058fe6eef9fd808578ff324de0fbf60a8f52e66a2e 69864 python-jwt-doc_2.10.1-2+deb13u1_all.deb
 d6971f1c7b688e7edeff93483ccbab11083bdc19a754a7f5f37d2f7b4a97afe5 31768 python3-jwt_2.10.1-2+deb13u1_all.deb
Files:
 6667556e8258a09f991e69acc0dc8968 8702 python optional pyjwt_2.10.1-2+deb13u1_all-buildd.buildinfo
 6da0d6f659efb758e4c834cbdebd09a9 69864 doc optional python-jwt-doc_2.10.1-2+deb13u1_all.deb
 66e9774a3eef69035279930a1e4f54e8 31768 python optional python3-jwt_2.10.1-2+deb13u1_all.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE81O8NL+3kjBAqEvLmgPNRvTf/zcFAmn5f/IACgkQmgPNRvTf
/zcXYxAAvlfXIip1GtdjQ7NqP+Nqr1p6VJusmUdHKNznzUDE2sS8HvHnOou8Py7/
WorC0NuwQVtlTreT2AsFIEF/IaIODO7zhZoLfjmehMu7WH0yNvo3hgPV13/hU90h
sSttUGQO0kNMiy9B0EO7P77AE62RHyDEChf4paHqXZWcirqLwDwFedUROTn2bRvP
P8mR4DYB0L0X1UpsQ+ZV61MCEVCp8A/lNLoc3xTX6f66/cKaztEt5TM4r9/ZVaR4
dx5fJ3gAiXf8ctMJSeDddmytgyuKsMf/0h3d9ZAZEAaY3/X2UstF3R+7lortiqF7
H6+3yuRHjtFORK+VBzhAHoSQLr5sU3ilaQmZH+puw8T8hogHpvrjXnrfYblL1Cq4
HfB92nU8PSdsAn4IjKBjN71n9Au4Ww1JsxQHgn2DgLeMwyaCZ1rAJoIcA7lIYle2
0hgvrHeO4b7TmOkxVb81RcIqDuPLu3LokQ/wEumW34PN/Op7MoF1pD/Bb96HJPbL
MmPMFXj7oYC/QVX98G1nBfnfBHRLBnkVoCmwXQzVP/buVyHFafNAatBTjIoGfizE
zul3ggdlMNmKJj67DngBLDx7dqnfyqnmEDx0LT2c4tRquw39ajlhZrDIoqdkiCPJ
0KpfJOo2jrtl5K1lTgihjqTo1DF8cHY5nisJ7l5yuXqpaBiRnv0=
=rbCU
-----END PGP SIGNATURE-----