-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 28 Apr 2026 16:43:00 +0200 Source: pyjwt Architecture: source Version: 2.10.1-2+deb13u1 Distribution: trixie-security Urgency: medium Maintainer: Debian Python Team Changed-By: Jochen Sprickerhof Closes: 1130662 Changes: pyjwt (2.10.1-2+deb13u1) trixie-security; urgency=medium . * Team upload * Fix CVE-2026-32597: PyJWT did not validate the crit (Critical) Header Parameter defined in RFC 7515 ยง4.1.11. When a JWS token contains a crit array listing extensions that PyJWT does not understand, the library accepts the token instead of rejecting it. This violates the MUST requirement in the RFC. (Closes: #1130662) Checksums-Sha1: d6d6dfc56e49467c04042c3a8a6e3a2f8add565b 2387 pyjwt_2.10.1-2+deb13u1.dsc 32480aca964381c48a8d34ed501947ce5ebb6379 87172 pyjwt_2.10.1.orig.tar.gz 8c80cbcae96be0928e176b78e8ad9ab8d9f2ddd3 7872 pyjwt_2.10.1-2+deb13u1.debian.tar.xz ba096eea69ada20975d82ad0bc4eeef0e0dd08e1 7239 pyjwt_2.10.1-2+deb13u1_source.buildinfo Checksums-Sha256: ca3dab81ae322a3215de3565b9132544d55697a5a7f049b76e949743743715de 2387 pyjwt_2.10.1-2+deb13u1.dsc f1f537d12a83da1bb194f19474be5cb48ba772ffa46e21025928964ea504da52 87172 pyjwt_2.10.1.orig.tar.gz d23fe4cf1f22d5b23bf7460cb0060e03126e9de10d1238e6214a63eafa3c8785 7872 pyjwt_2.10.1-2+deb13u1.debian.tar.xz 3a285033ec0031ae82ecc01a7cc0ac675a243168fcb4fe50968ce61c402f8688 7239 pyjwt_2.10.1-2+deb13u1_source.buildinfo Files: ea54285ad0c16de1798c5a6eec860cbb 2387 python optional pyjwt_2.10.1-2+deb13u1.dsc ea9e1857990966e3258e598277a03572 87172 python optional pyjwt_2.10.1.orig.tar.gz 746b397b9b8b103642099f808b92ce13 7872 python optional pyjwt_2.10.1-2+deb13u1.debian.tar.xz 5efc696622f7e2e764193c06f8087576 7239 python optional pyjwt_2.10.1-2+deb13u1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEc7KZy9TurdzAF+h6W//cwljmlDMFAmn5eWMACgkQW//cwljm lDPiGg//fuI62I/2eYFdwE0TfndljSSAXE7B0z63/B/JgBS0h+5OgnWzMUUm2pkR H3OqWLR4wG7pX6VosQgx3oDfAGCknCl0a7gNtFRuCnwkMUrOvi9l3JzdAxa+UEbt mvOcqEXJJ7hSYumnnqyBnc8s2oLny+Jlji87PwTQhuKDrPUmly8H1YH8fK3m4hm8 k2Me06wRy5lO7xiSu8JAbwJ6v3o1a995pdNesuPtEm6m8RJYdsUuD2dplS64m0i6 0vGnUQi/ouhJ/1Uj2N5jhrgEX5HhnwJCmKs791aYze1Ku4rDvX2oGsRBUQQnEqHg iUYQyei2qUyDOcMY09bPi6VmcGXLzgYCOhsYhGDduh8qPyRDV84UT0/s3jesSFQ6 F1sEAt2JRV1K6g2VoUXMO1Qe6VvnpGzsujrmBrKIQlOjaFpnjxJSVDXz7ryjQc5i fhi9JzA2DmRn/9EsfVTR5kIuH0cG1H8q7LSJqduSFH9fckBBvs0pZV1te9Jok1j4 BedAEfz9Ib9F9ASVFt5Fw+FmxBeLquUf4e+u2sqj1VveDxd7b7A/wdfslV8fiKam HhG7kqjMWFHTHmZtSEhuGEpFjcu4/HiESdIEWm80+pJAwFHXl7/4bm51hgG7h/5x rKSmPQLissBJldPKaEv30W9V4yLtzaUZvazL3Yoee3EqVkt48qk= =RDtI -----END PGP SIGNATURE-----