Adding patchinfo patchinfo.20241204103913449963.255638743075857

2024-12-05 14:25:42 +01:00 · 2024-12-05 14:25:42 +01:00 · 62cb5539d2
commit 62cb5539d2
parent 528167e682
1 changed files with 21 additions and 0 deletions
--- a/patchinfo.20241204103913449963.255638743075857/_patchinfo
+++ b/patchinfo.20241204103913449963.255638743075857/_patchinfo
@ -0,0 +1,21 @@
+<patchinfo>
+  <!-- generated from request(s) 332835 -->
+  <issue tracker="bnc" id="1223417">VUL-0: CVE-2024-33663: python-python-jose: algorithm confusion with OpenSSH ECDSA keys and other key formats</issue>
+  <issue tracker="bnc" id="1223422">VUL-0: CVE-2024-33664: python-python-jose: denial of service via decoding of a JSON Web Encryption (JWE ) token with a high compression ratio</issue>
+  <issue tracker="cve" id="2024-33663"/>
+  <issue tracker="cve" id="2024-33664"/>
+  <issue tracker="gh" id="mpdavis/python-jose#345"/>
+  <issue tracker="gh" id="mpdavis/python-jose#349"/>
+  <issue tracker="gh" id="mpdavis/python-jose#350"/>
+  <packager>dgarcia</packager>
+  <rating>important</rating>
+  <category>security</category>
+  <summary>Security update for python-python-jose</summary>
+  <description>This update for python-python-jose fixes the following issues:
+
+- CVE-2024-33664: Fixed denial of service via decoding of a JSON Web Encryption (bsc#1223422)
+- CVE-2024-33663: Fixed algorithm confusion with OpenSSH ECDSA keys (bsc#1223417)
+</description>
+  <package>python-python-jose</package>
+  <seperate_build_arch/>
+</patchinfo>