freeipa team mailing list archive

Thread
Date

[Bug 1869215] Re: [MIR] python-jwcrypto

To: freeipa@xxxxxxxxxxxxxxxxxxx
From: James Page <james.page@xxxxxxxxxx>
Date: Fri, 17 Apr 2020 10:35:32 -0000
Reply-to: Bug 1869215 <1869215@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Looking to see if we can defer this as security team have it targetted
for 20.10.

I think it may be an optional runtime dependency.

-- 
You received this bug notification because you are a member of FreeIPA,
which is subscribed to python-jwcrypto in Ubuntu.
https://bugs.launchpad.net/bugs/1869215

Title:
  [MIR] python-jwcrypto

Status in python-jwcrypto package in Ubuntu:
  New

Bug description:
  [Availability]
  In universe

  [Rationale]
  New dependency for websockify

  [Security]
  https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=jwcrypto

  One CVE from 2016 in older released version (resolved).

  [Quality assurance]
  Package has tests which are run as part of the package build.

  [Dependencies]
  All in main.

  [Standards compliance]
  OK

  [Maintenance]
  ubuntu-openstack

  [Background Information]
  JWCrypto is an implementation of the Javascript Object Signing and Encryption (JOSE) Web Standards as they are being developed in the JOSE IETF Working Group and related technology.

  JWCrypto is Python2 and Python3 compatible and uses the Cryptography
  package for all the crypto functions.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/python-jwcrypto/+bug/1869215/+subscriptions

References

[Bug 1869215] [NEW] [MIR] python-jwcrypto
From: James Page, 2020-03-26