pyjwt (1.3.0-1ubuntu0.1) xenial-security; urgency=medium

  * SECURITY UPDATE: symmetric/asymmetric key confusion attacks
    - debian/patches/CVE-2017-11424.patch: Throw if key is an PKCS1
      PEM-encoded public key in jwt/algorithms.py,
      tests/keys/testkey_pkcs1.pub.pem, tests/test_algorithms.py.
    - CVE-2017-11424

 -- Leonidas S. Barbosa <leo.barbosa@canonical.com>  Tue, 29 Aug 2017 09:49:43 -0300

pyjwt (1.3.0-1) unstable; urgency=medium

  * New upstream release.
    - Add a check so that asymmetric keys cannot be used as HMAC
      secrets. See for more details:
      https://auth0.com/blog/2015/03/31/critical-vulnerabilities-in-json-web-token-libraries/
  * debian/control
    - Update Homepage field.
    - Add python{,3}-cryptography to Build-Depends and Recommends.
      (Closes: #780630)
    - Add python{,3}-crypto to Suggests.
    - Bump Standards-Version to 3.9.6 (no changes needed).
  * debian/copyright
    - Update Upstream-Contact to reflect new upstream author.
    - Update copyright years.
  * debian/patches/01_do-not-use-pytest-runner.patch
    - Remove pytest-runner form setup_requires since it's not packaged for
      Debian yet.
  * debian/watch
    - Use pypi.debian.net redirector.

 -- Daniele Tricoli <eriol@mornie.org>  Fri, 10 Jul 2015 02:12:06 +0200

pyjwt (0.2.1-1) unstable; urgency=low

  * Initial release (Closes: #755832)

 -- Daniele Tricoli <eriol@mornie.org>  Fri, 29 Aug 2014 04:20:04 +0200
