rpms/python-jwcrypto
7
0
Fork 0
Code Issues Pull Requests Releases Activity
Implements JWK,JWS,JWE specifications using python-cryptography
54 Commits 15 Branches 29 Tags 105 KiB
RPM Spec 100%
4c6c2f53c0
Go to file
Rafael Guterres Jeffman 4c6c2f53c0 Fix CVE-2026-39373: Memory exhaustion via crafted compressed JWE tokens 
Backport upstream commit 25db861d to fix CVE-2026-39373.
This introduces a maximum plaintext size limit (defaulting to 100MB)
during JWE decryption to mitigate memory exhaustion and decompression
bomb attacks when processing highly compressed malicious JWE payloads.

Resolves: RHEL-166011
Signed-off-by: Rafael Guterres Jeffman <rjeffman@redhat.com>
2026-04-16 19:48:48 -03:00
tests Added gating.yaml and tests for python-jwcrypto 2024-06-28 15:36:31 +05:30
.gitignore Rebase to version 1.5.6 2024-06-12 11:32:54 -03:00
0001-Limit-max-plaintext-size-for-JWE-decompression.patch Fix CVE-2026-39373: Memory exhaustion via crafted compressed JWE tokens 2026-04-16 19:48:48 -03:00
changelog Update to 1.4 2022-09-13 13:37:22 -04:00
gating.yaml Added gating.yaml and tests for python-jwcrypto 2024-06-28 15:36:31 +05:30
python-jwcrypto.spec Fix CVE-2026-39373: Memory exhaustion via crafted compressed JWE tokens 2026-04-16 19:48:48 -03:00
sources Rebase to version 1.5.6 2024-06-12 11:32:54 -03:00