{"id":"openSUSE-SU-2025:0004-1","summary":"Security update for rubygem-json-jwt","details":"This update for rubygem-json-jwt fixes the following issues:\n\n- New upstream release 1.16.6, see bundled CHANGELOG.md\n\n- Remove padding oracle by @btoews in https://github.com/nov/json-jwt/pull/109\n- Fixes CVE-2023-51774 boo#1220727\n\n- updated to version 1.11.0\n  - no changelog found\n  - Fixes CVE-2019-18848 boo#1156649 \n\n","modified":"2026-02-04T04:39:42.384646Z","published":"2025-01-07T17:01:48Z","related":["CVE-2019-18848","CVE-2023-51774"],"upstream":["CVE-2019-18848","CVE-2023-51774"],"references":[{"type":"ADVISORY","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/FICWL2K7EGMUBVQ6CHEQYANYFEU4XBG4/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1156649"},{"type":"REPORT","url":"https://bugzilla.suse.com/1220727"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-18848"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2023-51774"}],"affected":[{"package":{"name":"rubygem-aes_key_wrap","ecosystem":"SUSE:Package Hub 15 SP5","purl":"pkg:rpm/suse/rubygem-aes_key_wrap&distro=SUSE%20Package%20Hub%2015%20SP5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.1.0-bp155.2.1"}]}],"ecosystem_specific":{"binaries":[{"ruby2.5-rubygem-json-jwt-doc":"1.16.6-bp155.3.3.1","ruby2.5-rubygem-aes_key_wrap":"1.1.0-bp155.2.1","ruby2.5-rubygem-aes_key_wrap-doc":"1.1.0-bp155.2.1","ruby2.5-rubygem-json-jwt":"1.16.6-bp155.3.3.1"}]},"database_specific":{"source":"https://ftp.suse.com/pub/projects/security/osv/openSUSE-SU-2025:0004-1.json"}},{"package":{"name":"rubygem-json-jwt","ecosystem":"SUSE:Package Hub 15 SP5","purl":"pkg:rpm/suse/rubygem-json-jwt&distro=SUSE%20Package%20Hub%2015%20SP5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.16.6-bp155.3.3.1"}]}],"ecosystem_specific":{"binaries":[{"ruby2.5-rubygem-json-jwt-doc":"1.16.6-bp155.3.3.1","ruby2.5-rubygem-aes_key_wrap":"1.1.0-bp155.2.1","ruby2.5-rubygem-aes_key_wrap-doc":"1.1.0-bp155.2.1","ruby2.5-rubygem-json-jwt":"1.16.6-bp155.3.3.1"}]},"database_specific":{"source":"https://ftp.suse.com/pub/projects/security/osv/openSUSE-SU-2025:0004-1.json"}},{"package":{"name":"rubygem-aes_key_wrap","ecosystem":"openSUSE:Leap 15.5","purl":"pkg:rpm/opensuse/rubygem-aes_key_wrap&distro=openSUSE%20Leap%2015.5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.1.0-bp155.2.1"}]}],"ecosystem_specific":{"binaries":[{"ruby2.5-rubygem-json-jwt-doc":"1.16.6-bp155.3.3.1","ruby2.5-rubygem-aes_key_wrap":"1.1.0-bp155.2.1","ruby2.5-rubygem-aes_key_wrap-doc":"1.1.0-bp155.2.1","ruby2.5-rubygem-json-jwt":"1.16.6-bp155.3.3.1"}]},"database_specific":{"source":"https://ftp.suse.com/pub/projects/security/osv/openSUSE-SU-2025:0004-1.json"}},{"package":{"name":"rubygem-json-jwt","ecosystem":"openSUSE:Leap 15.5","purl":"pkg:rpm/opensuse/rubygem-json-jwt&distro=openSUSE%20Leap%2015.5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.16.6-bp155.3.3.1"}]}],"ecosystem_specific":{"binaries":[{"ruby2.5-rubygem-json-jwt-doc":"1.16.6-bp155.3.3.1","ruby2.5-rubygem-aes_key_wrap":"1.1.0-bp155.2.1","ruby2.5-rubygem-aes_key_wrap-doc":"1.1.0-bp155.2.1","ruby2.5-rubygem-json-jwt":"1.16.6-bp155.3.3.1"}]},"database_specific":{"source":"https://ftp.suse.com/pub/projects/security/osv/openSUSE-SU-2025:0004-1.json"}}],"schema_version":"1.7.3"}