It was discovered that PyJWT did not validate the critical header parameter, contrary to the RFC specification expectations. A remote attacker could possibly use this issue to bypass certain authentication checks and restrictions.
2.3.0-1ubuntu0.32.7.0-1ubuntu0.12.10.1-2ubuntu0.11.3.0-1ubuntu0.1+esm11.5.3+ds1-1ubuntu0.1+esm11.7.1-2ubuntu2.1+esm1