Ubuntu Security Notice 5526-1 - Aapo Oksman discovered that PyJWT incorrectly handled signatures constructed from SSH public keys. A remote attacker could use this to forge a JWT signature.
9f4662cb5a95ee03ce93366d52dac96d27a5c0d5e8a2c08609919e3ec43b155f