*** This bug is a security vulnerability *** You have been subscribed to a public security bug by Marc Deslauriers (mdeslaur):
The latest version on 18.04 is 1.0.3-1ubuntu1 The git repo at https://github.com/google/brotli says > Please consider updating brotli to version 1.0.9 (latest). > > Version 1.0.9 contains a fix to "integer overflow" problem. This happens when > "one-shot" decoding > API is used (or input chunk for streaming API is not > limited), input size (chunk size) is larger > than 2GiB, and input contains > uncompressed blocks. After the overflow happens, memcpy is invoked > with a > gigantic num value, that will likely cause the crash. ** Affects: brotli (Ubuntu) Importance: Undecided Status: New -- libbrotli1 upgrade to 1.0.9 due to security https://bugs.launchpad.net/bugs/1978821 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
