This bug was fixed in the package brotli - 0.3.0+dfsg-2ubuntu1
---
brotli (0.3.0+dfsg-2ubuntu1) xenial-security; urgency=medium
* SECURITY UPDATE: integer underflow in dec/decode.c (LP: #1737364)
- debian/patches/fix-integer-underflow.patch: upstream patch via Debian
- CVE-2
ACK on the debdiff in comment #1. Package is building now and will be
released as a security update. Thanks!
** Also affects: brotli (Ubuntu Xenial)
Importance: Undecided
Status: New
** Changed in: brotli (Ubuntu)
Status: New => Fix Released
** Changed in: brotli (Ubuntu Xenial)