Ah yes, that CVE was fixed in all our releases, so I am marking this bug
as invalid. Thanks!
** Changed in: brotli (Ubuntu)
Status: Confirmed => Invalid
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to the bug report.
It's CVE-2020-8927
Apparently the earlier versions of Brotli have been patched, see
https://usn.ubuntu.com/4568-1/
Still, it's confusing to see an earlier version and be unsure whether it
was patched or not. I would think that a change from 1.0.3 or 1.0.7 to
1.0.9 would be safe.
** CVE added:
I'm making this bug public, since the issue is listed on a public page.
Curiously, I could not find a CVE for this issue.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1978821
Title:
** Information type changed from Private Security to Public Security
** Changed in: brotli (Ubuntu)
Status: New => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1978821