[Bug 1978821] Re: libbrotli1 upgrade to 1.0.9 due to security
Ah yes, that CVE was fixed in all our releases, so I am marking this bug as invalid. Thanks! ** Changed in: brotli (Ubuntu) Status: Confirmed => Invalid -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1978821 Title: libbrotli1 upgrade to 1.0.9 due to security To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/brotli/+bug/1978821/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1978821] Re: libbrotli1 upgrade to 1.0.9 due to security
It's CVE-2020-8927 Apparently the earlier versions of Brotli have been patched, see https://usn.ubuntu.com/4568-1/ Still, it's confusing to see an earlier version and be unsure whether it was patched or not. I would think that a change from 1.0.3 or 1.0.7 to 1.0.9 would be safe. ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-8927 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1978821 Title: libbrotli1 upgrade to 1.0.9 due to security To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/brotli/+bug/1978821/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1978821] Re: libbrotli1 upgrade to 1.0.9 due to security
I'm making this bug public, since the issue is listed on a public page. Curiously, I could not find a CVE for this issue. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1978821 Title: libbrotli1 upgrade to 1.0.9 due to security To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/brotli/+bug/1978821/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1978821] Re: libbrotli1 upgrade to 1.0.9 due to security
** Information type changed from Private Security to Public Security ** Changed in: brotli (Ubuntu) Status: New => Confirmed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1978821 Title: libbrotli1 upgrade to 1.0.9 due to security To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/brotli/+bug/1978821/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs