It's CVE-2020-8927 Apparently the earlier versions of Brotli have been patched, see https://usn.ubuntu.com/4568-1/
Still, it's confusing to see an earlier version and be unsure whether it was patched or not. I would think that a change from 1.0.3 or 1.0.7 to 1.0.9 would be safe. ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-8927 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1978821 Title: libbrotli1 upgrade to 1.0.9 due to security To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/brotli/+bug/1978821/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs