libbrotli1 upgrade to 1.0.9 due to security
Bug #1978821 reported by
Robert
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
brotli (Ubuntu) |
Invalid
|
Undecided
|
Unassigned |
Bug Description
The latest version on 18.04 is 1.0.3-1ubuntu1
The git repo at https:/
> Please consider updating brotli to version 1.0.9 (latest).
>
> Version 1.0.9 contains a fix to "integer overflow" problem. This happens when "one-shot" decoding > API is used (or input chunk for streaming API is not limited), input size (chunk size) is larger > than 2GiB, and input contains uncompressed blocks. After the overflow happens, memcpy is invoked > with a gigantic num value, that will likely cause the crash.
CVE References
affects: | curl (Ubuntu) → brotli (Ubuntu) |
information type: | Private Security → Public Security |
Changed in brotli (Ubuntu): | |
status: | New → Confirmed |
To post a comment you must log in.
I'm making this bug public, since the issue is listed on a public page.
Curiously, I could not find a CVE for this issue.