Comment 2 for bug 1978821

It's CVE-2020-8927

Apparently the earlier versions of Brotli have been patched, see https://usn.ubuntu.com/4568-1/

Still, it's confusing to see an earlier version and be unsure whether it was patched or not. I would think that a change from 1.0.3 or 1.0.7 to 1.0.9 would be safe.