Fedora Linux 8775 Published by

A brotli security update has been released for Fedora 33.



SECURITY: Fedora 33 Update: brotli-1.0.9-3.fc33


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2020-c76a35b209
2020-10-23 22:01:02.259539
--------------------------------------------------------------------------------

Name : brotli
Product : Fedora 33
Version : 1.0.9
Release : 3.fc33
URL :   https://github.com/google/brotli
Summary : Lossless compression algorithm
Description :
Brotli is a generic-purpose lossless compression algorithm that compresses
data using a combination of a modern variant of the LZ77 algorithm, Huffman
coding and 2nd order context modeling, with a compression ratio comparable
to the best currently available general-purpose compression methods.
It is similar in speed with deflate but offers more dense compression.

--------------------------------------------------------------------------------
Update Information:

Update to 1.0.9, fixes CVE-2020-8927
--------------------------------------------------------------------------------
ChangeLog:

* Thu Oct 1 2020 Travis Kendrick - 1.0.9-3
- Apparently %autosetup calls %patch on its own
* Thu Oct 1 2020 Travis Kendrick - 1.0.9-2
- Fix pc file (#1884364)
* Wed Sep 30 2020 Travis Kendrick - 1.0.9-1
- Update to 1.0.9 (#1872932)
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #1879226 - CVE-2020-8927 brotli: buffer overflow when input chunk is larger than 2GiB [fedora-all]
  https://bugzilla.redhat.com/show_bug.cgi?id=1879226
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2020-c76a35b209' at the command
line. For more information, refer to the dnf documentation available at
  http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
  https://fedoraproject.org/keys