This bug was fixed in the package brotli - 0.3.0+dfsg-2ubuntu1
---
brotli (0.3.0+dfsg-2ubuntu1) xenial-security; urgency=medium
* SECURITY UPDATE: integer underflow in dec/decode.c (LP: #1737364)
- debian/patches/fix-integer-underflow.patch: upstream patch via Debian
- CVE-2
ACK on the debdiff in comment #1. Package is building now and will be
released as a security update. Thanks!
** Also affects: brotli (Ubuntu Xenial)
Importance: Undecided
Status: New
** Changed in: brotli (Ubuntu)
Status: New => Fix Released
** Changed in: brotli (Ubuntu Xenial)
** Patch added: "brotli-xenial-lp1737364.debdiff"
https://bugs.launchpad.net/ubuntu/+source/brotli/+bug/1737364/+attachment/5020748/+files/brotli-xenial-lp1737364.debdiff
** Tags added: patch
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2016-1624
** CVE added: https://cve.mit
