/ 
IO-Compress-Brotli-0.004_002
Security Advisories (1)
CVE-2020-8927 (2020-09-15)

A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a "one-shot" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the "streaming" API as opposed to the "one-shot" API, and impose chunk size limits.

Changes for version 0.004_002 - 2019-06-11

  • Make unbro not require maximum buffer size (RT #129480)
  • Add "binmode FH" to 01-uncompress.t (RT #125995)
  • Fix link in POD
  • Update POD for bro to include configurables (thanks, Mark Zabaro)
  • Update included Brotli library to v1.0.7

Modules

IO::Compress::Brotli
Write Brotli buffers/streams
IO::Uncompress::Brotli
Read Brotli buffers/streams

Other files