search

google / brotli

Brotli compression format
MIT License
13.56k stars 1.24k forks source link

Discrepancy between v1.0.8 git and v1.0.8 tarball #831

Closed jengelh closed 4 years ago

jengelh commented 4 years ago 
diff -dpru brotli-1.0.8/README.md brotli/README.md
--- brotli-1.0.8/README.md      2020-08-26 17:13:31.000000000 +0200
+++ brotli/README.md    2020-08-27 16:07:10.742994985 +0200
@@ -1,5 +1,11 @@
 <p align="center"><img src="https://brotli.org/brotli.svg" alt="Brotli" width="64"></p>

+# SECURITY NOTE
+
+Please consider updating brotli to version 1.0.8 (latest).
+
+Version 1.0.8 contains a fix to "integer overflow" problem. This happens when "one-shot" decoding API is used (or input chunk for strea>
+
 ### Introduction

 Brotli is a generic-purpose lossless compression algorithm that compresses data

It would appear that the v1.0.8 tarball references code from d052918 rather than db361a0.

Don't ever replace tags. github apparently does not support it - and git clients also do not force update tags.

eustas commented 4 years ago

Re-released as 1.0.9

eustas commented 4 years ago

Thanks for the heads-up