mirror of
https://github.com/google/brotli.git
synced 2026-07-08 17:56:58 +00:00
Fix CVE-2025-6176 vulnerability #556
Reference in New Issue
Block a user
Delete Branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Originally created by @marek-elisity on GitHub (Nov 1, 2025).
Hello, is it planned to fix this vulnerability: CVE-2025-617?
@danjac commented on GitHub (Nov 2, 2025):
It appears to be fixed in 1.2.0, but this is still pending deployment to PyPi.
@xjw00654 commented on GitHub (Nov 2, 2025):
I just built the wheel for py 3.10 using the command below from gpt using the gh action file as the context...
hope these file could help:
brotli-1.2.0-cp310-cp310____wheel-packages.zip
BTW, I am not 100% sure the wheel package is configurated & built correctly (even it works fine in my case), please double check before deploying it into any prod env.
@gsmethells commented on GitHub (Nov 3, 2025):
I see " google_opensource" listed as a maintainer on the PyPi.org page but who do we contact for that @google-admin ?
@Cycloctane commented on GitHub (Nov 6, 2025):
Technically this cve is not for brotli. (See my original security report) Simply upgrading brotli version to v1.2.0 does not fix anything.
To prevent similar DoS vulnerability if application needs to handle compressed data from user inputs, also adjust your codes and make use of
output_buffer_limitto limit the data size in every decompress operation.@eustas commented on GitHub (Nov 7, 2025):
PyPI package uploaded.