|
|
Boost : |
Subject: Re: [boost] [1.53.0] Release candidates available
From: Eric Niebler (eric_at_[hidden])
Date: 2013-02-01 16:39:06
Daniel, would you be able to add a note like this to the website like we
did for the result_of change?
Eric
On 02/01/2013 02:08 AM, Artyom Beilis wrote:
> Hello,
>
> Can you please make the security note about Boost.Locale more visible?
> It is an important part of release notes.
>
> See: http://thread.gmane.org/gmane.comp.lib.boost.devel/237615
>
> I think this note should be somewhere in noticeable place:
>
> -------------------------------------------------------------------------
> Note Begin
> -------------------------------------------------------------------------
> Boost.Locale library in Boost 1.48 to 1.52 including has a security flow.
>
> boost::locale::utf::utf_traits accepted some invalid UTF-8 sequences.
>
> Applications that used these functions for UTF-8 input validation could
> expose themselves to security threats as invalid UTF-8 sequece would be
> considered as valid.
>
> This bug is fixed in upcoming Boost 1.53.
>
> For more details see: https://svn.boost.org/trac/boost/ticket/7743
>
> Users who can't upgrade to the latest versions may apply the following
> patch to fix the problem.
>
> http://cppcms.com/files/locale/boost_locale_utf.patch
> -------------------------------------------------------------------------
> Note End
> -------------------------------------------------------------------------
>
>
> Thanks
>
> Artyom Beilis
> --------------
> CppCMS - C++ Web Framework: http://cppcms.com/
> CppDB - C++ SQL Connectivity: http://cppcms.com/sql/cppdb/
>
>
>
>> ________________________________
>> From: Marshall Clow <mclow.lists_at_[hidden]>
>> To: Boost Developers List <boost_at_[hidden]>
>> Sent: Thursday, January 31, 2013 7:22 AM
>> Subject: [boost] [1.53.0] Release candidates available
>>
>> Release candidate files for 1.53.0 are available at
>> http://boost.cowic.de/rc/
>>
>> As always, the release managers would appreciate it if you download
>> the candidate of your choice and give building it a try. Please report
>> both success and failure, and anything else that is noteworthy.
>>
>> This helps ensure the candidates build OK before we push them out to
>> SourceForge.
>>
>> The files (and associated md5s) are:
>> 57a9e2047c0f511c4dfcf00eb5eb2fbb *boost_1_53_0_rc1.tar.gz
>> a00d22605d5dbcfb4c9936a9b35bc4c2 *boost_1_53_0_rc1.tar.bz2
>> c618e030fd4882e4dbacf54baf824544 *boost_1_53_0_rc1.zip
>> cc680cab53a5405ca102a10d43b92b88 *boost_1_53_0_rc1.7z
>>
>> Thanks!
>>
>> -- The release managers
>>
>> _______________________________________________
>> Unsubscribe & other changes: http://lists.boost.org/mailman/listinfo.cgi/boost
>>
>>
>>
>
> _______________________________________________
> Unsubscribe & other changes: http://lists.boost.org/mailman/listinfo.cgi/boost
>
Boost list run by bdawes at acm.org, gregod at cs.rpi.edu, cpdaniel at pacbell.net, john at johnmaddock.co.uk