Subject: Re: [boost] [Locale] Security bug announcement - UTF-8 validation
From: Andrey Semashev (andrey.semashev_at_[hidden])
Date: 2013-01-04 09:26:10
On Friday 04 January 2013 06:15:27 Artyom Beilis wrote:
> Boost.Locale library in Boost 1.48 to 1.52 including has a security flow.
> boost::locale::utf::utf_traits accepted some invalid UTF-8 sequences.
> Applications that used these functions for UTF-8 input validation could
> expose themself to security threats as invalid UTF-8 sequece would be
> considered as valid.
> This bug is fixed in upcoming Boost 1.53.
> For more details see: https://svn.boost.org/trac/boost/ticket/7743
> Users who can't upgrade to the latest versions may apply the following patch
> to fix the problem.
Perhaps, this should be announced in 1.53 release notes?
Boost list run by bdawes at acm.org, gregod at cs.rpi.edu, cpdaniel at pacbell.net, john at johnmaddock.co.uk