Boost Users :

Subject: [Boost-users] [Locale] Security bug announcement - UTF-8 validation
From: Artyom Beilis (artyomtnk_at_[hidden])
Date: 2013-01-04 09:15:27

• Next message: Gonzalo Garramuno: "[Boost-users] Problem finally found!"
• Previous message: Gonzalo Garramuno: "Re: [Boost-users] Server failing when BOOST_ASIO_ENABLE_HANDLER_TRACKING is active"

Hello, Boost.Locale library in Boost 1.48 to 1.52 including has a security flow. boost::locale::utf::utf_traits accepted some invalid UTF-8 sequences. Applications that used these functions for UTF-8 input validation could expose themself to security threats as invalid UTF-8 sequece would be considered as valid. This bug is fixed in upcoming Boost 1.53. For more details see: https://svn.boost.org/trac/boost/ticket/7743 Users who can't upgrade to the latest versions may apply the following patch to fix the problem. http://cppcms.com/files/locale/boost_locale_utf.patch Regards,   Artyom Beilis -------------- CppCMS - C++ Web Framework:   http://cppcms.com/ CppDB - C++ SQL Connectivity: http://cppcms.com/sql/cppdb/

• text/html attachment: attachment

• Next message: Gonzalo Garramuno: "[Boost-users] Problem finally found!"
• Previous message: Gonzalo Garramuno: "Re: [Boost-users] Server failing when BOOST_ASIO_ENABLE_HANDLER_TRACKING is active"

Boost-users list run by williamkempf at hotmail.com, kalb at libertysoft.com, bjorn.karlsson at readsoft.com, gregod at cs.rpi.edu, wekempf at cox.net