boost::locale::utf::utf_traits accepted some invalid UTF-8 sequences.
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
boost1.49 (Ubuntu) |
Invalid
|
Undecided
|
Unassigned |
Bug Description
Reviewing the boost updates, i post here a security warning, and an available patch for version older than the actual 1.53
*********
Boost.Locale library in Boost 1.48 to 1.52 including has a security flaw.
boost::
Applications that used these functions for UTF-8 input validation could expose themselves to security threats as invalid UTF-8 sequece would be considered as valid.
This bug is fixed in upcoming Boost 1.53.
Users who can't upgrade to the latest versions may apply the following patch to fix the problem.
http://
So please rebuild the raring packages with that patch (and quantal/precise/... too)
http://
ProblemType: Bug
DistroRelease: Ubuntu 13.04
Package: libboost-
ProcVersionSign
Uname: Linux 3.8.0-6-generic i686
NonfreeKernelMo
ApportVersion: 2.8-0ubuntu4
Architecture: i386
Date: Sat Feb 16 15:05:43 2013
MarkForUpload: True
SourcePackage: boost1.49
UpgradeStatus: No upgrade log present (probably fresh install)
description: | updated |
description: | updated |
Changed in boost1.49 (Ubuntu): | |
status: | New → Invalid |
the patch into #2 comes from the link posted in the initial report description above.