Comment 0 for bug 1606184

It was assumed that PO and MO files would come from trusted translators, without any attempts to potentially exploit the service being translated. While there was still no case where this has been exploited, we should move to the same parsing logic gettext C library uses:

  * http://git.savannah.gnu.org/cgit/gettext.git/tree/gettext-runtime/intl/plural-exp.c
  * http://git.savannah.gnu.org/cgit/gettext.git/tree/gettext-runtime/intl/plural-exp.h
  * http://git.savannah.gnu.org/cgit/gettext.git/tree/gettext-runtime/intl/plural.y

This has been reported by Jean-Marie Bourbon as affecting NagVis, which has since fixed it by commenting out all the plural forms code: https://github.com/NagVis/nagvis/commit/4fe8672a5aec3467da72b5852ca6d283c15adb53

Jean-Marie was also kind enough to start a CVE 2016-6175 for this issue.