dx-packages team mailing list archive
-
dx-packages team
-
Mailing list archive
-
Message #29124
[Bug 1127250] Re: boost::locale::utf::utf_traits accepted some invalid UTF-8 sequences.
** Changed in: boost1.49 (Ubuntu)
Status: New => Invalid
--
You received this bug notification because you are a member of DX
Packages, which is subscribed to boost1.49 in Ubuntu.
https://bugs.launchpad.net/bugs/1127250
Title:
boost::locale::utf::utf_traits accepted some invalid UTF-8 sequences.
Status in boost1.49 package in Ubuntu:
Invalid
Bug description:
Reviewing the boost updates, i post here a security warning, and an
available patch for version older than the actual 1.53
*********
Boost.Locale library in Boost 1.48 to 1.52 including has a security flaw.
boost::locale::utf::utf_traits accepted some invalid UTF-8 sequences.
Applications that used these functions for UTF-8 input validation could expose themselves to security threats as invalid UTF-8 sequece would be considered as valid.
This bug is fixed in upcoming Boost 1.53.
Users who can't upgrade to the latest versions may apply the following patch to fix the problem.
http://cppcms.com/files/locale/boost_locale_utf.patch
So please rebuild the raring packages with that patch (and
quantal/precise/... too)
http://www.boost.org/users/news/boost_locale_security_notice.html
ProblemType: Bug
DistroRelease: Ubuntu 13.04
Package: libboost-system1.49.0 1.49.0-3.2ubuntu1
ProcVersionSignature: Ubuntu 3.8.0-6.13-generic 3.8.0-rc7
Uname: Linux 3.8.0-6-generic i686
NonfreeKernelModules: nvidia
ApportVersion: 2.8-0ubuntu4
Architecture: i386
Date: Sat Feb 16 15:05:43 2013
MarkForUpload: True
SourcePackage: boost1.49
UpgradeStatus: No upgrade log present (probably fresh install)
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/boost1.49/+bug/1127250/+subscriptions
