4 Jan
2013
4 Jan
'13
2:26 p.m.
On Friday 04 January 2013 06:15:27 Artyom Beilis wrote:
Hello,
Boost.Locale library in Boost 1.48 to 1.52 including has a security flow.
boost::locale::utf::utf_traits accepted some invalid UTF-8 sequences.
Applications that used these functions for UTF-8 input validation could expose themself to security threats as invalid UTF-8 sequece would be considered as valid.
This bug is fixed in upcoming Boost 1.53.
For more details see: https://svn.boost.org/trac/boost/ticket/7743
Users who can't upgrade to the latest versions may apply the following patch to fix the problem.
Perhaps, this should be announced in 1.53 release notes?