** Changed in: boost1.49 (Ubuntu) Status: New => Invalid -- You received this bug notification because you are a member of DX Packages, which is subscribed to boost1.49 in Ubuntu. https://bugs.launchpad.net/bugs/1127250
Title: boost::locale::utf::utf_traits accepted some invalid UTF-8 sequences. Status in boost1.49 package in Ubuntu: Invalid Bug description: Reviewing the boost updates, i post here a security warning, and an available patch for version older than the actual 1.53 ********* Boost.Locale library in Boost 1.48 to 1.52 including has a security flaw. boost::locale::utf::utf_traits accepted some invalid UTF-8 sequences. Applications that used these functions for UTF-8 input validation could expose themselves to security threats as invalid UTF-8 sequece would be considered as valid. This bug is fixed in upcoming Boost 1.53. Users who can't upgrade to the latest versions may apply the following patch to fix the problem. http://cppcms.com/files/locale/boost_locale_utf.patch So please rebuild the raring packages with that patch (and quantal/precise/... too) http://www.boost.org/users/news/boost_locale_security_notice.html ProblemType: Bug DistroRelease: Ubuntu 13.04 Package: libboost-system1.49.0 1.49.0-3.2ubuntu1 ProcVersionSignature: Ubuntu 3.8.0-6.13-generic 3.8.0-rc7 Uname: Linux 3.8.0-6-generic i686 NonfreeKernelModules: nvidia ApportVersion: 2.8-0ubuntu4 Architecture: i386 Date: Sat Feb 16 15:05:43 2013 MarkForUpload: True SourcePackage: boost1.49 UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/boost1.49/+bug/1127250/+subscriptions -- Mailing list: https://launchpad.net/~dx-packages Post to : dx-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~dx-packages More help : https://help.launchpad.net/ListHelp