https://bugzilla.novell.com/show_bug.cgi?id=802955 https://bugzilla.novell.com/show_bug.cgi?id=802955#c0 Summary: Boost.Locale library in Boost 1.48 to 1.52 including has a security flaw Classification: openSUSE Product: openSUSE Factory Version: 12.3 Beta 1 Platform: x86 OS/Version: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security AssignedTo: security-team@suse.de ReportedBy: davejplater@gmail.com QAContact: qa-bugs@suse.de Found By: --- Blocker: --- User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:11.0) Gecko/20100101 Firefox/11.0 Searching for a solution to a locale build problem I found this notice at http://www.boost.org/users/news/boost_locale_security_notice.html : Boost.Locale library in Boost 1.48 to 1.52 including has a security flaw. boost::locale::utf::utf_traits accepted some invalid UTF-8 sequences. Applications that used these functions for UTF-8 input validation could expose themselves to security threats as invalid UTF-8 sequece would be considered as valid. This bug is fixed in upcoming Boost 1.53. For more details see: #7743 Users who can't upgrade to the latest versions may apply the following patch to fix the problem. http://cppcms.com/files/locale/boost_locale_utf.patch boost in "devel:libraries:c_c++ / boost" is version 1.49 Reproducible: Always Steps to Reproduce: 1. 2. 3. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.