Bug#1003972: Acknowledgement (libphonenumber: New upstream release - please update)
Neil Mayhew
neil_mayhew at users.sourceforge.net
Mon Jan 24 15:18:41 GMT 2022
It may be helpful to have a brief summary of the main problem that's
being fixed.
Previously, the C/C++ version of libphonenumber was accepting and
parsing phone numbers that have malformed UTF-8 sequences in them, by
converting the offending bytes to spaces. It now rejects the input
instead of returning a phone number, which the Java version has always
done. Accepting malformed UTF-8 is a potential security issue.
libphonenumber was also accepting well-formed input containing invalid
code points like U+0096 (a C1 control character) which can be the result
of a bad conversion from Windows 1252 legacy encoding where N DASH
(U+2013) is represented by \x96. If the legacy text is treated as
iso-8859-1 instead of windows-1252, \x96 will be converted to U+0096
instead of U+2013. This type of input is now rejected as well.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-java-maintainers/attachments/20220124/6856decd/attachment.htm>
More information about the pkg-java-maintainers
mailing list