[development] Fwd: [SECURITY] [DSA 1206-1] New php4 packages fix several vulnerabilities

Heine Deelstra hdeelstra at gmail.com
Mon Nov 6 21:30:44 UTC 2006


CVE-2006-5465

   Stefan Esser discovered a buffer overflow in the htmlspecialchars()
   and htmlentities(), which might lead to the execution of arbitrary
   code.

check_plain and xmlrpc use htmlspecialchars.

Heine


More information about the development mailing list