paul Posted November 3, 2006 Report Share Posted November 3, 2006 The Hardened-PHP Project discovered buffer overflows in htmlentities/htmlspecialchars internal routines to the PHP Project. Of course the whole purpose of these functions is to be filled with user input. (The overflow can only be when UTF-8 is used) In addition, selected patches backported from php cvs that address other issues that may or may not have security implications have been applied to this release. Updated packages have been patched to correct these issues. Users must restart Apache for the changes to take effect. Link to comment Share on other sites More sharing options...
Recommended Posts