| 1 |
On Sun, 11 Feb 2007, ascii wrote: |
| 2 |
|
| 3 |
> During "software development" with Di Paola we found that latest php5 |
| 4 |
> stable version available for gentoo (5.1.6) is affected by a double |
| 5 |
> free in the htmlentities() function, commonly exposed to user input. |
| 6 |
> |
| 7 |
|
| 8 |
it's https://bugs.gentoo.org/show_bug.cgi?id=153911 |
| 9 |
|
| 10 |
The php team is working on putting php-5.2.1 into portage. |
| 11 |
|
| 12 |
Please note that the htmlentities() and htmlspecialchars() issues can |
| 13 |
only be triggered if you chose UTF-8 charset, which is not the default. |
| 14 |
|
| 15 |
|
| 16 |
Cheers, |
| 17 |
-- |
| 18 |
Raphaël Marichez aka Falco |
Archives