1 |
On Sun, 11 Feb 2007, ascii wrote: |
2 |
|
3 |
> During "software development" with Di Paola we found that latest php5 |
4 |
> stable version available for gentoo (5.1.6) is affected by a double |
5 |
> free in the htmlentities() function, commonly exposed to user input. |
6 |
> |
7 |
|
8 |
it's https://bugs.gentoo.org/show_bug.cgi?id=153911 |
9 |
|
10 |
The php team is working on putting php-5.2.1 into portage. |
11 |
|
12 |
Please note that the htmlentities() and htmlspecialchars() issues can |
13 |
only be triggered if you chose UTF-8 charset, which is not the default. |
14 |
|
15 |
|
16 |
Cheers, |
17 |
-- |
18 |
Raphaël Marichez aka Falco |