*** This bug is a security vulnerability ***
Public security bug reported:
Binary package hint: php5
It seems that PHP is not correctly using libxml2's xmlwriter routines,
and allows passing in invalid utf-8 strings which are then misparsed by
libxml2, allowing memory contents to leak into the resulting output.
Actual output:
PHP Warning: XMLWriter::writeAttribute(): string is not in UTF-8 in
/tmp/xmlwriter.php on line 12
<input value="@±�ˋ[����ĹJ����R����Q"/>
Expected output:
<input value="à&#e81"/>
** Affects: php
Importance: Unknown
Status: Unknown
** Affects: php5 (Ubuntu)
Importance: Low
Status: Confirmed
** This bug has been flagged as a security vulnerability
--
memory content leak when using invalid utf-8 with XMLWriter::writeAttribute
https://bugs.launchpad.net/bugs/655442
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to php5 in ubuntu.
--
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
