*** This bug is a security vulnerability *** Public security bug reported:
Binary package hint: php5 It seems that PHP is not correctly using libxml2's xmlwriter routines, and allows passing in invalid utf-8 strings which are then misparsed by libxml2, allowing memory contents to leak into the resulting output. Actual output: PHP Warning: XMLWriter::writeAttribute(): string is not in UTF-8 in /tmp/xmlwriter.php on line 12 <input value="@±�ˋ[����ĹJ���R���Q"/> Expected output: <input value="à&#e81"/> ** Affects: php Importance: Unknown Status: Unknown ** Affects: php5 (Ubuntu) Importance: Low Status: Confirmed ** This bug has been flagged as a security vulnerability -- memory content leak when using invalid utf-8 with XMLWriter::writeAttribute https://bugs.launchpad.net/bugs/655442 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to php5 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs