PublicDate: 2007-11-20 18:46:00 UTC
Candidate: CVE-2007-5898
References: 
 http://cvs.php.net/viewvc.cgi/php-src/ext/standard/html.c?r1=1.111.2.2.2.14&r2=1.111.2.2.2.14.2.1
 https://ubuntu.com/security/notices/USN-549-1
 https://ubuntu.com/security/notices/USN-628-1
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5898
Description:
 The (1) htmlentities and (2) htmlspecialchars functions in PHP before 5.2.5
 accept partial multibyte sequences, which has unknown impact and attack
 vectors, a different issue than CVE-2006-5465.
Ubuntu-Description: 
Notes: 
Bugs: 
 https://bugs.launchpad.net/ubuntu/+source/php5/+bug/228095
Priority: low
Discovered-by:
Assigned-to: kees
CVSS: 
upstream_php5: released (5.2.5)
dapper_php5: released (5.1.2-1ubuntu3.10)
edgy_php5: released (5.1.6-1ubuntu2.7)
feisty_php5: released (5.2.1-0ubuntu1.5)
gutsy_php5: released (5.2.3-1ubuntu6.1)
hardy_php5: released (5.2.4-2ubuntu5.3)
devel_php5: not-affected (5.2.5-3ubuntu1)