PublicDateAtUSN: 2010-11-12
Candidate: CVE-2010-3870
PublicDate: 2010-11-12 21:00:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3870
 https://ubuntu.com/security/notices/USN-1042-1
Description:
 The utf8_decode function in PHP before 5.3.4 does not properly handle
 non-shortest form UTF-8 encoding and ill-formed subsequences in UTF-8 data,
 which makes it easier for remote attackers to bypass cross-site scripting
 (XSS) and SQL injection protection mechanisms via a crafted string.
Ubuntu-Description:
Notes:
Bugs:
 http://bugs.php.net/bug.php?id=49687
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_php5:
 upstream: http://svn.php.net/viewvc/?view=revision&revision=304959
 upstream: http://svn.php.net/viewvc/?view=revision&revision=305055
upstream_php5: released (5.3.4)
dapper_php5: released (5.1.2-1ubuntu3.20)
hardy_php5: released (5.2.4-2ubuntu5.13)
karmic_php5: released (5.2.10.dfsg.1-2ubuntu6.6)
lucid_php5: released (5.3.2-1ubuntu4.6)
maverick_php5: released (5.3.3-1ubuntu9.2)
devel_php5: not-affected (5.3.5-1ubuntu1)