CVE-2007-5898

Publication date 20 November 2007

Last updated 24 July 2024

The (1) htmlentities and (2) htmlspecialchars functions in PHP before 5.2.5 accept partial multibyte sequences, which has unknown impact and attack vectors, a different issue than CVE-2006-5465.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
php5	8.04 LTS hardy	Fixed 5.2.4-2ubuntu5.3
	7.10 gutsy	Fixed 5.2.3-1ubuntu6.1
	7.04 feisty	Fixed 5.2.1-0ubuntu1.5
	6.10 edgy	Fixed 5.1.6-1ubuntu2.7
	6.06 LTS dapper	Fixed 5.1.2-1ubuntu3.10

How can I get the fixes?
What do statuses mean?

References

MITRE
NVD
Launchpad
Debian

Related Ubuntu Security Notices (USN)

USN-549-1
PHP vulnerabilities
29 November 2007

USN-628-1
PHP vulnerabilities
23 July 2008

Other references

http://cvs.php.net/viewvc.cgi/php-src/ext/standard/html.c?r1=1.111.2.2.2.14&r2=1.111.2.2.2.14.2.1
https://www.cve.org/CVERecord?id=CVE-2007-5898