package: php4 severity: critical tags: security From http://secunia.com/advisories/22653/ : "Some vulnerabilities have been reported in PHP, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerable system. The vulnerabilities are caused due to boundary errors within the "htmlentities()" and "htmlspecialchars()" functions. If a PHP application uses these functions to process user-supplied input, this can be exploited to cause buffer overflows by passing specially crafted data to the affected application. Successful exploitation may allow execution of arbitrary code."
Since htmlentities() and htmlspecialchars() are frequently used on user input, this seems quite severe to me.
