PHP 5.2.12 was released with the following reference:
Fixed bug #49785 (insufficient input string validation of htmlspecialchars()). (CVE-2009-4142, Moriyoshi, hello at iwamot dot com)
A little more detail is available in upstream's bug report: http://bugs.php.net/bug.php?id=49785
As reported in the upstream bug, incorrect handling of invalid multi-byte sequences in htmlspecialchars() can allow XSS attacks caused by insufficient escaping of the inputs when certain encodings are used.
This flaw affects PHP versions in all currently supported Red Hat Enterprise Linux versions (3, 4, 5).
Fixed is committed in upstream 5.3 SVN branch, but is not yet included in the latest released 5.3 version (5.3.1).
Related upstream SVN commits: 289411, 289554, 289565, 289567, 289605, 291821
File with tests:
Created attachment 379223 [details]
Upstream patch in 5.2 branch
svn diff -r 272374:291821 http://svn.php.net/repository/php/php-src/branches/PHP_5_2/ext/standard/html.c
This issue has been addressed in following products:
Red Hat Enterprise Linux 5
Red Hat Enterprise Linux 4
Red Hat Enterprise Linux 3
Via RHSA-2010:0040 https://rhn.redhat.com/errata/RHSA-2010-0040.html
php-5.2.12-1.fc11, maniadrive-1.2-17.fc11 has been pushed to the Fedora 11 stable repository. If problems still persist, please make note of it in this bug report.