+PHP before 5.1.3-RC1 might allow remote attackers to obtain portions of
+memory via crafted binary data sent to a script that processes user
+input in the html_entity_decode function and sends the encoded results
+back to the client, aka a "binary safety" issue. NOTE: this issue has
+been referred to as a "memory leak," but it is an information leak that
+discloses memory contents.
+
+Patch pulled from cvs.php.net
+
+--- php-5.1.2/ext/standard/html.c 2006/01/01 12:50:14 1.111.2.1
++++ php-5.1.2/ext/standard/html.c 2006/02/25 21:32:11 1.111.2.2
+@@ -884,7 +884,7 @@
+ unsigned char replacement[15];
+ int replacement_len;
+
+- ret = estrdup(old);
++ ret = estrndup(old, oldlen);
+ retlen = oldlen;
+ if (!retlen) {
+ goto empty_source;