Hello, word about this vulnerability is out for several weeks (or months). Because of this I spare you the advisory and only point you to my little article describing what exactly this vulnerability is, that I disclosed to the PHP project 6 months ago:
The rating for this vulnerability should be: Very Critical http://www.hardened-php.net/hphp/zend_hash_del_key_or_index_vulnerability.html Greets, Stefan Esser _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
