Hello, word about this vulnerability is out for several weeks (or months). Because of this I spare you the advisory and only point you to my little article describing what exactly this vulnerability is, that I disclosed to the PHP project 6 months ago: The rating for this vulnerability should be: Very Critical http://www.hardened-php.net/hphp/zend_hash_del_key_or_index_vulnerability.html Greets, Stefan Esser