PHP SplObjectStorage Deserialization Use-After-Free Vulnerability
There are no patch or updated versions available, so this record is for
future reminder.
Both 1.10 and edge are affected
Affected is PHP 5.2 <= 5.2.13
Affected is PHP 5.3 <= 5.3.2
Theoretically RoundCube setups might be affected.
http://php-security.org/2010/06/25/mops-2010-061-php-splobjectstorage-deserialization-use-after-free-vulnerability/
http://nibbles.tuxfamily.org/?p=1837\#more-1837
(from redmine: issue id 376, created on 2010-07-06, closed on 2010-07-28)
To upload designs, you'll need to enable LFS and have admin enable hashed storage. More information