PHP SplObjectStorage Deserialization Use-After-Free Vulnerability

There are no patch or updated versions available, so this record is for future reminder.
Both 1.10 and edge are affected
Affected is PHP 5.2 <= 5.2.13
Affected is PHP 5.3 <= 5.3.2

Theoretically RoundCube setups might be affected.

http://php-security.org/2010/06/25/mops-2010-061-php-splobjectstorage-deserialization-use-after-free-vulnerability/
http://nibbles.tuxfamily.org/?p=1837\#more-1837

(from redmine: issue id 376, created on 2010-07-06, closed on 2010-07-28)