Hi Jan, On Tue, 23 Aug 2016, Jan Ingvoldstad wrote:
It looks as if the patches for unserializing and session handling are relevant, possibly others:https://bugs.php.net/bug.php?id=70436 https://bugs.php.net/bug.php?id=72681
do you know whether there has been a CVE assigned for these bugs already? As far as I can see there is none yet.
Anyway, I plan to upload a new version in the next few days and I can add patches for these bugs as well ...