* Rewrote var_export() to use smart_str rather than output buffering, prevents data disclosure if a fatal error occurs.
* Fixed a possible interruption array leak in strrchr().(CVE-2010-2484)
* Fixed a possible interruption array leak in strchr(), strstr(), substr(), chunk_split(), strtok(), addcslashes(), str_repeat(), trim().
* Fixed a possible memory corruption in substr_replace().
* Fixed SplObjectStorage unserialization problems (CVE-2010-2225).
* Fixed a possible stack exaustion inside fnmatch().
* Fixed a NULL pointer dereference when processing invalid XML-RPC requests (Fixes CVE-2010-0397, bug #51288).
* Fixed handling of session variable serialization on certain prefix characters.
* Fixed a possible arbitrary memory access inside sqlite extension. Reported by Mateusz Kocielski.
* Fixed a possible interruption array leak in strrchr().(CVE-2010-2484)
* Fixed a possible interruption array leak in strchr(), strstr(), substr(), chunk_split(), strtok(), addcslashes(), str_repeat(), trim().
* Fixed a possible memory corruption in substr_replace().
* Fixed SplObjectStorage unserialization problems (CVE-2010-2225).
* Fixed a possible stack exaustion inside fnmatch().
* Fixed a NULL pointer dereference when processing invalid XML-RPC requests (Fixes CVE-2010-0397, bug #51288).
* Fixed handling of session variable serialization on certain prefix characters.
* Fixed a possible arbitrary memory access inside sqlite extension. Reported by Mateusz Kocielski.
