Security Enhancements and Fixes in PHP 5.3.3

[king3121]

# Rewrote var_export() to use smart_str rather than output buffering, prevents data disclosure if a fatal error occurs (CVE-2010-2531).
# Fixed a possible resource destruction issues in shm_put_var().
# Fixed a possible information leak because of interruption of XOR operator.
# Fixed a possible memory corruption because of unexpected call-time pass by refernce and following memory clobbering through callbacks.
# Fixed a possible memory corruption in ArrayObject::uasort().
# Fixed a possible memory corruption in parse_str().
# Fixed a possible memory corruption in pack().
# Fixed a possible memory corruption in substr_replace().
# Fixed a possible memory corruption in addcslashes().
# Fixed a possible stack exhaustion inside fnmatch().
# Fixed a possible dechunking filter buffer overflow.
# Fixed a possible arbitrary memory access inside sqlite extension.
# Fixed string format validation inside phar extension.
# Fixed handling of session variable serialization on certain prefix characters.
# Fixed a NULL pointer dereference when processing invalid XML-RPC requests (Fixes CVE-2010-0397, bug #51288).
# Fixed SplObjectStorage unserialization problems (CVE-2010-2225).
# Fixed possible buffer overflows in mysqlnd_list_fields, mysqlnd_change_user.
# Fixed possible buffer overflows when handling error packets in mysqlnd​