php: Format string flaw in phar extension via phar_stream_flush() (MOPS-2010-024)

Format string vulnerability in stream.c in the phar extension in PHP 5.3.x through 5.3.3 allows context-dependent attackers to obtain sensitive information memory contents and possibly execute arbitrary code via a crafted phar:// URI that is not properly handled by the pharstreamflush function,...