7ed8f39ef4
Stack overflow, only affects a very specific and unusual non-default configuration: transparent cookie encryption enabled, HTTP response splitting protection disabled, *and* a PHP application must allow unfiltered user input to header() in order to be affected. Good write-up at http://seclists.org/fulldisclosure/2012/Jan/295 ok robert@