Month Of PHP Security - PHP’s iconv_substr() function can be abused for information leak attacks, because of the call time pass by reference feature. PHP versions 5.2.13 and below and 5.3.2 and below are affected.
645c4430db4a9b9297b0921897e599d7efa4b474715e9e39c3c5c3413aff47a3