--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/components/php-5_3/php-sapi/patches/320_php_20804424.patch	Wed Jun 17 15:47:38 2015 -0700
@@ -0,0 +1,32 @@
+CVE-2015-2787
+Community BUG:
+https://bugs.php.net/bug.php?id=68976
+Community CODE:
+https://gist.github.com/smalyshev/eea9eafc7c88a4a6d10d
+Below is the community patch.
+
+
+diff --git a/ext/standard/var_unserializer.c b/ext/standard/var_unserializer.c
+index f114080..c7749a4 100644
+--- a/ext/standard/var_unserializer.c
++++ b/ext/standard/var_unserializer.c
+@@ -349,6 +349,7 @@ static inline int process_nested_data(UNSERIALIZE_PARAMETER, HashTable *ht, long
+ 			zend_hash_update(ht, Z_STRVAL_P(key), Z_STRLEN_P(key) + 1, &data,
+ 					sizeof data, NULL);
+ 		}
++		var_push_dtor(var_hash, &data);
+ 		
+ 		zval_dtor(key);
+ 		FREE_ZVAL(key);
+diff --git a/ext/standard/var_unserializer.re b/ext/standard/var_unserializer.re
+index f04fc74..abac77c 100644
+--- a/ext/standard/var_unserializer.re
++++ b/ext/standard/var_unserializer.re
+@@ -353,6 +353,7 @@ static inline int process_nested_data(UNSERIALIZE_PARAMETER, HashTable *ht, long
+ 			zend_hash_update(ht, Z_STRVAL_P(key), Z_STRLEN_P(key) + 1, &data,
+ 					sizeof data, NULL);
+ 		}
++		var_push_dtor(var_hash, &data);
+ 		
+ 		zval_dtor(key);
+ 		FREE_ZVAL(key);