Hi Steffen, Drupal security advisory SA-2007-023 http://drupal.org/node/184313
redirects this bug to PHP < 4.4.3 and < 5.2.4, so this should not be considered a drupal's bug.
On a side note, I'll be uploading a new package fixing different security issues shortly.
Regards, L -- Luigi Gangitano -- <[EMAIL PROTECTED]> -- <[EMAIL PROTECTED]> GPG: 1024D/924C0C26: 12F8 9C03 89D3 DB4A 9972 C24A F19B A618 924C 0C26 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]