Manuel Lemos - 2016-07-21 17:53:19 - In reply to message 1 from Stefan Jibrail Froelich
Great. That was what I expected, even though it is not a vulnerability in PHP itself, it is better to protect applications that use libraries which check the HTTP_PROXY variable. The potential of abuse of those libraries is huge.
It seems PHP 5.5 and PHP 5.6 will also be fixed soon.