One of the pain points for me though has been in getting Doctrine setup with PHPUnit for testing. One of the main Doctrine contributors, Benjamin Beberlei, has written a package called DoctrineExtensions which amongst other things adds a class called DoctrineExtensionsPHPUnitOrmTestCase which extends PHPUnit's DbUnit database test case class. This all works well in principle but hits a major snag in reality: MySQL doesn't allow InnoDb tables with foreign keys to be truncated. PHUnit's database extension truncates the database tables before each test run and inserts a fresh set of data to work with.

To work around this issue Jeremy by porting over a method posted by Mike Lively over to Doctrine as a custom "MySQLTruncate" class (code included in the post). He also includes some sample code showing it in use - a basic ORM test case that calls the truncate method when its set up.

The vulnerability is caused due to the incorrect use of libpng within the function "gdPngReadData()" in ext/gd/libgd/gd_png.c of the GD extension when processing truncated data. This can be exploited to cause an infinite loop by e.g. tricking an application to process a specially crafted file. (reported by Xavier Roche)

This issue has been confirmed in PHP versions 4.4.7 and 5.2.2 but may affect others. The issue has already been corrected, however, and can be fetched from the PHP CVS system to protect your system.