A few days ago, the PHP Group released PHP 5.2.13. It fixes severe security issues and some other bugs :
The PHP development team would like to announce the immediate availability of PHP 5.2.13. This release focuses on improving the stability of the PHP 5.2.x branch with over 40 bug fixes, some of which are security related. All users of PHP 5.2 are encouraged to upgrade to this release.
Security Enhancements and Fixes in PHP 5.2.13:
- Fixed safe_mode validation inside tempnam() when the directory path does not end with a /). (Martin Jansen)
- Fixed a possible open_basedir/safe_mode bypass in the session extension identified by Grzegorz Stachowiak. (Ilia)
- Improved LCG entropy. (Rasmus, Samy Kamkar)
(…)
On the Dotdeb side
- geoip, id3 and mailparse PECL extensions have been removed from the repository. If some of them were useful to you, please let me know. Don’t forget that there"s an easy way to package PECL extensions by yourself
- How to package PECL extensions by yourself the memcache extension has been downgraded to v3.0.3 because of a bug in the session redundancy.
As usual, please read the release announcement and the full Changelog before upgrading.