A few hours ago, PHP 5.3.10 has been released by the PHP Group. It’s an important security update for PHP 5.3.9 users : Stefan Esser discovered a remotely exploitable bug, introduced with PHP 5.3.9′s max_input_vars directive (CVE-2012-0830). You really should upgrade as soon as possible.
Packages of PHP 5.3.10 are now available for :
- both Debian 6.0 “Squeeze” and Debian 5.0 “Lenny”,
- both amd64 and i386 architectures.