A few hours ago, PHP 5.3.10 has been released by the PHP Group. It’s an important security update for PHP 5.3.9 users : Stefan Esser discovered a remotely exploitable bug, introduced with PHP 5.3.9’s max_input_vars directive (CVE-2012-0830). You really should upgrade as soon as possible.
Packages of PHP 5.3.10 are now available for :
- both Debian 6.0 “Squeeze” and Debian 5.0 “Lenny”,
- both amd64 and i386 architectures.
(Lenny packages will be available on php53.dotdeb.org during two weeks before being migrated to archives.dotdeb.org because of the end of Lenny’s security support)