On april 26th 2012, the PHP group has released PHP 5.3.11, that brings over 60 bug fixes, some of which are security related :
Security Enhancements and Fixes in PHP 5.3.11:
- Fixed bug #54374 (Insufficient validating of upload name leading to corrupted $_FILES indices). (CVE-2012-1172).
- Add open_basedir checks to readline_write_history and readline_read_history.
- Fixed bug #61043 (Regression in magic_quotes_gpc fix for CVE-2012-0831).
Key enhancements in PHP 5.3.11 include:
- Added debug info handler to DOM objects.
- Fixed bug #61172 (Add Apache 2.4 support).
Packages of PHP 5.3.11 are now available on Dotdeb for Debian 6.0 “Squeeze” on both amd64 and i386 architectures.
As usual, please read the ChangeLog before upgrading and be sure to use to the latest packages before reporting any issue.