On april 26th 2012, the PHP group has released PHP 5.4.1 too, that brings over 60 bug fixes, some of which are security related :
Security Enhancements and Fixes in PHP 5.4.1:
- Fixed bug #54374 (Insufficient validating of upload name leading to corrupted $_FILES indices). (CVE-2012-1172).
- Add open_basedir checks to readline_write_history and readline_read_history.
Key enhancements in PHP 5.4.1 include:
- Added debug info handler to DOM objects.
- Fixed bug #61172 (Add Apache 2.4 support).
Packages of PHP 5.4.1 and of all its related extensions are now available on Dotdeb for Debian 6.0 “Squeeze” on both amd64 and i386 architectures. Please note that :
- php5-xcache is now available in its 2.0 version,
- the Suhosin patch is still absent from this build.
As usual, please read the ChangeLog before upgrading and be sure to use to the latest packages before reporting any issue.