CVE-2009-3558 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3558): The posix_mkfifo function in ext/posix/posix.c in PHP 5.2.11 and earlier, and 5.3.x before 5.3.1, allows context-dependent attackers to bypass open_basedir restrictions, and create FIFO files, via the pathname and mode arguments, as demonstrated by creating a .htaccess file.
GLSA 201001-03. Thank you everyone, sorry about the delay.