PHP 5.3.7_rc4 [1] was released on 28 July 2011. It fixes CVE-2011-2483 in crypt_blowfish. And on 3 August 2011 the new alpha 3 [2] of PHP 5.4.0 was released. Please bump to these versions. Thanks. [1] http://svn.php.net/viewvc/php/php-src/tags/php_5_3_7RC4/NEWS?revision=313842&view=co [2] http://svn.php.net/viewvc/php/php-src/tags/php_5_4_0alpha3/NEWS?revision=314202&view=co
dev-lang/php-5.4.0_alpha3 is already in the tree: *php-5.4.0_alpha3 (08 Aug 2011) 08 Aug 2011; Ole Markus With <olemarkus@gentoo.org> +php-5.4.0_alpha3.ebuild: Bumping 5.4 to alpha3
CVE fixes is no reason for bumping to a masked version of PHP. Please do not even consider that. Since the change between rc3 and rc4 were rather minor, I do not plan on releasing rc4 and rather wait the last few days left before final has been released. 5.3.7 final is scheduled for Thursday, and as usual, should be in Portage a few days later.