The PHP Group has learned of a serious security vulnerability in PHP versions 4.2.0 and 4.2.1. An intruder may be able to execute arbitrary code with the privileges of the web server. This vulnerability may be exploited to compromise the web server and, under certain conditions, to gain privileged access. The PHP Group has released a new PHP version, 4.2.2, which incorporates a fix for the vulnerability.
Ryan, please investigate and patch/fix as appropriate, then drop me an e-mail so that I can send out a GLSA
Here's the advisory link: http://security.e-matters.de/advisories/022002.html
Appears Aliz committed the update and the security update was sent