php 7.0.0 rc8 fixes a bunch of serious sounding bugs, some security: . Fixed bug #70947 (INI parser segfault with INI_SCANNER_TYPED). (Laruence) . Fixed bug #70914 (zend_throw_or_error() format string vulnerability). (Taoguang Chen) . Fixed bug #70912 (Null ptr dereference instantiating class with invalid array property). (Laruence) . Fixed bug #70895, #70898 (null ptr deref and segfault with crafted calable). (Anatol, Laruence) I know it's a masked package, thus I'm not opening a security bug. But I think given the upcoming php 7 release a lot of people will be interested in testing this, therefore I think a quick bump to rc8 would be good.
Done