There is a stack overflow in socket_connect(). Upstream commit at $URL.
Stack-based buffer overflow in the socket_connect function in
ext/sockets/sockets.c in PHP 5.3.3 through 5.3.6 might allow
context-dependent attackers to execute arbitrary code via a long pathname
for a UNIX socket.
I checked manually php-5.3.8 sources, and the commit at $URL seems applied.
=dev-lang/php-5.3.8 is stable on all arches.
So, as per A1 one of you can add glsa request.
Thanks, everyone. Added to existing GLSA request.
This issue was resolved and addressed in
GLSA 201110-06 at http://security.gentoo.org/glsa/glsa-201110-06.xml
by GLSA coordinator Tobias Heinlein (keytoaster).