Latest php releases fixed two security issues.
Updates are already in the tree, but it seems no security bug is open and no stabilization is going on. php-team, can we stabilize 5.3.14?
@php, ok to stabilize 5.3.14?
Please go ahead
Arches, please test and mark stable:
Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 s390 sh sparc x86"
Stable for HPPA.
Integer overflow in the phar_parse_tarfile function in tar.c in the phar
extension in PHP before 5.3.14 and 5.4.x before 5.4.4 allows remote
attackers to cause a denial of service (application crash) or possibly
execute arbitrary code via a crafted tar file that triggers a heap-based
ppc64 will continue in bug 427354
pdo_sql_parser.re in the PDO extension in PHP before 5.3.14 and 5.4.x before
5.4.4 does not properly determine the end of the query string during parsing
of prepared statements, which allows remote attackers to cause a denial of
service (out-of-bounds read and application crash) via a crafted parameter
Adding to existing GLSA request.
This issue was resolved and addressed in
GLSA 201209-03 at http://security.gentoo.org/glsa/glsa-201209-03.xml
by GLSA coordinator Sean Amoss (ackle).