I don't see any CVEs for this yet, but the following stand out in the changelog.
Fixed bug #73764 (Crash while loading hostile phar archive).
Fixed bug #73768 (Memory corruption when loading hostile phar).
Fixed bug #73773 (Seg fault when loading hostile phar).
The fixed v5.6.30 is already in the tree and can be stabilized.
The unstable 7.0 and 7.1 series also got new security releases. The 7.1 version isn't marked as such, but looking at e.g. PHP bug 73831, it should have been. In any case, since they were both unstable, I dropped the old versions immediately.
@arches, please stabilize.
Stable on alpha.
Stable for HPPA PPC64.
Already added to existing GLSA.
Maintainer(s), please cleanup.
(In reply to Agostino Sarubbo from comment #10)
> Maintainer(s), please cleanup.
This issue was resolved and addressed in
GLSA 201702-29 at https://security.gentoo.org/glsa/201702-29
by GLSA coordinator Thomas Deutschmann (whissi).