The last two releases in the 5.6 and 7.0 series, respectively dev-lang/php-5.6.32 and dev-lang/php-7.0.25 were security releases. Their ChangeLogs show that multiple vulnerabilities (including CVE-2016-1283) were fixed:
The fixed versions are already in the tree, so please call for stabilization.
@Maintainers please call for stabilization when ready.
I am one of the maintainers, please go ahead =)
@Arches please test and mark stable.
Stable on alpha.
sparc stable (thanks to Rolf Eike Beer)
arm stable, all arches done.
@maintainer(s), please clean the vulnerable versions.