Several vulnerabilities have been discovered in PHP, the web scripting
language. The Common Vulnerabilities and Exposures project identifies
the following issues:
NOTE: the fix for
CVE-2011-2483
required changing the behaviour of this function: it is now incompatible with
some old (wrongly) generated hashes for passwords containing 8-bit characters.
See the package NEWS entry for details. This change has not been applied to the
Lenny version of PHP.
For the oldstable distribution (lenny), these problems have been fixed
in version 5.2.6.dfsg.1-1+lenny15.
For the stable distribution (squeeze), these problems have been fixed
in version 5.3.3-7+squeeze6.
For the testing distribution (wheezy) and unstable distribution (sid),
these problems have been fixed in version 5.3.9-1.
We recommend that you upgrade your php5 packages.