Several vulnerabilities were found in PHP, a general-purpose scripting
language commonly used for web application development:
The default Debian setup now correctly sets the listen.owner and
listen.group to www-data:www-data in default php-fpm.conf. If you
have more FPM instances or a webserver not running under www-data
user you need to adjust the configuration of FPM pools in
/etc/php5/fpm/pool.d/ so the accessing process has rights to
access the socket.
For the stable distribution (wheezy), these problems have been fixed in
version 5.4.4-14+deb7u10.
For the unstable distribution (sid), these problems will be fixed soon.
We recommend that you upgrade your php5 packages.