Month Of PHP Security - The new phar extension in PHP 5.3 contains a format string vulnerability in the internal phar_wrapper_open_dir() function. PHP versions 5.3 through 5.3.2 are affected.
40ed10c69fea27f50c0b22defe9f5214b675b8adcb883408542445dcc2f36c68