Month Of PHP Security - The new phar extension in PHP 5.3 contains a format string vulnerability in the internal phar_stream_flush() function. PHP versions 5.3 through 5.3.2 are affected.
cc1e47d1b6a80eea813c4763d3c9be481928ee3189643eb432e88d686f3f68ac