• PHP 5.3.13 for CentOS 5 changelog
• PHP 5.4.3 for CentOS 6 changelog

See php.net for more information into the security fixes made in this release. CVE-2012-2311 CVE-2012-2329

• PHP 5.3.12 for CentOS 5 changelog
• PHP 5.4.2 for CentOS 6 changelog
• MySQL 5.5.23 / 5.1.63 for CentOS 5 changelog

The PHP 5.3 and 5.4 releases are to fix a security issue (CVE-2012-1823) in some CGI setups, which has been around for some time.

• PHP 5.3.11 for CentOS 5 changelog
• PHP 5.4.1 for CentOS 6 changelog
• Git 1.7.10 for CentOS 5 changelog
• Httpd and httpd-itk 2.2.22 for CentOS 5 changelog
• Nginx 1.0.15 for CentOS 5 and 6 changelog

PHP 5.4.1 and PHP 5.3.11 fix a security issue in PHP 5.4.0 and <= 5.3.10, allowing bypassing of $_FILES key filtering, allowing unexpected manipulation of files. CVE-2012-1172

PHP 5.3.11 fixes a security issue in PHP 5.3.10 and lower, allowing environmental variables to disregard magic_quotes_gpc. CVE-2012-0831

Due to the nature of providing a reliable, safe YUM repository, the new EL6 yum repository will follow recent trends in the structure and naming conventions of a 3rd-party repository, so it will be able to run along-side the distribution’s own repositories without interfering with installed packages.

This also means that it will now be easier to upgrade within Webtatic’s own update stream, as the repository will no longer be enable=0, and not require –enablerepo=webtatic in installation commands.

The packages provided as part of this release are:

• PHP 5.4.0 changelog
• Nginx 1.0.11 changelog

• PHP 5.3.10 changelog

PHP 5.3.10 fixes a security issue allowing remote code execution, introduced in PHP 5.3.9. CVE-2012-0830

• PHP 5.3.9 changelog

PHP 5.3.9 fixes a security issue allowing any PHP server to easily be DOSed using unbounded hash-colision prevention. CVE-2011-4885

• Git 1.7.6.1 (git) changelog
• Httpd 2.2.20 (httpd) changelog
• httpd-itk 2.2.20 (based on mpm-itk 2.2.17 patch set) changelog
• Nginx 1.0.6 changelog
• PHP 5.3.8 changelog

• Git 1.7.5.1 (git) changelog
• Apr Util 1.3.11 (apr-util) changelog
• Httpd 2.2.18 (httpd) changelog
• httpd-itk 2.2.18 (based on mpm-itk 2.2.17 patch set) changelog

• Git 1.7.4.5 (git) changelog
• Nginx 1.0.0 (nginx) changelog

• PHP 5.3.6 (php) changelog
• PHP Pear 1.9.2 (php-pear) changelog
• Memcache extension for PHP 3.0.5 (php-pecl-memcache) changelog
• MySQL 5.5.10 (mysql55) changelog
• MySQL 5.1.56 (mysql51) changelog

What’s interesting is that PHP.net decided not to release the security fixes to PHP 5.2. The security flaws that were fixed may affect that release, which is end of life, so I recommend that you upgrade to PHP 5.3. PHP 5.3 has now been out for almost 2 years.

Now that PHP Pear 1.9.2 is in the repository, you should be able to install PHPUnit 3.5 without needing to manually upgrade Pear.