I was about posting that I just updated to
3.5.10 
(looks like is not officially announced yet, but it's already on the mirrors): from the NEWS file
Code:
PHP NEWS
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
02 Feb 2012, PHP 5.3.10
- Core:
. Fixed arbitrary remote code execution vulnerability reported by Stefan
Esser, CVE-2012-0830. (Stas, Dmitry)
here I applied also another little thingie to the slackbuild to avoid junk (it's everywhere!
) in /usr/lib${LIBDIRSUFFIX}/php and /usr/lib${LIBDIRSUFFIX}/build
Code:
--- php.SlackBuild.orig 2011-08-24 01:57:25.000000000 +0200
+++ php.SlackBuild 2012-02-02 21:25:36.048785243 +0100
@@ -24,7 +24,7 @@
# ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-VERSION=5.3.8
+VERSION=5.3.10
ALPINE=2.00
BUILD=${BUILD:-1}
@@ -249,8 +249,9 @@
rm -rf .channels .depdb .depdblock .filemap .lock .registry
)
-# Fix $PKG/usr/lib/php perms:
+# Clean other junk and fix $PKG/usr/lib/php perms:
( cd $PKG/usr/lib${LIBDIRSUFFIX}/php
+ rm -rf ../build .channels .depdb .depdblock .filemap .lock .registry
find . \
\( -perm 777 -o -perm 775 -o -perm 711 -o -perm 555 -o -perm 511 \) \
-exec chmod 755 {} \; -o \
