5.3.292014-08-14stablePHP 5.3.29 contains about 25 potentially security related fixes backported from PHP 5.4 and 5.5.
For helping your migration to newer versions please refer to our migration guides for updates from [PHP 5.3 to 5.4](http://php.net/migration54) and from [PHP 5.4 to 5.5](http://php.net/migration55).(Segmentation fault with ArrayObject unset).66127(spl_fixedarray_resize integer overflow).67247(printf out-of-bounds read).67249(iptcparse out-of-bounds read).67250(convert_uudecode out-of-bounds read).67252(Segfault in recursiveDirectoryIterator).67359(insecure temporary file use in the configure script). (CVE-2014-3981)67390CVE-2014-3981(putenv with empty variable may lead to crash).67399(unserialize() SPL ArrayObject / SPLObjectStorage Type Confusion)67492CVE-2014-3515(phpinfo() Type Confusion Information Leak Vulnerability). (CVE-2014-4721)67498CVE-2014-4721Fixed missing type checks in com_event_sink.(Heap buffer over-read in DateInterval). (CVE-2013-6712)66060CVE-2013-6712(date_parse_from_format out-of-bounds read).67251(timelib_meridian_with_check out-of-bounds read).67253(Integer overflow in exif_read_data()).65873(Fileinfo crashes with powerpoint files).66307(fileinfo: cdf_read_short_sector insufficient boundary check). (CVE-2014-0207)67326CVE-2014-0207(fileinfo: CDF infinite loop in nelements DoS). (CVE-2014-0238)67327CVE-2014-0238(fileinfo: fileinfo: numerous file_printf calls resulting in performance degradation). (CVE-2014-0237)67328CVE-2014-0237(fileinfo: mconvert incorrect handling of truncated pascal string size)67410CVE-2014-3478(fileinfo: cdf_check_stream_offset insufficient boundary check)67411CVE-2014-3479(fileinfo: cdf_count_chain insufficient boundary check)67412CVE-2014-3480(fileinfo: cdf_read_property_info insufficient boundary check)67413CVE-2014-3487(Locale::parseLocale Double Free).67349(Buffer overflow in locale_get_display_name and uloc_getDisplayName (libicu 4.8.1)).67397(Fix potential segfault in dns_get_record()). (CVE-2014-4049)67432CVE-2014-4049Fixed missing type checks in OpenSSL options.Fixed missing type checks in php_session_create_id.