PHP developers have released PHP 5.3.6, a maintenance update to the PHP interpreter. Among over 60 bug fixes are a number of fixes for security related problems. A format string vulnerability in the phar extension of 5.5 may allow attackers to view memory, cause a denial of service or execute arbitrary code. The ability to connect to HTTPS sites through a proxy was also added as was options for debugging backtrace functions. The PHP developers remind users that PHP 5.2 is no longer supported and encourage users to upgrade to.
Source: https://thehackernews.com/2011/03/php-536-closes-five-security-holes.html