The flaw has been in the code for more than eight years and The PHP Group was working on a patch for it when the bug was disclosed accidentally on Reddit. The team that discovered the bug says the new versions of PHP don t actually fix the vulnerability. The new versions are available now and the developers recommend that users upgrade as soon as possible. The bug was discovered in January during a capture the flag contest and was discovered by the team known as Eindbazen, who discovered it in January.
Source: https://threatpost.com/php-group-releases-new-versions-patch-doesnt-fix-cve-2012-1823-bug-050412/76524/