pl
en
Briefly after publishing version 5.3.7, PHP 5.3.8 is available. It happend due to serious flaw in version 5.3.7, where function crypt() returned hash of salt ignoring main data. It means for example, that web application would accept any password provided, and authenticate user based on login (given that user's password was set up using same, flawed function).
This is an example of situation, when fixing one vulnerability ("buffer overflow on overlog salt in crypt()") creates another. Luckily, thanks to immediate users alerts, it was quickly fixed.