PHP 5.2.13 addresses security holes
An update which fixes around 40 bugs is available for the PHP 5.2 development branch. Version 5.2.13 comes highly recommended for all PHP 5.2.x users, as it includes a number of security-related fixes. These include a bug when validating the
safe_mode configuration variable in the
tempnam() function which arises when the path does not end in
open_basedir/safe_mode bypass vulnerability in the session extension has also been fixed.