* SECURITY UPDATE: denial of service via xmlrpc crafted argument
  - debian/patches/CVE-2010-0397.patch: make sure method_name isn't empty
    in ext/xmlrpc/xmlrpc-epi-php.c, add test to
    ext/xmlrpc/tests/bug51288.phpt.
  - CVE-2010-0397
* SECURITY UPDATE: weak entropy in Linear Congruential Generator (LCG)
  - debian/patches/CVE-2010-1128.patch: add more entropy in
    ext/standard/lcg.c.
  - CVE-2010-1128
* SECURITY UPDATE: safe_mode bypass via trailing slash in dir pathnames
  - debian/patches/CVE-2010-1129.patch: properly validate pathname in
    ext/standard/file.c.
  - CVE-2010-1129
* SECURITY UPDATE: arbitrary code execution via empty SQL query
  - debian/patches/CVE-2010-1868.patch: use ecalloc instead of emalloc in
    ext/sqlite/sqlite.c.
  - CVE-2010-1868
* SECURITY UPDATE: denial of service via fnmatch stack consumption
  - debian/patches/CVE-2010-1917.patch: limit size of pattern in
    ext/standard/file.c.
  - CVE-2010-1917
* SECURITY UPDATE: sensitive information disclosure via error messages
  - debian/patches/CVE-2010-2531.patch: don't display data when flushing
    output buffer in ext/standard/{var.c,php_var.h}. 
  - CVE-2010-2531
* SECURITY UPDATE: arbitrary session variable modification via crafted
  session variable name
  - debian/patches/CVE-2010-3065.patch: handle PS_UNDEF_MARKER marker in
    ext/session/session.c.
  - CVE-2010-3065