* SECURITY UPDATE: denial of service via invalid tidy objects
  - debian/patches/CVE-2012-0781.patch: track initialization in
    ext/tidy/tidy.c, added tests to ext/tidy/tests/004.phpt,
    ext/tidy/tests/bug54682.phpt.
  - CVE-2012-0781
* SECURITY UPDATE: denial of service or possible directory traversal via
  invalid filename.
  - debian/patches/CVE-2012-1172.patch: ensure brackets get closed in
    main/rfc1867.c, add test to tests/basic/bug55500.phpt.
  - CVE-2012-1172
* SECURITY UPDATE: password truncation via invalid byte
  - debian/patches/CVE-2012-2143.patch: improve logic in
    ext/standard/crypt_freesec.c, add test to
    ext/standard/tests/strings/crypt_chars.phpt.
  - CVE-2012-2143
* SECURITY UPDATE: crypto() empty salt string issue
  - debian/patches/{php_crypt_revamped,use_system_crypt_fixes}.patch:
    Return fail string on invalid Blowfish salt rounds, fix regression
    when the salt is empty.
  - CVE-2012-2317
* SECURITY UPDATE: improve php5-cgi query string parameter parsing
  - debian/patches/CVE-2012-233x.patch: improve parsing in
    sapi/cgi/cgi_main.c.
  - CVE-2012-2335
  - CVE-2012-2336
* SECURITY UPDATE: phar extension heap overflow
  - debian/patches/CVE-2012-2386.patch: check for overflow in
    ext/phar/tar.c.
  - CVE-2012-2386