Comment 15 for bug 227464

Here's a debdiff with the 5 stripped down security patches:

 php5 (5.2.4-2ubuntu5.2) hardy-proposed; urgency=low
 .
   * Backport security fixes from 5.2.6: (LP: #227464)
     - debian/patches/security526-fastcgi.patch:
       + Fixed possible stack buffer overflow in FastCGI SAPI
       + Fixed sending of uninitialized paddings which may contain some
         information
     - debian/patches/security526-exec.patch:
       + Properly address incomplete multibyte chars inside escapeshellcmd()
     - debian/patches/security526-cgi_main.patch:
       + Fixed security issue detailed in CVE-2008-0599
     - debian/patches/security526-interface.patch:
       + Fixed a safe_mode bypass in cURL identified by Maksymilian
         Arciemowicz
     - debian/patches/security526-pcre_compile.patch:
       + avoid stack overflow (fix from pcre 7.6)