I'm still not sure if the packages are affected at all, nevertheless I managed to use the patches from Debian: php5 (5.2.0-8+etch13). You need the following patches from debian/patches/
139-CVE-2008-3659.patch
140-CVE-2008-3658.patch
141-CVE-2008-3660.patch
Then you need to update debian/patches/series and change some small things in 141-CVE-2008-3660.patch (I can post that, if somebody is interested).
I'm still not sure if the packages are affected at all, nevertheless I managed to use the patches from Debian: php5 (5.2.0-8+etch13). You need the following patches from debian/patches/ 2008-3659. patch 2008-3658. patch 2008-3660. patch
139-CVE-
140-CVE-
141-CVE-
Then you need to update debian/ patches/ series and change some small things in 141-CVE- 2008-3660. patch (I can post that, if somebody is interested).