php5 was updated to fix security issues:

CVE-2014-4670: Use-after-free vulnerability in ext/spl/spl_dllist.c in
the SPL component in PHP allowed context-dependent attackers to cause a
denial of service or possibly have unspecified other impact via crafted
iterator usage within applications in certain web-hosting environments.

CVE-2014-4698: Use-after-free vulnerability in ext/spl/spl_array.c
in the SPL component in PHP allowed context-dependent attackers to
cause a denial of service or possibly have unspecified other impact via
crafted ArrayIterator usage within applications in certain web-hosting
environments.

CVE-2014-4721: The phpinfo implementation in ext/standard/info.c in
PHP did not ensure use of the string data type for the PHP_AUTH_PW,
PHP_AUTH_TYPE, PHP_AUTH_USER, and PHP_SELF variables, which might allow
context-dependent attackers to obtain sensitive information from process
memory by using the integer data type with crafted values, related to a
"type confusion" vulnerability, as demonstrated by reading a private
SSL key in an Apache HTTP Server web-hosting environment with mod_ssl
and a PHP 5.3.x mod_php.