PHP FUD is getting annoying now
Picked up from Derick Rethans about PHP Fud which makes a better summary about this FUD about than I was typing.
Everybody who thinks that the Santy.A worm uses one of the security problems addressed in PHP's latest bugfix releases is wrong. It was NOT due to any bug in PHP, but merely a badly checked input variable which was passed to preg with the /e modifier. Besides this, phpBB is also vulnarable for some of the things address by PHP's new releases. But they are wrong saying that it is not their fault. Not-checked usage of serialized data is still their problem. Short version: use FUDforum.
I also use FUDforum ;)