From a note sent along by grout, it seems that there is a new alert for users of PHP 4.3.9:

PHP version 4.3.9 is vulnerable to meta character attacks. The bug could enable an attacker to read arbitrary files from the filesystem of a webserver that hosts PHP scripts.

In addition PHP versions 4.3.6 until 4.3.9 as well as PHP versions 5.0.0 until 5.0.2 contain a bug that enables an attacker to manipulate the file name of uploaded files to perform directory traversal.

While both vulnerabilities exist in windows and unix platform versions of PHP, they can only be successfully exploited on windows systems.

For more information on these vulnerabilities, see the SecurityFocus page then head on over to the main PHP site to upgrade your distribution...