Log Message:
Security Enhancements and Fixes in PHP 5.2.6:

Fixed possible stack buffer overflow in the FastCGI SAPI identified by Andrei \ 
Nigmatulin.
Fixed integer overflow in printf() identified by Maksymilian Aciemowicz.
Fixed security issue detailed in CVE-2008-0599 identified by Ryan Permeh.
Fixed a safe_mode bypass in cURL identified by Maksymilian Arciemowicz.
Properly address incomplete multibyte chars inside escapeshellcmd() identified \ 
by Stefan Esser.
Upgraded bundled PCRE to version 7.6

Key enhancements in PHP 5.2.6 include:
* Fixed two possible crashes inside the posix extension.
* Fixed bug 44069 (Huge memory usage with concatenation using . instead of .=)
* Fixed bug 44141 (private parent constructor callable through static function).
* Fixed bug 43589 (a possible infinite loop in bz2_filter.c).
* Fixed bug 43450 (Memory leak on some functions with implicit object \ 
__toString() call).
* Fixed bug 43201 (Crash on using uninitialized vals and __get/__set).
* Fixed bug 42978 (mismatch between number of bound params and values causes a \ 
crash in pdo_pgsql).
* Fixed bug 42937 (__call() method not invoked when methods are called on parent \ 
from child class).
* Fixed bug 42736 (xmlrpc_server_call_method() crashes).
* Fixed bug 42369 (Implicit conversion to string leaks memory).
* Fixed bug 41562 (SimpleXML memory issue).
* Over 120 bug fixes.

See http://www.php.net/ChangeLog-5.php#5.2.6 for all the details