To come back to this thread: THe version that CentOS Testing is providing is a version from 2008:
php-5.2.6-2.el5s2.i386.rpm 16-Sep-2008 01:20 1.2M
The latest version from Red Hat is: http://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/RHWAS/SRPMS/php...
Is it possible the CentOS Testing PHP (and perhaps others) packages aren't up to date and people using the CentOS Testing repo have an outdated and vulnerable PHP version running?
Kind regards,