Most of the vulnerabilities mentioned were fixed in PHP 5.1.3, but then PHP 5.1.4 is out so one should upgrade to that.

These are actually quite minor:

These included a buffer overflow in the wordwrap() function,

Which I've never used.

restriction bypasses in the copy() and tempname() functions,

Which don't matter unless you're using filesystem restrictions (safe_mode or base_opendir), and even then, aren't really critical as there are other ways to bypass these.

a cross-site scripting issue in the phpinfo() function,

Which doesn't matter in the least, as you shouldn't have a public phpinfo() page on a production server.

a potential crash in the substr_compare() function

May be annoying, although I haven't used this myself.

and a memory leak in the non-binary-safe html_entity_decode() function.

This only has annoyance factor - although I haven't used this one either

All in all, I'd say it's not too bad, and I'm not rushing to upgrade just yet (although I will before too long)

Mark

Im in the process of upgrading my whole Gentoo world, php and all. Not because of this et all, but I haven't done it in about 3 weeks.

Im also toying with the idea of setting up another server and maybe having a look at php6 just for fun. Anyone attempted this?