To fix over 120 bugs in this patch makes PHP 5.2.6 one of the biggest point releases to date.

• Fixed possible stack buffer overflow in the FastCGI SAPI identified by Andrei Nigmatulin.
• Fixed integer overflow in printf() identified by Maksymilian Aciemowicz.
• Fixed security issue detailed in CVE-2008-0599 identified by Ryan Permeh.
• Fixed a safe_mode bypass in cURL identified by Maksymilian Arciemowicz.
• Properly address incomplete multibyte chars inside escapeshellcmd() identified by Stefan Esser.
• Upgraded bundled PCRE to version 7.6

On top of that are many other bug fixes such as the implicit conversion of variables to a string leaks memory.

Link: Complete Source Code

Link: Windows Binary