On june 14th 2012, the PHP group has released PHP 5.4.4, that brings over 30 bug fixes, some of which are security related : A weakness in the DES implementation of crypt and a heap overflow issue in the phar extension. Please also note that the use of php://fd streams is now restricted to the CLI SAPI (php5-cli).
Packages of PHP 5.4.4 are now available on Dotdeb for Debian 6.0 “Squeeze” on both amd64 and i386 architectures (see the installation instructions).
As usual, please read the ChangeLog before upgrading and be sure to use to the latest packages before reporting any issue.