https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-0831
https://bugs.php.net/bug.php?id=61043

http://git.php.net/?p=php-src.git;a=commitdiff;h=87c038be06b8b0eb721270f98c858fd701f5d54b
http://git.php.net/?p=php-src.git;a=commitdiff;h=d1fd5432e1576865dbeb7650b7c7e0fa0bd3a4e1

changes to fpm not applied

diff -up php-5.3.3/main/php_variables.c.cve0831 php-5.3.3/main/php_variables.c
--- php-5.3.3/main/php_variables.c.cve0831	2012-10-16 14:15:43.050835624 +0200
+++ php-5.3.3/main/php_variables.c	2012-10-16 14:17:00.383028652 +0200
@@ -446,7 +446,10 @@ void _php_import_environment_variables(z
 
 	/* turn off magic_quotes while importing environment variables */
 	int magic_quotes_gpc = PG(magic_quotes_gpc);
-	PG(magic_quotes_gpc) = 0;
+
+	if (magic_quotes_gpc) {
+		zend_alter_ini_entry_ex("magic_quotes_gpc", sizeof("magic_quotes_gpc"), "0", 1, ZEND_INI_SYSTEM, ZEND_INI_STAGE_ACTIVATE, 1 TSRMLS_CC);
+	}
 
 	for (env = environ; env != NULL && *env != NULL; env++) {
 		p = strchr(*env, '=');
@@ -465,7 +468,10 @@ void _php_import_environment_variables(z
 	if (t != buf && t != NULL) {
 		efree(t);
 	}
-	PG(magic_quotes_gpc) = magic_quotes_gpc;
+
+	if (magic_quotes_gpc) {
+		zend_alter_ini_entry_ex("magic_quotes_gpc", sizeof("magic_quotes_gpc"), "1", 1, ZEND_INI_SYSTEM, ZEND_INI_STAGE_ACTIVATE, 1 TSRMLS_CC);
+	}
 }
 
 zend_bool php_std_auto_global_callback(char *name, uint name_len TSRMLS_DC)
@@ -589,7 +595,9 @@ static inline void php_register_server_v
 		zval_ptr_dtor(&PG(http_globals)[TRACK_VARS_SERVER]);
 	}
 	PG(http_globals)[TRACK_VARS_SERVER] = array_ptr;
-	PG(magic_quotes_gpc) = 0;
+	if (magic_quotes_gpc) {
+		zend_alter_ini_entry_ex("magic_quotes_gpc", sizeof("magic_quotes_gpc"), "0", 1, ZEND_INI_SYSTEM, ZEND_INI_STAGE_ACTIVATE, 1 TSRMLS_CC);
+	}
 
 	/* Server variables */
 	if (sapi_module.register_server_variables) {
@@ -614,7 +622,9 @@ static inline void php_register_server_v
 		php_register_variable_ex("REQUEST_TIME", &new_entry, array_ptr TSRMLS_CC);
 	}
 
-	PG(magic_quotes_gpc) = magic_quotes_gpc;
+	if (magic_quotes_gpc) {
+		zend_alter_ini_entry_ex("magic_quotes_gpc", sizeof("magic_quotes_gpc"), "1", 1, ZEND_INI_SYSTEM, ZEND_INI_STAGE_ACTIVATE, 1 TSRMLS_CC);
+	}
 }
 /* }}} */
 
diff -up php-5.3.3/sapi/cgi/cgi_main.c.cve0831 php-5.3.3/sapi/cgi/cgi_main.c
--- php-5.3.3/sapi/cgi/cgi_main.c.cve0831	2012-10-16 14:16:27.310946658 +0200
+++ php-5.3.3/sapi/cgi/cgi_main.c	2012-10-16 14:17:00.384028655 +0200
@@ -625,7 +625,9 @@ void cgi_php_import_environment_variable
 		int filter_arg = (array_ptr == PG(http_globals)[TRACK_VARS_ENV])?PARSE_ENV:PARSE_SERVER;
 
 		/* turn off magic_quotes while importing environment variables */
-		PG(magic_quotes_gpc) = 0;
+		if (magic_quotes_gpc) {
+			zend_alter_ini_entry_ex("magic_quotes_gpc", sizeof("magic_quotes_gpc"), "0", 1, ZEND_INI_SYSTEM, ZEND_INI_STAGE_ACTIVATE, 1 TSRMLS_CC);
+		}
 		for (zend_hash_internal_pointer_reset_ex(request->env, &pos);
 			zend_hash_get_current_key_ex(request->env, &var, &var_len, &idx, 0, &pos) == HASH_KEY_IS_STRING &&
 			zend_hash_get_current_data_ex(request->env, (void **) &val, &pos) == SUCCESS;
@@ -637,7 +639,9 @@ void cgi_php_import_environment_variable
 				php_register_variable_safe(var, *val, new_val_len, array_ptr TSRMLS_CC);
 			}
 		}
-		PG(magic_quotes_gpc) = magic_quotes_gpc;
+		if (magic_quotes_gpc) {
+			zend_alter_ini_entry_ex("magic_quotes_gpc", sizeof("magic_quotes_gpc"), "1", 1, ZEND_INI_SYSTEM, ZEND_INI_STAGE_ACTIVATE, 1 TSRMLS_CC);
+		}
 	}
 }