I've been asked about the "security issues" that prompted the release of PHP versions 4.3.0 and 5.0.3 enough times to warrant blogging about it. I understand the concern - you visit php.net and see:

The PHP Development Team would like to announce the immediate release of PHP 4.3.10 and PHP 5.0.3. These are maintenance releases that in addition to non-critical bug fixes address several very serious security issues.

Very serious security issues? That sounds "very serious." You read the PHP 5 ChangeLog (or maybe the PHP 4 one) and see a big list of changes. At most, you can identify two changes that might be security fixes:

• Fixed potential problems with unserializing invalid serialize data.
• Fixed a bug in addslashes() handling of the '\0' character.

Luckily, better information is available:

• http://www.securityfocus.com/archive/1/384663
• http://www.hardened-php.net/advisories/012004.txt

Update: Ilia points out the 4.3.10 release notes, which have more information.