I would suggest who is upgrading wheezy that this update is in place, so take care: php5 (5.4.4-14+deb7u9) stable; urgency=medium * The default PHP FPM socket permission has been changed from 0666 to 0660 to mitigate security vulnerability (CVE-2014-0185) in PHP FPM that allowed any local user to run a PHP code under the active user of FPM process via crafted FastCGI client. The default Debian setup now correctly sets the listen.owner and listen.group to www-data:www-data in default php-fpm.conf. If you have more FPM instances or a webserver not running under www-data user you need to adjust the configuration of FPM pools in /etc/php5/fpm/pool.d/ so the accessing process has rights to access the socket.
