The flaws are related to each other, with the primary issue being an insecure implementation of the DES within the crypt() function. In his eSecurityPlanet article about recent PHP security updates, Sean Michael Kerner provides the details of these two security flaws.

The issue stems from a flaw in the DES implementation where certain keys are truncated before the DES digestion and a problem in the phar extension that could allow for arbitrary code execution. You can find more on these security issues here.