As mentioned by the International PHP Magazine, Maksymilian Arciemowicz has posted about some testing he's been doing on the newly released PHP 5.2.4 and has still found some issues with it.

In 30 August PHP Team have released new version PHP with number 5.2.4. We have tested this version and now we can say, that not all issues from PHP 5.2.3 are patched. It is possible bypass safe_mode, open_basedir and disabled_functions.

The issue he describes is the lack of a "mail.force_extra_parameters" setting in the php.ini still making it possible to exploit the mail() function to execute arbitrary PHP code.