update NEWS

1 files changed, 18 insertions, 1 deletions

diff --git a/NEWS b/NEWS
index e347551a2b..b7e365f6b0 100644
--- a/NEWS
+++ b/NEWS
@@ -1,17 +1,30 @@
 PHP                                                                        NEWS
 |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
-27 Oct 2016, PHP 5.6.28RC1
+10 Nov 2016, PHP 5.6.28
 
 - Core:
   . Fixed bug #73337 (try/catch not working with two exceptions inside a same
     operation). (Dmitry)
 
+- Bz2:
+  . Fixed bug #73356 (crash in bzcompress function). (Stas)
+
 -GD:
   . Fixed bug #73213 (Integer overflow in imageline() with antialiasing). (cmb)
   . Fixed bug #73272 (imagescale() is not affected by, but affects
     imagesetinterpolation()). (cmb)
   . Fixed bug #73279 (Integer overflow in gdImageScaleBilinearPalette()). (cmb)
   . Fixed bug #73280 (Stack Buffer Overflow in GD dynamicGetbuf). (cmb)
+  . Fixed bug #72482 (Illegal write/read access caused by gdImageAALine overflow).
+    (cmb)
+  . Fixed bug #72696 (imagefilltoborder stackoverflow on truecolor images). (cmb)
+
+- Imap:
+  . Fixed bug #73418 (Integer Overflow in "_php_imap_mail" leads Heap Overflow).
+    (Anatol)
+
+- SPL:
+  . Fixed bug #73144 (Use-after-free in ArrayObject Deserialization). (Stas)
 
 - SOAP:
   . Fixed bug #73037 (SoapServer reports Bad Request when gzipped). (Anatol)
@@ -23,6 +36,10 @@ PHP                                                                        NEWS
   . Fixed bug #73203 (passing additional_parameters causes mail to fail). (cmb)
   . Fixed bug #73188 (use after free in userspace streams). (Sara)
 
+- Wddx:
+  . Fixed bug #73331 (NULL Pointer Dereference in WDDX Packet Deserialization
+    with PDORow). (Stas)
+
 13 Oct 2016, PHP 5.6.27
 
 - Core: