add NEWS entry for CVE-2019-11043

author: Remi Collet <remi@php.net> 2019-10-22 09:36:13 +0200
committer: Remi Collet <remi@php.net> 2019-10-22 09:36:13 +0200
commit: 92de579a000093e5a74d7850cec6d968a4e3de97 (patch)
tree: 5c816f1dc60f322f052bcb0ca49619ee9f7d15f3
parent: 7a990257a05c725d53ca91bc9d080c99102f4e5e (diff)
download: php-git-92de579a000093e5a74d7850cec6d968a4e3de97.tar.gz
1 files changed, 4 insertions, 2 deletions
diff --git a/NEWS b/NEWS
index f172b3adeb..4bddf75c8c 100644
--- a/NEWS
+++ b/NEWS
@@ -3,8 +3,6 @@ PHP                                                                        NEWS
 ?? ??? ????, PHP 7.2.24
 
 
-10 Oct 2019, PHP 7.2.24RC1
-
 - Core:
   . Fixed bug #78535 (auto_detect_line_endings value not parsed as bool).
     (bugreportuser)
@@ -14,6 +12,10 @@ PHP                                                                        NEWS
   . Fixed bug #78442 ('Illegal component' on exif_read_data since PHP7)
 	(Kalle)
 
+- FPM:
+  . Fixed bug #78599 (env_path_info underflow in fpm_main.c can lead to RCE).
+    (CVE-2019-11043) (Jakub Zelenka)
+
 - MBString:
   . Fixed bug #78579 (mb_decode_numericentity: args number inconsistency).
     (cmb)
author	Remi Collet <remi@php.net>	2019-10-22 09:36:13 +0200
committer	Remi Collet <remi@php.net>	2019-10-22 09:36:13 +0200
commit	92de579a000093e5a74d7850cec6d968a4e3de97 (patch)
tree	5c816f1dc60f322f052bcb0ca49619ee9f7d15f3
parent	7a990257a05c725d53ca91bc9d080c99102f4e5e (diff)
download	php-git-92de579a000093e5a74d7850cec6d968a4e3de97.tar.gz