Update NEWS

author: Stanislav Malyshev <stas@php.net> 2020-01-20 22:12:32 -0800
committer: Stanislav Malyshev <stas@php.net> 2020-01-20 22:12:32 -0800
commit: 5c90f8eb66cc8ad0e9377dcf46ad2252924dfb29 (patch)
tree: 971eec7eea111d169fda8abcce07bc099b92e72a
parent: 2bcbc95f033c31b00595ed39f79c3a99b4ed0501 (diff)
download: php-git-5c90f8eb66cc8ad0e9377dcf46ad2252924dfb29.tar.gz
1 files changed, 9 insertions, 0 deletions
diff --git a/NEWS b/NEWS
index cb4a4ac594..2d9703be30 100644
--- a/NEWS
+++ b/NEWS
@@ -2,6 +2,15 @@ PHP                                                                        NEWS
 |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
 ?? ??? 2019, PHP 7.2.27
 
+- Mbstring:
+  . Fixed bug #79037 (global buffer-overflow in `mbfl_filt_conv_big5_wchar`). 
+    (CVE-2020-7060) (Nikita)
+
+- Session:
+  . Fixed bug #79091 (heap use-after-free in session_create_id()). (cmb, Nikita)
+
+- Standard:
+  . Fixed bug #79099 (OOB read in php_strip_tags_ex). (CVE-2020-7059). (cmb)
 
 18 Dec 2019, PHP 7.2.26
author	Stanislav Malyshev <stas@php.net>	2020-01-20 22:12:32 -0800
committer	Stanislav Malyshev <stas@php.net>	2020-01-20 22:12:32 -0800
commit	5c90f8eb66cc8ad0e9377dcf46ad2252924dfb29 (patch)
tree	971eec7eea111d169fda8abcce07bc099b92e72a
parent	2bcbc95f033c31b00595ed39f79c3a99b4ed0501 (diff)
download	php-git-5c90f8eb66cc8ad0e9377dcf46ad2252924dfb29.tar.gz