[ci skip] sync NEWS

1 files changed, 17 insertions, 0 deletions

diff --git a/NEWS b/NEWS
index 14e3ef3de0..da6c0dabe6 100644
--- a/NEWS
+++ b/NEWS
@@ -41,10 +41,19 @@ PHP                                                                        NEWS
   . Fixed misparsing of abstract unix domain socket names. (Sara)
   . Fixed bug #74101, bug #74614 (Unserialize Heap Use-After-Free (READ: 1) in
     zval_get_type). (Nikita)
+  . Fixed bug #74111 (Heap buffer overread (READ: 1) finish_nested_data from
+    unserialize). (Nikita)
+  . Fixed bug #74603 (PHP INI Parsing Stack Buffer Overflow Vulnerability).
+    (Stas)
+  . Fixed bug #74819 (wddx_deserialize() heap out-of-bound read via
+    php_parse_date()). (Derick)
 
 - DOM:
   . Fixed bug #69373 (References to deleted XPath query results). (ttoohey)
 
+- GD:
+  . Fixed bug #74435 (Buffer over-read into uninitialized memory). (cmb)
+
 - Intl:
   . Fixed bug #73473 (Stack Buffer Overflow in msgfmt_parse_message). (libnex)
   . Fixed bug #74705 (Wrong reflection on Collator::getSortKey and
@@ -63,6 +72,14 @@ PHP                                                                        NEWS
   . Fixed bug #74663 (Segfault with opcache.memory_protect and
     validate_timestamp). (Laruence)
 
+- OpenSSL:
+  . Fixed bug #74651 (negative-size-param (-1) in memcpy in zif_openssl_seal()).
+    (Stas)
+
+- PCRE:
+  . Fixed bug #74087 (Segmentation fault in PHP7.1.1(compiled using the bundled PCRE library)).
+    (Stas)
+
 - PDO_OCI:
   . Support Instant Client 12.2 in --with-pdo-oci configure option.
     (Tianfang Yang)