Merge branch 'PHP-7.3' into PHP-7.4

* PHP-7.3: Update NEWS [ci skip]
author: Christoph M. Becker <cmbecker69@gmx.de> 2020-02-17 19:24:04 +0100
committer: Christoph M. Becker <cmbecker69@gmx.de> 2020-02-17 19:24:39 +0100
commit: 583e7bad79fa5e534889fa1edd1cc0284ca68cae (patch)
tree: f0981cf499744f74de31dc6a7b5e058a2e679e90
parent: e33ab23c832ff42a5828bf1834c26020d3f1767e (diff)
parent: 788065fb8cfaff83c15a4653ea664ebb353f131c (diff)
download: php-git-583e7bad79fa5e534889fa1edd1cc0284ca68cae.tar.gz
1 files changed, 10 insertions, 0 deletions
diff --git a/NEWS b/NEWS
index 40e69e88ed..9c22f96c1d 100644
--- a/NEWS
+++ b/NEWS
@@ -29,6 +29,16 @@ PHP                                                                        NEWS
   . Fixed bug #79257 (Duplicate named groups (?J) prefer last alternative even
     if not matched). (Nikita)
 
+- Phar:
+  . Fixed bug #79082 (Files added to tar with Phar::buildFromIterator have
+    all-access permissions). (CVE-2020-7063) (stas)
+  . Fixed bug #79171 (heap-buffer-overflow in phar_extract_file).
+    (CVE-	2020-7061) (cmb)
+
+- Session:
+  . Fixed bug #79221 (Null Pointer Dereference in PHP Session Upload Progress).
+    (CVE-2020-7062) (stas)
+
 - Standard:
   . Fixed bug #79254 (getenv() w/o arguments not showing changes). (cmb)
author	Christoph M. Becker <cmbecker69@gmx.de>	2020-02-17 19:24:04 +0100
committer	Christoph M. Becker <cmbecker69@gmx.de>	2020-02-17 19:24:39 +0100
commit	583e7bad79fa5e534889fa1edd1cc0284ca68cae (patch)
tree	f0981cf499744f74de31dc6a7b5e058a2e679e90
parent	e33ab23c832ff42a5828bf1834c26020d3f1767e (diff)
parent	788065fb8cfaff83c15a4653ea664ebb353f131c (diff)
download	php-git-583e7bad79fa5e534889fa1edd1cc0284ca68cae.tar.gz