- update NEWS

author: Pierre Joye <pierre.php@gmail.com> 2012-03-21 07:06:07 +0100
committer: Pierre Joye <pierre.php@gmail.com> 2012-03-21 07:06:07 +0100
commit: fda25d97ffa4e623b824aa70f0ba98e9eba88ef7 (patch)
tree: b6d035d70f5ba03bdcff0eb410a5943a15fa9ebb
parent: baeaafd3951451c7dadf949c7677e90141c1e17a (diff)
download: php-git-fda25d97ffa4e623b824aa70f0ba98e9eba88ef7.tar.gz
1 files changed, 3 insertions, 0 deletions
diff --git a/NEWS b/NEWS
index a2d7c051e6..1b1db1e2ec 100644
--- a/NEWS
+++ b/NEWS
@@ -25,6 +25,9 @@ PHP                                                                        NEWS
   . Fixed bug #60227 (header() cannot detect the multi-line header with CR).
     (rui, Gustavo)
   . Fixed bug #60222 (time_nanosleep() does validate input params). (Ilia)
+  . Fixed bug #54374 (Insufficient validating of upload name leading to 
+    corrupted $_FILES indices). (CVE-2012-1172). (Stas, lekensteyn at
+    gmail dot com, Pierre)
   . Fixed bug #52719 (array_walk_recursive crashes if third param of the
     function is by reference). (Nikita Popov)
   . Fixed bug #51860 (Include fails with toplevel symlink to /). (Dmitry)
author	Pierre Joye <pierre.php@gmail.com>	2012-03-21 07:06:07 +0100
committer	Pierre Joye <pierre.php@gmail.com>	2012-03-21 07:06:07 +0100
commit	fda25d97ffa4e623b824aa70f0ba98e9eba88ef7 (patch)
tree	b6d035d70f5ba03bdcff0eb410a5943a15fa9ebb
parent	baeaafd3951451c7dadf949c7677e90141c1e17a (diff)
download	php-git-fda25d97ffa4e623b824aa70f0ba98e9eba88ef7.tar.gz