add missing news entries

author: Ferenc Kovacs <tyrael@php.net> 2015-09-03 01:46:38 +0200
committer: Ferenc Kovacs <tyrael@php.net> 2015-09-03 01:46:38 +0200
commit: 3759de241f07a814c265321a1ffda51d010ac824 (patch)
tree: 5cb5d54f951a738bececff27118923bf6800536f /NEWS
parent: c65350cd4d84302e4c4779ab8e5092f833d8425f (diff)
download: php-git-3759de241f07a814c265321a1ffda51d010ac824.tar.gz
1 files changed, 28 insertions, 0 deletions
diff --git a/NEWS b/NEWS
index 8f68c45df9..c4286320e8 100644
--- a/NEWS
+++ b/NEWS
@@ -23,6 +23,9 @@ PHP                                                                        NEWS
   . Fixed bug #69487 (SAPI may truncate POST data). (cmb)
   . Fixed bug #70198 (Checking liveness does not work as expected).
     (Shafreeck Sea, Anatol Belski)
+  . Fixed bug #70172 (Use After Free Vulnerability in unserialize()). (Stas)
+  . Fixed bug #70219 (Use after free vulnerability in session deserializer).
+    (taoguangchen at icloud dot com)
 
 - CLI server:
   . Fixed bug #66606 (Sets HTTP_CONTENT_TYPE but not CONTENT_TYPE).
@@ -35,6 +38,14 @@ PHP                                                                        NEWS
   . Fixed bug #70277 (new DateTimeZone($foo) is ignoring text after null byte).
     (cmb)
 
+- EXIF:
+  . Fixed bug #70385 (Buffer over-read in exif_read_data with TIFF IFD tag byte
+    value of 32 bytes). (Stas)
+
+- hash:
+  . Fixed bug #70312 (HAVAL gives wrong hashes in specific cases). (letsgolee
+    at naver dot com)
+
 - MCrypt:
   . Fixed bug #69833 (mcrypt fd caching not working). (Anatol)
 
@@ -45,14 +56,24 @@ PHP                                                                        NEWS
 - PCRE:
   . Fixed bug #70232 (Incorrect bump-along behavior with \K and empty string
     match). (cmb)
+  . Fixed bug #70345 (Multiple vulnerabilities related to PCRE functions).
+    (Anatol Belski)
 
 - Phpdbg:
   . Fix phpdbg_break_next() sometimes not breaking. (Bob)
 
+- SOAP:
+  . Fixed bug #70388 (SOAP serialize_function_call() type confusion / RCE).
+    (Stas)
+
 - SPL:
   . Fixed bug #70290 (Null pointer deref (segfault) in spl_autoload via
     ob_start). (hugh at allthethings dot co dot nz)
   . Fixed bug #70303 (Incorrect constructor reflection for ArrayObject). (cmb)
+  . Fixed bug #70365 (Use-after-free vulnerability in unserialize() with
+    SplObjectStorage). (taoguangchen at icloud dot com)
+  . Fixed bug #70366 (Use-after-free vulnerability in unserialize() with
+    SplDoublyLinkedList). (taoguangchen at icloud dot com)
 
 - Standard:
   . Fixed bug #70052 (getimagesize() fails for very large and very small WBMP).
@@ -60,6 +81,13 @@ PHP                                                                        NEWS
   . Fixed bug #70157 (parse_ini_string() segmentation fault with 
     INI_SCANNER_TYPED). (Tjerk)
 
+- XSLT:
+  . Fixed bug #69782 (NULL pointer dereference). (Stas)
+
+- ZIP:
+  . Fixed bug #70350 (ZipArchive::extractTo allows for directory traversal when
+    creating directories). (neal at fb dot com)
+
 06 Aug 2015, PHP 5.6.12
 
 - Core:
author	Ferenc Kovacs <tyrael@php.net>	2015-09-03 01:46:38 +0200
committer	Ferenc Kovacs <tyrael@php.net>	2015-09-03 01:46:38 +0200
commit	3759de241f07a814c265321a1ffda51d010ac824 (patch)
tree	5cb5d54f951a738bececff27118923bf6800536f /NEWS
parent	c65350cd4d84302e4c4779ab8e5092f833d8425f (diff)
download	php-git-3759de241f07a814c265321a1ffda51d010ac824.tar.gz