[ci skip] Add 7.4.11 security fixes to NEWS

author: Stanislav Malyshev <stas@php.net> 2020-09-29 10:13:38 -0700
committer: Stanislav Malyshev <stas@php.net> 2020-09-29 10:13:38 -0700
commit: f20a2b4f3c25fba1769da5a2d35f44a492ed7f1f (patch)
tree: 26445d16039ca22181b3bec612884a410a850719 /NEWS
parent: 5c8b02fdd6d85c8a9ae96ed3485425f646aac857 (diff)
download: php-git-f20a2b4f3c25fba1769da5a2d35f44a492ed7f1f.tar.gz
1 files changed, 6 insertions, 0 deletions
diff --git a/NEWS b/NEWS
index 33cd7e20ad..d47582e51b 100644
--- a/NEWS
+++ b/NEWS
@@ -47,6 +47,8 @@ PHP                                                                        NEWS
   . Fixed bug #80048 (Bug #69100 has not been fixed for Windows). (cmb)
   . Fixed bug #80049 (Memleak when coercing integers to string via variadic
     argument). (Nikita)
+  . Fixed bug #79699 (PHP parses encoded cookie names so malicious `__Host-` 
+    cookies can be sent). (CVE-2020-7070) (Stas)
 
 - Calendar:
   . Fixed bug #80007 (Potential type confusion in unixtojd() parameter parsing).
@@ -63,6 +65,10 @@ PHP                                                                        NEWS
   . Fixed bug #79825 (opcache.file_cache causes SIGSEGV when custom opcode
     handlers changed). (SammyK)
 
+- OpenSSL:
+  . Fixed bug #79601 (Wrong ciphertext/tag in AES-CCM encryption for a 12 
+    bytes IV). (CVE-2020-7069) (Jakub Zelenka)
+
 - PDO:
   . Fixed bug #80027 (Terrible performance using $query->fetch on queries with
     many bind parameters (Matteo)
author	Stanislav Malyshev <stas@php.net>	2020-09-29 10:13:38 -0700
committer	Stanislav Malyshev <stas@php.net>	2020-09-29 10:13:38 -0700
commit	f20a2b4f3c25fba1769da5a2d35f44a492ed7f1f (patch)
tree	26445d16039ca22181b3bec612884a410a850719 /NEWS
parent	5c8b02fdd6d85c8a9ae96ed3485425f646aac857 (diff)
download	php-git-f20a2b4f3c25fba1769da5a2d35f44a492ed7f1f.tar.gz