From 359bc0ee2f965ee0a76ddf0a7bb3bffb62662495 Mon Sep 17 00:00:00 2001
From: Lior Kaplan <kaplanlior@gmail.com>
Date: Wed, 20 Aug 2014 00:51:37 +0300
Subject: Add CVE ID for bug #67539

---
 NEWS | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/NEWS b/NEWS
index 5df40324da..e274d23206 100644
--- a/NEWS
+++ b/NEWS
@@ -51,7 +51,7 @@ PHP                                                                        NEWS
 
 - SPL:
   . Fixed bug #67539 (ArrayIterator use-after-free due to object change during
-    sorting). (research at insighti dot org, Laruence)
+    sorting). (CVE-2014-4698) (research at insighti dot org, Laruence)
   . Fixed bug #67538 (SPL Iterators use-after-free). (CVE-2014-4670) (Laruence)
 
 - Core:
-- 
cgit v1.2.1


From 276bead9c47e91fa3fffce87a6911eaafdb1f8ab Mon Sep 17 00:00:00 2001
From: Lior Kaplan <kaplanlior@gmail.com>
Date: Wed, 20 Aug 2014 00:54:19 +0300
Subject: Add NEWS entry for bug #67730

Included in 5.4.32 with commit 706aefb
---
 NEWS | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/NEWS b/NEWS
index e274d23206..37f33a4b0d 100644
--- a/NEWS
+++ b/NEWS
@@ -30,6 +30,8 @@ PHP                                                                        NEWS
 - GD:
   . Fixed bug #66901 (php-gd 'c_color' NULL pointer dereference).
     (CVE-2014-2497). (Remi)
+  . Fixed bug #67730 (Null byte injection possible with imagexxx functions).
+    (CVE-2014-5120) (Ryan Mauger)
 
 - Network:
   . Fixed bug #67717 (segfault in dns_get_record). (CVE-2014-3597) (Remi)
-- 
cgit v1.2.1