From d8da372fd0aa22d503b4204f4485b2d5c8ce75bd Mon Sep 17 00:00:00 2001
From: Raphael Geissert <geissert@php.net>
Date: Sat, 13 Mar 2010 18:40:29 +0000
Subject: Fix CVE-2010-0397: null pointer dereference when processing invalid
 XML-RPC requests (bug #51288)

---
 NEWS | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'NEWS')

diff --git a/NEWS b/NEWS
index a52518aed5..2f58d1ae7c 100644
--- a/NEWS
+++ b/NEWS
@@ -6,6 +6,9 @@ PHP                                                                        NEWS
 - Added stream filter support to mcrypt extension (ported from 
   mcrypt_filter). (Stas)
 
+- Fixed a NULL pointer dereference when processing invalid XML-RPC
+  requests (Fixes CVE-2010-0397, bug #51288). (Raphael Geissert)
+
 - Fixed bug #51269 (zlib.output_compression Overwrites Vary Header). (Adam)
 - Fixed bug #51257 (CURL_VERSION_LARGEFILE incorrectly used after libcurl
   version 7.10.1). (aron dot ujvari at microsec dot hu)
-- 
cgit v1.2.1