Sync NEWS

diff --git a/NEWS b/NEWS
index ab8a138b090a209799e19ef3abf7d6e66b42bdcc..5e765fe81e8a1d8d9e5ce0d2afdab626bf56a369 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -9,9 +9,22 @@ PHP                                                                        NEWS
   . TypeError messages for arg_info type checks will now say "must be ...
     or null" where the parameter or return type accepts null. (Andrea)
   . Fixed bug #72857 (stream_socket_recvfrom read access violation). (Anatol)
+  . Fixed bug #72663 (Create an Unexpected Object and Don't Invoke
+    __wakeup() in Deserialization). (Stas)
+  . Fixed bug #72681 (PHP Session Data Injection Vulnerability). (Stas)
+  . Fixed bug #72742 (memory allocator fails to realloc small block to large
+    one). (Stas)
+
+- Bz2:
+  . Fixed bug #72837 (integer overflow in bzdecompress caused heap
+    corruption). (Stas)
+
+- Curl
+  . Fixed bug #72674 (Heap overflow in curl_escape). (Stas)
 
 - EXIF:
   . Fixed bug #72735 (Samsung picture thumb not read (zero size)). (Kalle, Remi)
+  . Fixed bug #72627 (Memory Leakage In exif_process_IFD_in_TIFF). (Stas)
 
 - FTP:
   . Fixed bug #70195 (Cannot upload file using ftp_put to FTPES with
@@ -21,6 +34,9 @@ PHP                                                                        NEWS
   . Fixed bug #72711 (`mb_ereg` does not clear the `$regs` parameter on
     failure). (ju1ius)
 
+- Mcrypt:
+  . Fixed bug #72782 (Heap Overflow due to integer overflows). (Stas)
+
 - OCI8
   . Fixed invalid handle error with Implicit Result Sets. (Chris Jones)
   . Fixed bug #72524 (Binding null values triggers ORA-24816 error). (Chris Jones)
@@ -101,6 +117,8 @@ PHP                                                                        NEWS
 
 - GD:
   . Fixed bug #72709 (imagesetstyle() causes OOB read for empty $styles). (cmb)
+  . Fixed bug #72697 (select_colors write out-of-bounds). (Stas)
+  . Fixed bug #72730 (imagegammacorrect allows arbitrary write access). (Stas)
 
 - mbstring:
   . Fixed bug #72691 (mb_ereg_search raises a warning if a match zero-width).
@@ -125,6 +143,10 @@ PHP                                                                        NEWS
   . Fixed bug #72661 (ReflectionType::__toString crashes with iterable).
     (Laruence)
 
+- SNMP:
+  . Fixed bug #72708 (php_snmp_parse_oid integer overflow in memory
+    allocation). (djodjo at gmail dot com)
+
 - SPL:
   . Fixed bug #72646 (SplFileObject::getCsvControl does not return the escape
     character). (cmb)
@@ -150,10 +172,18 @@ PHP                                                                        NEWS
   . Fixed bug #54431 (opendir() does not work with ftps:// wrapper). (vhuk)
   . Fixed bug #72667 (opendir() with ftp:// attempts to open data stream for
     non-existent directories). (vhuk)
+  . Fixed bug #72771 (ftps:// wrapper is vulnerable to protocol downgrade
+    attack). (Stas)
 
 - Wddx:
   . Fixed bug #72142 (WDDX Packet Injection Vulnerability in
     wddx_serialize_value()). (Taoguang Chen)
+  . Fixed bug #72749 (wddx_deserialize allows illegal memory access) (Stas)
+  . Fixed bug #72750 (wddx_deserialize null dereference). (Stas)
+  . Fixed bug #72790 (wddx_deserialize null dereference with invalid xml).
+    (Stas)
+  . Fixed bug #72799 (wddx_deserialize null dereference in
+    php_wddx_pop_element). (Stas)
 
 - XMLRPC:
   . Fixed bug #72647 (xmlrpc_encode() unexpected output after referencing