Update NEWS

author Christoph M. Becker <cmbecker69@gmx.de>

Tue, 22 Oct 2019 07:50:11 +0000 (09:50 +0200)

committer Christoph M. Becker <cmbecker69@gmx.de>

Tue, 22 Oct 2019 07:50:11 +0000 (09:50 +0200)
author Christoph M. Becker <cmbecker69@gmx.de>
Tue, 22 Oct 2019 07:50:11 +0000 (09:50 +0200)
committer Christoph M. Becker <cmbecker69@gmx.de>
Tue, 22 Oct 2019 07:50:11 +0000 (09:50 +0200)
diff --git a/NEWS b/NEWS

index ae815659a3086f43b859607c27b3be55b948f38f..25df4d6e993fec4cd4c8221e94de3b9b07c282ed 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -40,10 +40,13 @@ PHP                                                                        NEWS
         (Kalle)
  
  - FPM:
+  . Fixed bug #78599 (env_path_info underflow in fpm_main.c can lead to RCE).
+    (CVE-2019-11043) (Jakub Zelenka)
    . Fixed bug #78413 (request_terminate_timeout does not take effect after
      fastcgi_finish_request). (Sergei Turchanov)
  
  - MBString:
+  . Fixed bug #78633 (Heap buffer overflow (read) in mb_eregi). (cmb)
    . Fixed bug #78579 (mb_decode_numericentity: args number inconsistency).
      (cmb)
    . Fixed bug #78609 (mb_check_encoding() no longer supports stringable
author	Christoph M. Becker <cmbecker69@gmx.de>
	Tue, 22 Oct 2019 07:50:11 +0000 (09:50 +0200)
committer	Christoph M. Becker <cmbecker69@gmx.de>
	Tue, 22 Oct 2019 07:50:11 +0000 (09:50 +0200)