fix NEWS

diff --git a/NEWS b/NEWS
index a24f4bbf25e0498fe9d12df731483e2275b99692..c3b656b81d64b7faea17674a3f5dc4e559f911a4 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -18,12 +18,15 @@
   . Fixed bug #65576 (Constructor from trait conflicts with inherited
     constructor). (dunglas at gmail dot com)
   . Fixed bug #68676 (Explicit Double Free). (Kalle)
+  . Fixed bug #68710 (Use After Free Vulnerability in PHP's unserialize()).
+    (CVE-2015-0231) (Stefan Esser)
 
 - CGI:
-  . Fix bug #68618 (out of bounds read crashes php-cgi). (Stas)
+  . Fixed bug #68618 (out of bounds read crashes php-cgi). (CVE-2014-9427)
+    (Stas)
 
 - CLI server:
-  . Fix bug #68745 (Invalid HTTP requests make web server segfault). (Adam)
+  . Fixed bug #68745 (Invalid HTTP requests make web server segfault). (Adam)
 
 - cURL:
   . Fixed bug #67643 (curl_multi_getcontent returns '' when
@@ -33,6 +36,10 @@
   . Implemented FR #68268 (DatePeriod: Getter for start date, end date and 
     interval). (Marc Bennewitz)
 
+- EXIF:
+  . Fixed bug #68799: Free called on unitialized pointer. (CVE-2015-0232)
+    (Stas)
+
 - Fileinfo:
   . Fixed bug #68398 (msooxml matches too many archives). (Anatol)
   . Fixed bug #68665 (invalid free in libmagic). (Joshua Rogers, Anatol Belski)
@@ -75,6 +82,10 @@
 - pgsql:
   . Fixed bug #68697 (lo_export return -1 on failure). (Ondřej Surý)
 
+- PDO:
+  . Fixed bug #68371 (PDO#getAttribute() cannot be called with platform-specifi
+    attribute names). (Matteo)
+
 - PDO_mysql:
   . Fixed bug #68424 (Add new PDO mysql connection attr to control multi
     statements option). (peter dot wolanin at acquia dot com)