[ci skip] Update NEWS

author Stanislav Malyshev <stas@php.net>

Tue, 17 Dec 2019 07:41:04 +0000 (23:41 -0800)

committer Stanislav Malyshev <stas@php.net>

Tue, 17 Dec 2019 07:41:04 +0000 (23:41 -0800)
author Stanislav Malyshev <stas@php.net>
Tue, 17 Dec 2019 07:41:04 +0000 (23:41 -0800)
committer Stanislav Malyshev <stas@php.net>
Tue, 17 Dec 2019 07:41:04 +0000 (23:41 -0800)
diff --git a/NEWS b/NEWS

index 44f070a931283b0a6813b006b43fb11ab35269d1..600affadc13eff29360a1954f57917f2dc7752d8 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -5,6 +5,22 @@ PHP                                                                        NEWS
  
  19 Dec 2019, PHP 7.2.26
  
+- Bcmath:
+  . Fixed bug #78878 (Buffer underflow in bc_shift_addsub). (CVE-2019-11046).
+    (cmb)
+
+- Core:
+  . Fixed bug #78862 (link() silently truncates after a null byte on Windows).
+    (CVE-2019-11044). (cmb)
+  . Fixed bug #78863 (DirectoryIterator class silently truncates after a null
+    byte). (CVE-2019-11045). (cmb)
+
+- EXIF:
+  . Fixed bug #78793 (Use-after-free in exif parsing under memory sanitizer).
+    (CVE-2019-11050). (Nikita)
+  . Fixed bug #78910 (Heap-buffer-overflow READ in exif). (CVE-2019-11047).
+    (Nikita)
+
  - GD:
    . Fixed bug #78849 (GD build broken with -D SIGNED_COMPARE_SLOW). (cmb)
author	Stanislav Malyshev <stas@php.net>
	Tue, 17 Dec 2019 07:41:04 +0000 (23:41 -0800)
committer	Stanislav Malyshev <stas@php.net>
	Tue, 17 Dec 2019 07:41:04 +0000 (23:41 -0800)