Add entries for phar bug fixes in 5.6.11 (also have CVE assigned)

author Lior Kaplan <kaplanlior@gmail.com>

Mon, 10 Aug 2015 08:49:18 +0000 (11:49 +0300)

committer Lior Kaplan <kaplanlior@gmail.com>

Mon, 10 Aug 2015 08:49:18 +0000 (11:49 +0300)
author Lior Kaplan <kaplanlior@gmail.com>
Mon, 10 Aug 2015 08:49:18 +0000 (11:49 +0300)
committer Lior Kaplan <kaplanlior@gmail.com>
Mon, 10 Aug 2015 08:49:18 +0000 (11:49 +0300)
diff --git a/NEWS b/NEWS

index 2bad4c9370ff54818ec1954030acec53e2e90e46..35b1d47a6d608f0159ca844d5d88b18d17d36556 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -95,6 +95,12 @@ PHP                                                                        NEWS
    . Fixed bug #69344 (PDO PgSQL Incorrect binding numeric array with gaps).
      (Matteo)
  
+- Phar:
+  . Fixed bug #69958 (Segfault in Phar::convertToData on invalid file).
+    (CVE-2015-5589) (Stas)
+  . Fixed bug #69923 (Buffer overflow and stack smashing error in
+    phar_fix_filepath). (CVE-2015-5590) (Stas)
+
  - SimpleXML:
    . Refactored the fix for bug #66084 (simplexml_load_string() mangles empty
      node name). (Christoph Michael Becker)
author	Lior Kaplan <kaplanlior@gmail.com>
	Mon, 10 Aug 2015 08:49:18 +0000 (11:49 +0300)
committer	Lior Kaplan <kaplanlior@gmail.com>
	Mon, 10 Aug 2015 08:49:18 +0000 (11:49 +0300)