Add CVE for bugs in 5.6.9

diff --git a/NEWS b/NEWS
index aa752a4f2f538295cd0c3791982eb0d40e7f8f7f..852358af115761935dd74a428597e62acfb9e2c1 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -39,15 +39,17 @@ PHP                                                                        NEWS
     (Nikita)
   . Fixed bug #69472 (php_sys_readlink ignores misc errors from
        GetFinalPathNameByHandleA). (Jan Starke)
-  . Fixed bug #69364 (PHP Multipart/form-data remote dos Vulnerability). (Stas)
+  . Fixed bug #69364 (PHP Multipart/form-data remote dos Vulnerability).
+    (CVE-2015-4024) (Stas)
   . Fixed bug #69403 (str_repeat() sign mismatch based memory corruption).
     (Stas)
-  . Fixed bug #69418 (CVE-2006-7243 fix regressions in 5.4+). (Stas)
+  . Fixed bug #69418 (CVE-2006-7243 fix regressions in 5.4+). (CVE-2015-4025)
+    (Stas)
   . Fixed bug #69522 (heap buffer overflow in unpack()). (Stas)
 
 - FTP:
   . Fixed bug #69545 (Integer overflow in ftp_genlist() resulting in heap
-    overflow). (Stas)
+    overflow). (CVE-2015-4022) (Stas)
 
 - ODBC:
   . Fixed bug #69354 (Incorrect use of SQLColAttributes with ODBC 3.0).
@@ -62,14 +64,15 @@ PHP                                                                        NEWS
     (Daniel Lowrey)
 
 - PCNTL:
-  . Fixed bug #68598 (pcntl_exec() should not allow null char). (Stas)
+  . Fixed bug #68598 (pcntl_exec() should not allow null char). (CVE-2015-4026)
+    (Stas)
 
 - PCRE
-  . Upgraded pcrelib to 8.37.
+  . Upgraded pcrelib to 8.37. (CVE-2015-2325, CVE-2015-2326)
 
 - Phar:
   . Fixed bug #69453 (Memory Corruption in phar_parse_tarfile when entry
-    filename starts with null). (Stas)
+    filename starts with null). (CVE-2015-4021) (Stas)
 
 16 Apr 2015, PHP 5.6.8