- update NEWS

author Pierre Joye <pierre.php@gmail.com>

Wed, 21 Mar 2012 06:06:07 +0000 (07:06 +0100)

committer Pierre Joye <pierre.php@gmail.com>

Wed, 21 Mar 2012 06:06:07 +0000 (07:06 +0100)
author Pierre Joye <pierre.php@gmail.com>
Wed, 21 Mar 2012 06:06:07 +0000 (07:06 +0100)
committer Pierre Joye <pierre.php@gmail.com>
Wed, 21 Mar 2012 06:06:07 +0000 (07:06 +0100)
diff --git a/NEWS b/NEWS

index a2d7c051e653aa1505e96909138b5c68a5864e05..1b1db1e2ec48669ff569b44075dc3c6eafe30311 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -25,6 +25,9 @@ PHP                                                                        NEWS
    . Fixed bug #60227 (header() cannot detect the multi-line header with CR).
      (rui, Gustavo)
    . Fixed bug #60222 (time_nanosleep() does validate input params). (Ilia)
+  . Fixed bug #54374 (Insufficient validating of upload name leading to 
+    corrupted $_FILES indices). (CVE-2012-1172). (Stas, lekensteyn at
+    gmail dot com, Pierre)
    . Fixed bug #52719 (array_walk_recursive crashes if third param of the
      function is by reference). (Nikita Popov)
    . Fixed bug #51860 (Include fails with toplevel symlink to /). (Dmitry)
author	Pierre Joye <pierre.php@gmail.com>
	Wed, 21 Mar 2012 06:06:07 +0000 (07:06 +0100)
committer	Pierre Joye <pierre.php@gmail.com>
	Wed, 21 Mar 2012 06:06:07 +0000 (07:06 +0100)