From: Stanislav Malyshev <stas@php.net>
Date: Wed, 5 Jul 2017 02:30:29 +0000 (-0700)
Subject: Update NEWS
X-Git-Tag: php-5.6.31~11
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=12107d619b4380efa8543046357af07b7733020d;p=php

Update NEWS
---

diff --git a/NEWS b/NEWS
index 877e450586..d9ca91ab0d 100644
--- a/NEWS
+++ b/NEWS
@@ -2,9 +2,25 @@ PHP                                                                        NEWS
 |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
 ?? ?? 2017, PHP 5.6.31
 
-- Core
+- Core:
   . Fixed bug #73807 (Performance problem with processing post request over
     2000000 chars). (Nikita)
+  . Fixed bug #74111 (Heap buffer overread (READ: 1) finish_nested_data from
+    unserialize). (Nikita)
+  . Fixed bug #74603 (PHP INI Parsing Stack Buffer Overflow Vulnerability).
+    (Stas)
+  . Fixed bug #74819 (wddx_deserialize() heap out-of-bound read via 
+    php_parse_date()). (Derick)
+
+GD:
+  . Fixed bug #74435 (Buffer over-read into uninitialized memory). (cmb)
+
+OpenSSL:
+  . Fixed bug #74651 (negative-size-param (-1) in memcpy in zif_openssl_seal()).
+    (Stas)
+
+WDDX:
+   . Fixed bug #74145 (wddx parsing empty boolean tag leads to SIGSEGV). (Stas)
 
 19 Jan 2017, PHP 5.6.30