From: Stanislav Malyshev <stas@php.net>
Date: Wed, 9 May 2012 20:37:49 +0000 (-0700)
Subject: update NEWS
X-Git-Tag: php-5.4.4RC1~17
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=58482206f5e101ea8a1768375439021891c84bdf;p=php

update NEWS
---

diff --git a/NEWS b/NEWS
index a87211298f..a4486c8cf5 100644
--- a/NEWS
+++ b/NEWS
@@ -1,6 +1,6 @@
 PHP                                                                        NEWS
 |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
-?? ??? 2012, PHP 5.4.2
+?? ??? 2012, PHP 5.4.4
 
 - CLI Server:
   . Implemented FR #61977 (Need CLI web-server support for files with .htm & 
@@ -51,6 +51,18 @@ PHP                                                                        NEWS
     sent when no compression). (Mike)
   . Fixed bug #61443 (can't change zlib.output_compression on the fly). (Mike)
 
+08 May 2012, PHP 5.4.3
+
+- CGI
+  . Re-Fix PHP-CGI query string parameter vulnerability, CVE-2012-1823.
+    (Stas)
+  . Fix bug #61807 - Buffer Overflow in apache_request_headers.
+    (nyt-php at countercultured dot net). 
+
+03 May 2012, PHP 5.4.2
+
+- Fix PHP-CGI query string parameter vulnerability, CVE-2012-1823. (Rasmus)
+
 26 Apr 2012, PHP 5.4.1
 
 - CLI Server: