From: Remi Collet <remi@php.net>
Date: Thu, 6 Jul 2017 11:22:10 +0000 (+0200)
Subject: [ci skip] sync NEWS
X-Git-Tag: php-7.2.0beta1~137
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=9470b2016cf941732c3144598eb7db195446d910;p=php

[ci skip] sync NEWS
---

diff --git a/NEWS b/NEWS
index d3604ee6eb..9c400e0437 100644
--- a/NEWS
+++ b/NEWS
@@ -2,6 +2,20 @@ PHP                                                                        NEWS
 |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
 ?? ??? ????, PHP 7.2.0beta1
 
+- Core:
+  . Fixed bug #74603 (PHP INI Parsing Stack Buffer Overflow Vulnerability).
+    (Stas)
+  . Fixed bug #74111 (Heap buffer overread (READ: 1) finish_nested_data from
+    unserialize). (Nikita)
+  . Fixed bug #74819 (wddx_deserialize() heap out-of-bound read via
+    php_parse_date()). (Derick)
+
+- GD:
+  . Fixed bug #74435 (Buffer over-read into uninitialized memory). (cmb)
+
+- OpenSSL:
+  . Fixed bug #74651 (negative-size-param (-1) in memcpy in zif_openssl_seal()).
+    (Stas)
 
 06 Jul 2017, PHP 7.2.0alpha3