From: Christoph M. Becker <cmbecker69@gmx.de>
Date: Tue, 21 Jan 2020 10:31:14 +0000 (+0100)
Subject: Update NEWS wrt. sec fixes
X-Git-Tag: php-7.3.15RC1~28
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=b67fc51859c00e884d96208cc55e076a3aea8f89;p=php

Update NEWS wrt. sec fixes
---

diff --git a/NEWS b/NEWS
index f506b78b4e..e670c3f999 100644
--- a/NEWS
+++ b/NEWS
@@ -48,6 +48,10 @@ PHP                                                                        NEWS
 - Libxml:
   . Fixed bug #79029 (Use After Free's in XMLReader / XMLWriter). (Laruence)
 
+- Mbstring:
+  . Fixed bug #79037 (global buffer-overflow in `mbfl_filt_conv_big5_wchar`). 
+    (CVE-2020-7060) (Nikita)
+
 - OPcache:
   . Fixed bug #79040 (Warning Opcode handlers are unusable due to ASLR). (cmb)
 
@@ -63,10 +67,14 @@ PHP                                                                        NEWS
   . Fixed bug #78982 (pdo_pgsql returns dead persistent connection). (SATŌ
     Kentarō)
 
+- Session:
+  . Fixed bug #79091 (heap use-after-free in session_create_id()). (cmb, Nikita)
+
 - Shmop:
   . Fixed bug #78538 (shmop memory leak). (cmb)
 
 - Standard:
+  . Fixed bug #79099 (OOB read in php_strip_tags_ex). (CVE-2020-7059). (cmb)
   . Fixed bug #54298 (Using empty additional_headers adding extraneous CRLF).
     (cmb)