From: Ferenc Kovacs <tyrael@php.net>
Date: Wed, 15 Oct 2014 12:07:40 +0000 (+0200)
Subject: update NEWS, 5.6.2 will be a security-only release
X-Git-Tag: php-5.6.3RC1~59^2~11
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=b85b87fabc8dde3c558dd4a7aa516523c0f36b3f;p=php

update NEWS, 5.6.2 will be a security-only release
---

diff --git a/NEWS b/NEWS
index c44cea0459..83abd89445 100644
--- a/NEWS
+++ b/NEWS
@@ -1,6 +1,6 @@
 PHP                                                                        NEWS
 |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
-?? ??? 2014, PHP 5.6.2
+?? ??? 2014, PHP 5.6.3
 
 - Core:
   . Fixed bug #67739 (Windows 8.1/Server 2012 R2 OS build number reported
@@ -45,6 +45,23 @@ PHP                                                                        NEWS
 - SPL:
   . Fixed bug #68128 (Regression in RecursiveRegexIterator) (Tjerk)
 
+16 Oct 2014, PHP 5.6.2
+
+- Core:
+  . Fixed bug #68044 (Integer overflow in unserialize() (32-bits only)).
+    (CVE-2014-3669) (Stas)
+
+- cURL:
+  . Fixed bug #68089 (NULL byte injection - cURL lib). (Stas)
+
+- EXIF:
+  . Fixed bug #68113 (Heap corruption in exif_thumbnail()). (CVE-2014-3670)
+    (Stas)
+
+- XMLRPC:
+  . Fixed bug #68027 (Global buffer overflow in mkgmtime() function).
+    (CVE-2014-3668) (Stas)
+
 02 Oct 2014, PHP 5.6.1
 
 - Core: