From: Christoph M. Becker <cmbecker69@gmx.de>
Date: Tue, 30 Jul 2019 07:49:39 +0000 (+0200)
Subject: Add security related NEWS entries [ci skip]
X-Git-Tag: php-7.4.0beta2~19^2
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=ef439abd46aa14eb7d0e2ef3f4bd552ce8c3f6ee;p=php

Add security related NEWS entries [ci skip]
---

diff --git a/NEWS b/NEWS
index 76ea3d16bf..6e6407aed6 100644
--- a/NEWS
+++ b/NEWS
@@ -37,6 +37,12 @@ PHP                                                                        NEWS
   . Fixed bug #69044 (discrepency between time and microtime). (krakjoe)
   . Updated timelib to 2018.02. (Derick)
 
+- EXIF:
+  . Fixed bug #78256 (heap-buffer-overflow on exif_process_user_comment).
+    (CVE-2019-11042) (Stas)
+  . Fixed bug #78222 (heap-buffer-overflow on exif_scan_thumbnail).
+    (CVE-2019-11041) (Stas)
+
 - FTP:
   . Fixed bug #78039 (FTP with SSL memory leak). (Nikita)
 
@@ -67,11 +73,15 @@ PHP                                                                        NEWS
 - PCRE:
   . Fixed bug #78197 (PCRE2 version check in configure fails for "##.##-xxx"
     version strings). (pgnet, Peter Kokot)
+  . Fixed bug #78338 (Array cross-border reading in PCRE). (cmb)
 
 - PDO_Sqlite:
   . Fixed bug #78192 (SegFault when reuse statement after schema has changed).
     (Vincent Quatrevieux)
 
+- Phar:
+  . Fixed bug #77919 (Potential UAF in Phar RSHUTDOWN). (cmb)
+
 - Phpdbg:
   . Fixed bug #78297 (Include unexistent file memory leak). (Nikita)