add news for SOAP fixes

author: Stanislav Malyshev <stas@php.net> 2013-02-26 22:20:21 -0800
committer: Stanislav Malyshev <stas@php.net> 2013-02-26 22:20:21 -0800
commit: 7ffb77d243897a1a9d39a6a51715d9ff3c14e02a (patch)
tree: 427b8a63e424a092473165cc67fb585ab820d49b
parent: 7c082325091ee7bfcf0e1e8b488b1e9fa66f0739 (diff)
download: php-git-7ffb77d243897a1a9d39a6a51715d9ff3c14e02a.tar.gz
1 files changed, 5 insertions, 0 deletions
diff --git a/NEWS b/NEWS
index 5fea27afdb..6600eed3d9 100644
--- a/NEWS
+++ b/NEWS
@@ -23,6 +23,11 @@ PHP                                                                        NEWS
   . Fixed bug #60840 (undefined symbol: mysqlnd_debug_std_no_trace_funcs).
     (Johannes)
 
+- SOAP
+  . Added check that soap.wsdl_cache_dir conforms to open_basedir
+    (CVE-2013-1635). (Dmitry)
+  . Disabled external entities loading (CVE-2013-1643). (Dmitry)
+
 - SPL:
   . Fixed bug #64264 (SPLFixedArray toArray problem). (Laruence)
   . Fixed bug #64228 (RecursiveDirectoryIterator always assumes SKIP_DOTS).
author	Stanislav Malyshev <stas@php.net>	2013-02-26 22:20:21 -0800
committer	Stanislav Malyshev <stas@php.net>	2013-02-26 22:20:21 -0800
commit	7ffb77d243897a1a9d39a6a51715d9ff3c14e02a (patch)
tree	427b8a63e424a092473165cc67fb585ab820d49b
parent	7c082325091ee7bfcf0e1e8b488b1e9fa66f0739 (diff)
download	php-git-7ffb77d243897a1a9d39a6a51715d9ff3c14e02a.tar.gz