update NEWS

author: Stanislav Malyshev <stas@php.net> 2012-05-09 13:37:49 -0700
committer: Stanislav Malyshev <stas@php.net> 2012-05-12 19:39:12 -0700
commit: 58482206f5e101ea8a1768375439021891c84bdf (patch)
tree: 46d697c0fe015f8f8a6c1c18df8872fcc55ee862
parent: 6a5095582a1e3b9a065863c9990e2f001d1cdc10 (diff)
download: php-git-58482206f5e101ea8a1768375439021891c84bdf.tar.gz
1 files changed, 13 insertions, 1 deletions
diff --git a/NEWS b/NEWS
index a87211298f..a4486c8cf5 100644
--- a/NEWS
+++ b/NEWS
@@ -1,6 +1,6 @@
 PHP                                                                        NEWS
 |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
-?? ??? 2012, PHP 5.4.2
+?? ??? 2012, PHP 5.4.4
 
 - CLI Server:
   . Implemented FR #61977 (Need CLI web-server support for files with .htm & 
@@ -51,6 +51,18 @@ PHP                                                                        NEWS
     sent when no compression). (Mike)
   . Fixed bug #61443 (can't change zlib.output_compression on the fly). (Mike)
 
+08 May 2012, PHP 5.4.3
+
+- CGI
+  . Re-Fix PHP-CGI query string parameter vulnerability, CVE-2012-1823.
+    (Stas)
+  . Fix bug #61807 - Buffer Overflow in apache_request_headers.
+    (nyt-php at countercultured dot net). 
+
+03 May 2012, PHP 5.4.2
+
+- Fix PHP-CGI query string parameter vulnerability, CVE-2012-1823. (Rasmus)
+
 26 Apr 2012, PHP 5.4.1
 
 - CLI Server:
author	Stanislav Malyshev <stas@php.net>	2012-05-09 13:37:49 -0700
committer	Stanislav Malyshev <stas@php.net>	2012-05-12 19:39:12 -0700
commit	58482206f5e101ea8a1768375439021891c84bdf (patch)
tree	46d697c0fe015f8f8a6c1c18df8872fcc55ee862
parent	6a5095582a1e3b9a065863c9990e2f001d1cdc10 (diff)
download	php-git-58482206f5e101ea8a1768375439021891c84bdf.tar.gz