NEWS for cherry-picked CVE patches

author: Julien Pauli <jpauli@php.net> 2014-03-05 11:08:11 +0100
committer: Julien Pauli <jpauli@php.net> 2014-03-05 11:08:11 +0100
commit: eb63f8c2a66906a617d94667f0b54f1544ac93d9 (patch)
tree: 4772c6897a8cc5b515056bdcc3395ca1221b4b1a
parent: 0880851f004ba8ad793b9fb68e3ee6755245a0ba (diff)
download: php-git-eb63f8c2a66906a617d94667f0b54f1544ac93d9.tar.gz
1 files changed, 7 insertions, 2 deletions
diff --git a/NEWS b/NEWS
index 49717f4baa..87ee948c59 100644
--- a/NEWS
+++ b/NEWS
@@ -1,6 +1,6 @@
 PHP                                                                        NEWS
 |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
-20 Fev 2014, PHP 5.5.10RC1
+06 Mar 2014, PHP 5.5.10
 
 - Core:
   . Fixed Request #66574i (Allow multiple paths in php_ini_scanned_path). (Remi)
@@ -10,7 +10,12 @@ PHP                                                                        NEWS
     per offset too). (Derick)
 
 - Fileinfo:
-  . Bug #66731 (file: infinite recursion) (CVE-2014-1943). (Remi)
+  . Fixed bug #66731 (file: infinite recursion) (CVE-2014-1943). (Remi)
+  . Fixed bug #66820 (out-of-bounds memory access in fileinfo). (Remi)
+
+- GD:
+  . Fixed bug #66815 (imagecrop(): insufficient fix for NULL defer 
+    CVE-2013-7327). (Tomas Hoger, Remi)
 
 - JSON:
   . Fixed bug #65753 (JsonSerializeable couldn't implement on module extension)
author	Julien Pauli <jpauli@php.net>	2014-03-05 11:08:11 +0100
committer	Julien Pauli <jpauli@php.net>	2014-03-05 11:08:11 +0100
commit	eb63f8c2a66906a617d94667f0b54f1544ac93d9 (patch)
tree	4772c6897a8cc5b515056bdcc3395ca1221b4b1a
parent	0880851f004ba8ad793b9fb68e3ee6755245a0ba (diff)
download	php-git-eb63f8c2a66906a617d94667f0b54f1544ac93d9.tar.gz