Add entries for phar bug fixes in 5.6.11 (also have CVE assigned)

author: Lior Kaplan <kaplanlior@gmail.com> 2015-08-10 11:49:18 +0300
committer: Lior Kaplan <kaplanlior@gmail.com> 2015-08-10 11:49:18 +0300
commit: c1127c4de354f587e3c0e8a384a16814dd665ca5 (patch)
tree: 232a9c4c5432390889264779a317650d6cdbd414
parent: 36cbb7cc4c7cd492394c62cd883c8e29d4f45760 (diff)
download: php-git-c1127c4de354f587e3c0e8a384a16814dd665ca5.tar.gz
1 files changed, 6 insertions, 0 deletions
diff --git a/NEWS b/NEWS
index 2bad4c9370..35b1d47a6d 100644
--- a/NEWS
+++ b/NEWS
@@ -95,6 +95,12 @@ PHP                                                                        NEWS
   . Fixed bug #69344 (PDO PgSQL Incorrect binding numeric array with gaps).
     (Matteo)
 
+- Phar:
+  . Fixed bug #69958 (Segfault in Phar::convertToData on invalid file).
+    (CVE-2015-5589) (Stas)
+  . Fixed bug #69923 (Buffer overflow and stack smashing error in
+    phar_fix_filepath). (CVE-2015-5590) (Stas)
+
 - SimpleXML:
   . Refactored the fix for bug #66084 (simplexml_load_string() mangles empty
     node name). (Christoph Michael Becker)
author	Lior Kaplan <kaplanlior@gmail.com>	2015-08-10 11:49:18 +0300
committer	Lior Kaplan <kaplanlior@gmail.com>	2015-08-10 11:49:18 +0300
commit	c1127c4de354f587e3c0e8a384a16814dd665ca5 (patch)
tree	232a9c4c5432390889264779a317650d6cdbd414
parent	36cbb7cc4c7cd492394c62cd883c8e29d4f45760 (diff)
download	php-git-c1127c4de354f587e3c0e8a384a16814dd665ca5.tar.gz