sync NEWS

1 files changed, 5 insertions, 1 deletions

diff --git a/NEWS b/NEWS
index 618bf8d38f..88c55c9010 100644
--- a/NEWS
+++ b/NEWS
@@ -1,6 +1,6 @@
 PHP                                                                        NEWS
 |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
-22 Jun 2017 PHP 7.0.21RC1
+06 Jul 2017 PHP 7.0.21
 
 - Core:
   . Fixed bug #74738 (Multiple [PATH=] and [HOST=] sections not properly
@@ -8,6 +8,8 @@ PHP                                                                        NEWS
   . Fixed bug #74658 (Undefined constants in array properties result in broken
     properties). (Laruence)
   . Fixed misparsing of abstract unix domain socket names. (Sara)
+  . Fixed bug #74101, bug #74614 (Unserialize Heap Use-After-Free (READ: 1) in
+    zval_get_type). (Nikita)
 
 - DOM:
   . Fixed bug #69373 (References to deleted XPath query results). (ttoohey)
@@ -16,6 +18,7 @@ PHP                                                                        NEWS
   . Fixed bug #73473 (Stack Buffer Overflow in msgfmt_parse_message). (libnex)
   . Fixed bug #74705 (Wrong reflection on Collator::getSortKey and
     collator_get_sort_key). (Tyson Andre, Remi)
+  . Fixed bug #73634 (grapheme_strpos illegal memory access). (Stas)
 
 - Mbstring:
   . Add oniguruma upstream fix (CVE-2017-9224, CVE-2017-9226, CVE-2017-9227,
@@ -43,6 +46,7 @@ PHP                                                                        NEWS
 - Standard:
   . Fixed bug #74708 (Invalid Reflection signatures for random_bytes and
     random_int). (Tyson Andre, Remi)
+  . Fixed bug #73648 (Heap buffer overflow in substr). (Stas)
 
 - FTP:
   . Fixed bug #74598 (ftp:// wrapper ignores context arg). (Sara)