prepare NEWS

author: Remi Collet <remi@php.net> 2019-12-17 13:14:29 +0100
committer: Remi Collet <remi@php.net> 2019-12-17 13:14:29 +0100
commit: 57dfaa9749d32e1197eec83e503ebecf454a120c (patch)
tree: f8cfa5cd9e2c1b6e30dadcc22359f9698fd45b61
parent: c88d95839fac7d82db7308565bc8e4ba5c665102 (diff)
download: php-git-57dfaa9749d32e1197eec83e503ebecf454a120c.tar.gz
1 files changed, 14 insertions, 1 deletions
diff --git a/NEWS b/NEWS
index 6b3646ed7d..cc010b1fcb 100644
--- a/NEWS
+++ b/NEWS
@@ -2,8 +2,21 @@ PHP                                                                        NEWS
 |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
 ?? ??? ????, PHP 7.2.26
 
+- Bcmath:
+  . Fixed bug #78878 (Buffer underflow in bc_shift_addsub). (CVE-2019-11046).
+    (cmb)
+
+- Core:
+  . Fixed bug #78862 (link() silently truncates after a null byte on Windows).
+    (CVE-2019-11044). (cmb)
+  . Fixed bug #78863 (DirectoryIterator class silently truncates after a null
+    byte). (CVE-2019-11045). (cmb)
 
-05 Dec 2019, PHP 7.2.26RC1
+- EXIF:
+  . Fixed bug #78793 (Use-after-free in exif parsing under memory sanitizer).
+    (CVE-2019-11050). (Nikita)
+  . Fixed bug #78910 (Heap-buffer-overflow READ in exif). (CVE-2019-11047).
+    (Nikita)
 
 - GD:
   . Fixed bug #78849 (GD build broken with -D SIGNED_COMPARE_SLOW). (cmb)
author	Remi Collet <remi@php.net>	2019-12-17 13:14:29 +0100
committer	Remi Collet <remi@php.net>	2019-12-17 13:14:29 +0100
commit	57dfaa9749d32e1197eec83e503ebecf454a120c (patch)
tree	f8cfa5cd9e2c1b6e30dadcc22359f9698fd45b61
parent	c88d95839fac7d82db7308565bc8e4ba5c665102 (diff)
download	php-git-57dfaa9749d32e1197eec83e503ebecf454a120c.tar.gz