Update NEWS

author: Christoph M. Becker <cmbecker69@gmx.de> 2019-10-22 09:50:11 +0200
committer: Christoph M. Becker <cmbecker69@gmx.de> 2019-10-22 09:50:11 +0200
commit: 36943dfff1041600d3716b7b379c12f4ce3f3a30 (patch)
tree: c819887ad0f680a037d58f996068a9064701eaf1
parent: c00fd843d74297e4b4a6b10ab66151a774690fc0 (diff)
download: php-git-36943dfff1041600d3716b7b379c12f4ce3f3a30.tar.gz
1 files changed, 3 insertions, 0 deletions
diff --git a/NEWS b/NEWS
index ae815659a3..25df4d6e99 100644
--- a/NEWS
+++ b/NEWS
@@ -40,10 +40,13 @@ PHP                                                                        NEWS
 	(Kalle)
 
 - FPM:
+  . Fixed bug #78599 (env_path_info underflow in fpm_main.c can lead to RCE).
+    (CVE-2019-11043) (Jakub Zelenka)
   . Fixed bug #78413 (request_terminate_timeout does not take effect after
     fastcgi_finish_request). (Sergei Turchanov)
 
 - MBString:
+  . Fixed bug #78633 (Heap buffer overflow (read) in mb_eregi). (cmb)
   . Fixed bug #78579 (mb_decode_numericentity: args number inconsistency).
     (cmb)
   . Fixed bug #78609 (mb_check_encoding() no longer supports stringable
author	Christoph M. Becker <cmbecker69@gmx.de>	2019-10-22 09:50:11 +0200
committer	Christoph M. Becker <cmbecker69@gmx.de>	2019-10-22 09:50:11 +0200
commit	36943dfff1041600d3716b7b379c12f4ce3f3a30 (patch)
tree	c819887ad0f680a037d58f996068a9064701eaf1
parent	c00fd843d74297e4b4a6b10ab66151a774690fc0 (diff)
download	php-git-36943dfff1041600d3716b7b379c12f4ce3f3a30.tar.gz