[ci skip] Update NEWS

author: Stanislav Malyshev <stas@php.net> 2020-03-15 19:35:35 -0700
committer: Stanislav Malyshev <stas@php.net> 2020-03-16 22:40:00 -0700
commit: e71fa03107bb7c11066420bf50c418cff1ca504f (patch)
tree: a8c5b111447db7de387e9582f9c59eb0604b9e4d
parent: 62e7b80267ac50364c0d74d3cd567da90639534b (diff)
download: php-git-e71fa03107bb7c11066420bf50c418cff1ca504f.tar.gz
1 files changed, 10 insertions, 0 deletions
diff --git a/NEWS b/NEWS
index 32db597c9b..835e7896ed 100644
--- a/NEWS
+++ b/NEWS
@@ -4,11 +4,21 @@ PHP                                                                        NEWS
 
 - Core:
   . Fixed bug #79364 (When copy empty array, next key is unspecified). (cmb)
+  . Fixed bug #79329 (get_headers() silently truncates after a null byte) 
+    (CVE-2020-7066) (cmb)
   . Fixed bug #78210 (Invalid pointer address). (cmb, Nikita)
 
 - CURL:
   . Fixed bug #79199 (curl_copy_handle() memory leak). (cmb)
 
+- EXIF:
+  . Fixed bug #79282 (Use-of-uninitialized-value in exif) (CVE-2020-7064)
+    (Nikita)
+
+- MBstring:
+  . Fixed bug #79371 (mb_strtolower (UTF-32LE): stack-buffer-overflow at 
+    php_unicode_tolower_full) (CVE-2020-7065) (cmb)
+
 - SimpleXML:
   . Fixed bug #61597 (SXE properties may lack attributes and content). (cmb)
author	Stanislav Malyshev <stas@php.net>	2020-03-15 19:35:35 -0700
committer	Stanislav Malyshev <stas@php.net>	2020-03-16 22:40:00 -0700
commit	e71fa03107bb7c11066420bf50c418cff1ca504f (patch)
tree	a8c5b111447db7de387e9582f9c59eb0604b9e4d
parent	62e7b80267ac50364c0d74d3cd567da90639534b (diff)
download	php-git-e71fa03107bb7c11066420bf50c418cff1ca504f.tar.gz