Update NEWS

1 files changed, 15 insertions, 1 deletions

diff --git a/NEWS b/NEWS
index 1420b035c3..1ae8dc9aed 100644
--- a/NEWS
+++ b/NEWS
@@ -1,9 +1,11 @@
 PHP                                                                        NEWS
 |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
 
-05 Mar 2020, PHP 7.4.4RC1
+?? ??? ????, PHP 7.4.4RC1
 
 - Core:
+  . Fixed bug #79329 (get_headers() silently truncates after a null byte)
+    (CVE-2020-7066) (cmb)
   . Fixed bug #79244 (php crashes during parsing INI file). (Laruence)
   . Fixed bug #63206 (restore_error_handler does not restore previous errors
     mask). (Mark Plomer)
@@ -34,11 +36,23 @@ PHP                                                                        NEWS
   . Fixed bug #79311 (enchant_dict_suggest() fails on big endian architecture).
     (cmb)
 
+- EXIF:
+  . Fixed bug #79282 (Use-of-uninitialized-value in exif) (CVE-2020-7064)
+    (Nikita)
+
+- Fileinfo:
+  . Fixed bug #79283 (Segfault in libmagic patch contains a buffer
+    overflow) (cmb)
+
 - FPM:
   . Fixed bug #77653 (operator displayed instead of the real error message).
     (Jakub Zelenka)
   . Fixed bug #79014 (PHP-FPM & Primary script unknown). (Jakub Zelenka)
 
+- MBstring:
+  . Fixed bug #79371 (mb_strtolower (UTF-32LE): stack-buffer-overflow at
+    php_unicode_tolower_full) (CVE-2020-7065) (cmb)
+
 - MySQLi:
   . Fixed bug #64032 (mysqli reports different client_version). (cmb)