update NEWS to match the actual stuff in 5.5.22

author: Ferenc Kovacs <tyrael@php.net> 2015-02-18 20:08:46 +0100
committer: Ferenc Kovacs <tyrael@php.net> 2015-02-18 20:08:46 +0100
commit: 3d777c8068990fa0bb1072e125073e79c8b96088 (patch)
tree: 87eb7fb8f8400df8e92f2101c09937d31945ca99
parent: 24be46323b288ecb5c588fcef86bc9a8ffa05024 (diff)
download: php-git-3d777c8068990fa0bb1072e125073e79c8b96088.tar.gz
1 files changed, 2 insertions, 3 deletions
diff --git a/NEWS b/NEWS
index eeccd81929..c224345185 100644
--- a/NEWS
+++ b/NEWS
@@ -7,7 +7,8 @@ PHP                                                                        NEWS
     callback). (Mike)
   . Fixed bug #69017 (Fail to push to the empty array with the constant value
     defined in class scope). (Laruence)
-  . Added NULL byte protection to exec, system and passthru. (Yasuo)
+  . Fixed bug #68986 (pointer returned by php_stream_fopen_temporary_file
+    not validated in memory.c). (nayana at ddproperty dot com)
 
 - ODBC:
   . Fixed bug #68964 (Allowed memory size exhausted with odbc_exec). (Anatol)
@@ -38,8 +39,6 @@ PHP                                                                        NEWS
 - Core:
   . Removed support for multi-line headers, as the are deprecated by RFC 7230.
     (Stas)
-  . Fixed bug #68986 (pointer returned by php_stream_fopen_temporary_file
-    not validated in memory.c). (nayana at ddproperty dot com)
   . Fixed bug #67068 (getClosure returns somethings that's not a closure). 
     (Danack at basereality dot com)
   . Fixed bug #68942 (Use after free vulnerability in unserialize() with
author	Ferenc Kovacs <tyrael@php.net>	2015-02-18 20:08:46 +0100
committer	Ferenc Kovacs <tyrael@php.net>	2015-02-18 20:08:46 +0100
commit	3d777c8068990fa0bb1072e125073e79c8b96088 (patch)
tree	87eb7fb8f8400df8e92f2101c09937d31945ca99
parent	24be46323b288ecb5c588fcef86bc9a8ffa05024 (diff)
download	php-git-3d777c8068990fa0bb1072e125073e79c8b96088.tar.gz