From 6f586ef90fcf8fd8a31cfd7592d4df0cb454d212 Mon Sep 17 00:00:00 2001
From: Derick Rethans <github@derickrethans.nl>
Date: Tue, 27 Sep 2022 14:10:02 +0100
Subject: [PATCH] Add CVEs

---
 NEWS | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/NEWS b/NEWS
index 2a2a74ae3c7..cdb694bfa59 100644
--- a/NEWS
+++ b/NEWS
@@ -3,9 +3,10 @@ PHP                                                                        NEWS
 29 Sep 2022, PHP 7.4.31
 
 - Core:
-  . Fixed bug #81726: phar wrapper: DOS when using quine gzip file. (cmb)
+  . Fixed bug #81726: phar wrapper: DOS when using quine gzip file.
+    (CVE-2022-31628). (cmb)
   . Fixed bug #81727: Don't mangle HTTP variable names that clash with ones
-    that have a specific semantic meaning. (Derick)
+    that have a specific semantic meaning. (CVE-2022-31629). (Derick)
 
 09 Jun 2022, PHP 7.4.30