Update NEWS with info about security issues

2026-03-24 00:02:20 +01:00 · 2025-12-12 13:49:02 +01:00
parent ed70b1ea43
commit c48a9f42d3
1 changed files with 12 additions and 0 deletions
--- a/12
+++ b/12
@@ -10,6 +10,18 @@ PHP                                                                        NEWS
  . Reset global pointers to prevent use-after-free in zend_jit_status().
    (Florian Engelhardt)

+- PDO:
+  . Fixed GHSA-8xr5-qppj-gvwj (PDO quoting result null deref). (CVE-2025-14180)
+    (Jakub Zelenka)
+
+- Standard:
+  . Fixed GHSA-www2-q4fc-65wf (Null byte termination in dns_get_record()).
+    (ndossche)
+  . Fixed GHSA-h96m-rvf9-jgm2 (Heap buffer overflow in array_merge()).
+    (CVE-2025-14178) (ndossche)
+  . Fixed GHSA-3237-qqm7-mfv7 (Information Leak of Memory in getimagesize).
+    (CVE-2025-14177) (ndossche)
+
 03 Jul 2025, PHP 8.1.33

 - PGSQL: