From c48a9f42d336dc22e72141775022f4588ab4b2dd Mon Sep 17 00:00:00 2001
From: Jakub Zelenka <bukka@php.net>
Date: Fri, 12 Dec 2025 13:49:02 +0100
Subject: [PATCH] Update NEWS with info about security issues

---
 NEWS | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/NEWS b/NEWS
index 998b5d97d63..6ac638073fa 100644
--- a/NEWS
+++ b/NEWS
@@ -10,6 +10,18 @@ PHP                                                                        NEWS
   . Reset global pointers to prevent use-after-free in zend_jit_status().
     (Florian Engelhardt)
 
+- PDO:
+  . Fixed GHSA-8xr5-qppj-gvwj (PDO quoting result null deref). (CVE-2025-14180)
+    (Jakub Zelenka)
+
+- Standard:
+  . Fixed GHSA-www2-q4fc-65wf (Null byte termination in dns_get_record()).
+    (ndossche)
+  . Fixed GHSA-h96m-rvf9-jgm2 (Heap buffer overflow in array_merge()).
+    (CVE-2025-14178) (ndossche)
+  . Fixed GHSA-3237-qqm7-mfv7 (Information Leak of Memory in getimagesize).
+    (CVE-2025-14177) (ndossche)
+
 03 Jul 2025, PHP 8.1.33
 
 - PGSQL: