update NEWS

NEWS

@@ -1,13 +1,42 @@
 PHP                                                                        NEWS
 |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
-?? ??? 2015 PHP 5.4.40
+16 Apr 2015 PHP 5.4.40
+
+- Apache2handler:
+  . Fixed bug #69218 (potential remote code execution with apache 2.4
+    apache2handler). (Gerrit Venema)
+
+- Core:
+  . Additional fix for bug #69152 (Type confusion vulnerability in
+    exception::getTraceAsString). (Stas)
+  . Fixed bug #69337 (php_stream_url_wrap_http_ex() type-confusion
+    vulnerability). (Stas)
+  . Fixed bug #69353 (Missing null byte checks for paths in various PHP
+    extensions). (Stas)
+
+- cURL:
+  . Fixed bug #69316 (Use-after-free in php_curl related to
+    CURLOPT_FILE/_INFILE/_WRITEHEADER). (Laruence)
 
 - Ereg:
   . Fixed bug #68740 (NULL Pointer Dereference). (Laruence)
 
+- Fileinfo:
+  . Fixed bug #68819 (Fileinfo on specific file causes spurious OOM and/or
+    segfault). (Anatol Belski)
+
 - GD:
   . Fixed bug #68601 (buffer read overflow in gd_gif_in.c). (Remi)
 
+- Phar:
+  . Fixed bug #68901 (use after free). (bugreports at internot dot info)
+  . Fixed bug #69324 (Buffer Over-read in unserialize when parsing Phar). (Stas)
+  . Fixed bug #69441 (Buffer Overflow when parsing tar/zip/phar in
+    phar_set_inode). (Stas)
+
+- Postgres:
+  . Fixed bug #68741 (Null pointer deference) (CVE-2015-1352). (Xinchen Hui)
+
 - SOAP:
   . Fixed bug #69152 (Type Confusion Infoleak Vulnerability in unserialize()
     with SoapFault). (Dmitry)
@@ -15,12 +44,6 @@ PHP                                                                        NEWS
 - Sqlite3:
   . Fixed bug #66550 (SQLite prepared statement use-after-free). (Sean Heelan)
 
-- Phar:
-  . Fixed bug #68901 (use after free). (bugreports at internot dot info)
-
-- Postgres:
-  . Fixed bug #68741 (Null pointer deference) (CVE-2015-1352). (Xinchen Hui)
-
 19 Mar 2015 PHP 5.4.39
 
 - Core: