From 4608e271ccf164e37f3b5dd67185f33459a5ce57 Mon Sep 17 00:00:00 2001
From: Stanislav Malyshev <smalyshev@gmail.com>
Date: Sun, 18 Aug 2013 14:45:19 -0700
Subject: [PATCH] add CVE for session fixation - CVE-2011-4718

---
 ChangeLog-5.php                  | 2 +-
 archive/entries/2013-08-16-1.xml | 2 +-
 releases/5_5_2.php               | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/ChangeLog-5.php b/ChangeLog-5.php
index a1007b212..6d87f94cf 100644
--- a/ChangeLog-5.php
+++ b/ChangeLog-5.php
@@ -53,7 +53,7 @@ function peclbugl($number)   { echo "<a href=\"http://pecl.php.net/bugs/bug.php?
 </ul></li>
 <li>Sessions:
 <ul>
-  <li>Implemented strict sessions RFC (https://wiki.php.net/rfc/strict_sessions) which protects against session fixation attacks and session collisions.</li>
+  <li>Implemented strict sessions RFC (https://wiki.php.net/rfc/strict_sessions) which protects against session fixation attacks and session collisions (CVE-2011-4718).</li>
   <li>Fixed possible buffer overflow under Windows. Note: Not a security fix.</li>
   <li>Changed session.auto_start to PHP_INI_PERDIR.</li>
 </ul></li>
diff --git a/archive/entries/2013-08-16-1.xml b/archive/entries/2013-08-16-1.xml
index 0f084c02f..809f2f9ca 100644
--- a/archive/entries/2013-08-16-1.xml
+++ b/archive/entries/2013-08-16-1.xml
@@ -11,7 +11,7 @@
   <content type="xhtml">
     <div xmlns="http://www.w3.org/1999/xhtml">
      <p>The PHP development team announces the immediate availability of PHP
-     5.5.2. About 20 bugs were fixed, including security issue in OpenSSL module (CVE-2013-4248).
+     5.5.2. About 20 bugs were fixed, including security issue in OpenSSL module (CVE-2013-4248) and session fixation problem (CVE-2011-4718).
      All users of PHP are encouraged to upgrade to this release.</p>
      
      <p>For source downloads of PHP 5.5.2 please visit our <a href="http://www.php.net/downloads.php">downloads page</a>,
diff --git a/releases/5_5_2.php b/releases/5_5_2.php
index 8c14e59e5..b59b0c3db 100644
--- a/releases/5_5_2.php
+++ b/releases/5_5_2.php
@@ -8,7 +8,7 @@ site_header("PHP 5.5.2 Release Announcement");
 <h1>PHP 5.5.2 Release Announcement</h1>
 
 <p>The PHP development team announces the immediate availability of PHP
-5.5.2. About 20 bugs were fixed, including security issue in OpenSSL module (CVE-2013-4248).
+5.5.2. About 20 bugs were fixed, including security issue in OpenSSL module (CVE-2013-4248) and session fixation problem (CVE-2011-4718).
 All users of PHP are encouraged to upgrade to this release.</p>
 
 <p>For source downloads of PHP 5.5.2 please visit our <a href="http://www.php.net/downloads.php">downloads page</a>,