From 8a3145fee280134cd4466d99f0cbd897695aec99 Mon Sep 17 00:00:00 2001
From: Lior Kaplan <kaplanlior@gmail.com>
Date: Wed, 25 Jan 2017 01:43:33 +0200
Subject: [PATCH] Add CVE ID to bugs #73825 (PHP 5.6.30, 7.0.15 and 7.1.1) and
 #73831 (PHP 7.0.15 and 7.1.1)

---
 ChangeLog-5.php | 2 +-
 ChangeLog-7.php | 8 ++++----
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/ChangeLog-5.php b/ChangeLog-5.php
index 871196951..44f2910b5 100644
--- a/ChangeLog-5.php
+++ b/ChangeLog-5.php
@@ -38,7 +38,7 @@ site_header("PHP 5 ChangeLog", array("current" => "docs", "css" => array("change
 <li>Standard:
 <ul>
   <li><?php bugfix(70213); ?> (Unserialize context shared on double class lookup).</li>
-  <li><?php bugfix(73825); ?> (Heap out of bounds read on unserialize in finish_nested_data()).</li>
+  <li><?php bugfix(73825); ?> (Heap out of bounds read on unserialize in finish_nested_data()). (CVE-2016-10161)</li>
 </ul></li>
 </ul>
 <!-- }}} --></section>
diff --git a/ChangeLog-7.php b/ChangeLog-7.php
index 4d6ffc3e7..6912a55e6 100644
--- a/ChangeLog-7.php
+++ b/ChangeLog-7.php
@@ -16,8 +16,8 @@ site_header("PHP 7 ChangeLog", array("current" => "docs", "css" => array("change
   <li><?php bugfix(73663); ?> ("Invalid opcode 65/16/8" occurs with a variable created with list()).</li>
   <li><?php bugfix(73585); ?> (Logging of "Internal Zend error - Missing class information" missing class name).</li>
   <li><?php bugfix(73753); ?> (unserialized array pointer not advancing).</li>
-  <li><?php bugfix(73825); ?> (Heap out of bounds read on unserialize in finish_nested_data()).</li>
-  <li><?php bugfix(73831); ?> (NULL Pointer Dereference while unserialize php object).</li>
+  <li><?php bugfix(73825); ?> (Heap out of bounds read on unserialize in finish_nested_data()). (CVE-2016-10161)</li>
+  <li><?php bugfix(73831); ?> (NULL Pointer Dereference while unserialize php object). (CVE-2016-10162)</li>
   <li><?php bugfix(73832); ?> (Use of uninitialized memory in unserialize()).</li>
   <li><?php bugfix(73092); ?> (Unserialize use-after-free when resizing object's properties hash table).</li>
   <li><?php bugfix(69425); ?> (Use After Free in unserialize()).</li>
@@ -114,8 +114,8 @@ site_header("PHP 7 ChangeLog", array("current" => "docs", "css" => array("change
 		<li><?php bugfix(73727); ?> (ZEND_MM_BITSET_LEN is "undefined symbol" in zend_bitset.h).</li>
 		<li><?php bugfix(73753); ?> (unserialized array pointer not advancing).</li>
 		<li><?php bugfix(73783); ?> (SIG_IGN doesn't work when Zend Signals is enabled).</li>
-		<li><?php bugfix(73825); ?> (Heap out of bounds read on unserialize in finish_nested_data()).</li>
-		<li><?php bugfix(73831); ?> (NULL Pointer Dereference while unserialize php object).</li>
+		<li><?php bugfix(73825); ?> (Heap out of bounds read on unserialize in finish_nested_data()). (CVE-2016-10161)</li>
+		<li><?php bugfix(73831); ?> (NULL Pointer Dereference while unserialize php object). (CVE-2016-10162)</li>
 		<li><?php bugfix(73832); ?> (Use of uninitialized memory in unserialize()).</li>
 	</ul>
 	</li>