From b67fc51859c00e884d96208cc55e076a3aea8f89 Mon Sep 17 00:00:00 2001
From: "Christoph M. Becker" <cmbecker69@gmx.de>
Date: Tue, 21 Jan 2020 11:31:14 +0100
Subject: [PATCH] Update NEWS wrt. sec fixes

---
 NEWS | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/NEWS b/NEWS
index f506b78b4ee..e670c3f999f 100644
--- a/NEWS
+++ b/NEWS
@@ -48,6 +48,10 @@ PHP                                                                        NEWS
 - Libxml:
   . Fixed bug #79029 (Use After Free's in XMLReader / XMLWriter). (Laruence)
 
+- Mbstring:
+  . Fixed bug #79037 (global buffer-overflow in `mbfl_filt_conv_big5_wchar`). 
+    (CVE-2020-7060) (Nikita)
+
 - OPcache:
   . Fixed bug #79040 (Warning Opcode handlers are unusable due to ASLR). (cmb)
 
@@ -63,10 +67,14 @@ PHP                                                                        NEWS
   . Fixed bug #78982 (pdo_pgsql returns dead persistent connection). (SATŌ
     Kentarō)
 
+- Session:
+  . Fixed bug #79091 (heap use-after-free in session_create_id()). (cmb, Nikita)
+
 - Shmop:
   . Fixed bug #78538 (shmop memory leak). (cmb)
 
 - Standard:
+  . Fixed bug #79099 (OOB read in php_strip_tags_ex). (CVE-2020-7059). (cmb)
   . Fixed bug #54298 (Using empty additional_headers adding extraneous CRLF).
     (cmb)