Update NEWS file

ericmann · ericmann · commit 9df068821b7c · 2024-04-09T13:49:09.000-07:00
diff --git a/NEWS b/NEWS
@@ -57,6 +57,14 @@ PHP                                                                        NEWS
     (SakiTakamachi)
   . Fixed bug GH-13203 (file_put_contents fail on strings over 4GB on Windows).
     (divinity76)
+  . Fixed bug GHSA-pc52-254m-w9w7 (Command injection via array-ish $command
+    parameter of proc_open). (CVE-2024-1874) (Jakub Zelenka)
+  . Fixed bug GHSA-wpj3-hf5j-x4v4 (__Host-/__Secure- cookie bypass due to
+    partial CVE-2022-31629 fix). (CVE-2024-2756) (nielsdos)
+  . Fixed bug GHSA-h746-cjrr-wfmr (password_verify can erroneously return true,
+    opening ATO risk). (CVE-2024-3096) (Jakub Zelenka)
+    Fixed bug GHSA-fjp9-9hwx-59fq (mb_encode_mimeheader runs endlessly for some
+    inputs). (CVE-2024-2757) (Alex Dowad)
 
 14 Mar 2024, PHP 8.3.4
 
