NEWS for 8.1.31 backports

remicollet · remicollet · commit b97a41a47f77 · 2024-11-22T15:33:27.000+01:00
(cherry picked from commit 22bdb43) (cherry picked from commit d8d682d)
diff --git a/NEWS b/NEWS
@@ -1,6 +1,30 @@
 PHP                                                                        NEWS
 |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
 
+Backported from 8.1.31
+
+- CLI:
+  . Fixed bug GHSA-4w77-75f9-2c8w (Heap-Use-After-Free in sapi_read_post_data
+    Processing in CLI SAPI Interface). (nielsdos)
+
+- LDAP:
+  . Fixed bug GHSA-g665-fm4p-vhff (OOB access in ldap_escape). (CVE-2024-8932)
+    (nielsdos)
+
+- PDO DBLIB:
+  . Fixed bug GHSA-5hqh-c84r-qjcv (Integer overflow in the dblib quoter causing
+    OOB writes). (CVE-2024-11236) (nielsdos)
+
+- PDO Firebird:
+  . Fixed bug GHSA-5hqh-c84r-qjcv (Integer overflow in the firebird quoter
+    causing OOB writes). (CVE-2024-11236) (nielsdos)
+
+- Streams:
+  . Fixed bug GHSA-c5f2-jwm7-mmq2 (Configuring a proxy in a stream context
+    might allow for CRLF injection in URIs). (CVE-2024-11234) (Jakub Zelenka)
+  . Fixed bug GHSA-r977-prxv-hc43 (Single byte overread with
+    convert.quoted-printable-decode filter). (CVE-2024-11233) (nielsdos)
+
 Backported from 8.1.30
 
 - CGI:
