Commit 735748f5d72 for php.net
commit 735748f5d72cb835c46f785eee2fc32fe5a1dccf
Author: Remi Collet <remi@php.net>
Date: Wed Jul 8 09:02:00 2026 +0200
[ci skip] add CVE ref
diff --git a/NEWS b/NEWS
index 2f00f144fbb..e6178c04c98 100644
--- a/NEWS
+++ b/NEWS
@@ -140,7 +140,7 @@ PHP NEWS
- OpenSSL:
. Fixed bug GH-22187 (Memory corruption (zend_mm_heap corrupted) in
- openssl_encrypt with AES-WRAP-PAD). (David Carlier)
+ openssl_encrypt with AES-WRAP-PAD). (CVE-2026-14355) (David Carlier)
- Phar:
. Fixed a bypass of the magic ".phar" directory protection in
@@ -327,7 +327,7 @@ PHP NEWS
- Streams:
. Fixed bug GH-21468 (Segfault in file_get_contents w/ a https URL
- and a proxy set). (ndossche)
+ and a proxy set). (CVE-2026-12184) (ndossche)
- URI:
. Fixed CVE-2026-42371 (uriparser before 1.0.1 has numeric truncation in