Commit c48a9f42d33 for php.net

commit c48a9f42d336dc22e72141775022f4588ab4b2dd
Author: Jakub Zelenka <bukka@php.net>
Date:   Fri Dec 12 13:49:02 2025 +0100

    Update NEWS with info about security issues

diff --git a/NEWS b/NEWS
index 998b5d97d63..6ac638073fa 100644
--- a/NEWS
+++ b/NEWS
@@ -10,6 +10,18 @@ PHP                                                                        NEWS
   . Reset global pointers to prevent use-after-free in zend_jit_status().
     (Florian Engelhardt)

+- PDO:
+  . Fixed GHSA-8xr5-qppj-gvwj (PDO quoting result null deref). (CVE-2025-14180)
+    (Jakub Zelenka)
+
+- Standard:
+  . Fixed GHSA-www2-q4fc-65wf (Null byte termination in dns_get_record()).
+    (ndossche)
+  . Fixed GHSA-h96m-rvf9-jgm2 (Heap buffer overflow in array_merge()).
+    (CVE-2025-14178) (ndossche)
+  . Fixed GHSA-3237-qqm7-mfv7 (Information Leak of Memory in getimagesize).
+    (CVE-2025-14177) (ndossche)
+
 03 Jul 2025, PHP 8.1.33

 - PGSQL: