Commit 735748f5d72 for php.net

commit 735748f5d72cb835c46f785eee2fc32fe5a1dccf
Author: Remi Collet <remi@php.net>
Date:   Wed Jul 8 09:02:00 2026 +0200

    [ci skip] add CVE ref

diff --git a/NEWS b/NEWS
index 2f00f144fbb..e6178c04c98 100644
--- a/NEWS
+++ b/NEWS
@@ -140,7 +140,7 @@ PHP                                                                        NEWS

 - OpenSSL:
   . Fixed bug GH-22187 (Memory corruption (zend_mm_heap corrupted) in
-    openssl_encrypt with AES-WRAP-PAD). (David Carlier)
+    openssl_encrypt with AES-WRAP-PAD). (CVE-2026-14355) (David Carlier)

 - Phar:
   . Fixed a bypass of the magic ".phar" directory protection in
@@ -327,7 +327,7 @@ PHP                                                                        NEWS

 - Streams:
   . Fixed bug GH-21468 (Segfault in file_get_contents w/ a https URL
-    and a proxy set). (ndossche)
+    and a proxy set). (CVE-2026-12184) (ndossche)

 - URI:
   . Fixed CVE-2026-42371 (uriparser before 1.0.1 has numeric truncation in