update NEWS

Merge branch 'PHP-5.4' into PHP-5.4.44

* PHP-5.4:
Fixed bug #69892
Adjust Git-Rules

Fix bug #70019 - limit extracted files to given directory

Do not do convert_to_* on unserialize, it messes up references

Fix #69793 - limit what we accept when unserializing exception

Fixed bug #70169 (Use After Free Vulnerability in unserialize() with SplDoublyLinkedList)

Fixed bug #70166 - Use After Free Vulnerability in unserialize() with SPLArrayObject

ignore signatures for packages too

Fix bug #70168 - Use After Free Vulnerability in unserialize() with SplObjectStorage

Fixed bug #69892

Adjust Git-Rules

Fix bug #70014 - use RAND_bytes instead of deprecated RAND_pseudo_bytes

Improved fix for Bug #69441

Fix bug #70068 (Dangling pointer in the unserialization of ArrayObject items)

Fix bug #70121 (unserialize() could lead to unexpected methods execution / NULL pointer deref)

Fix bug #70081: check types for SOAP variables

5.4.44 next

Better fix for bug #69958

update news

Fix bug #69669 (mysqlnd is vulnerable to BACKRONYM)

Fix bug #69923 - Buffer overflow and stack smashing error in phar_fix_filepath

Fix bug #69958 - Segfault in Phar::convertToData on invalid file

add missing second argument for ucfirst to the proto

Merge branch 'pull-request/1350' into PHP-5.4

* pull-request/1350:
Move strlen() check to php_mail_detect_multiple_crlf()
Fixed Bug #69874 : Can't set empty additional_headers fo

Merge branch 'pull-request/1350' into PHP-5.4

* pull-request/1350:
Move strlen() check to php_mail_detect_multiple_crlf()
Fixed Bug #69874 : Can't set empty additional_headers for mail()

show more ...

updated NEWS