Updated NEWS

Author: Julien Pauli

NEWS

@@ -64,13 +64,29 @@ PHP                                                                        NEWS
   . Fixed bug #68166 (Exception with invalid character causes segv). (Rasmus)
   . Fixed bug #69141 (Missing arguments in reflection info for some builtin
     functions). (kostyantyn dot lysyy at oracle dot com)
+  . Fixed bug #68976 (Use After Free Vulnerability in unserialize()). (Stas)
+  . Fixed bug #69134 (Per Directory Values overrides PHP_INI_SYSTEM
+    configuration options). (Anatol Belski)
+  . Fixed bug #69207 (move_uploaded_file allows nulls in path). (Stas)
+
+- CGI:
+  . Fixed bug #69015 (php-cgi's getopt does not see $argv). (Laruence)
+
+- CLI:
+  . Fixed bug #67741 (auto_prepend_file messes up __LINE__). (Reeze Xia)
 
 - cURL:
   . Fixed bug #69088 (PHP_MINIT_FUNCTION does not fully initialize cURL on
     Win32). (Grant Pannell)
   . Add CURLPROXY_SOCKS4A and CURLPROXY_SOCKS5_HOSTNAME constants if supported
     by libcurl. (Linus Unneback)
 
+- Ereg:
+  . Fixed bug #69248 (heap overflow vulnerability in regcomp.c). (Stas)
+
+- FPM:
+  . Fixed bug #68822 (request time is reset too early). (honghu069 at 163 dot com)
+
 - ODBC:
   . Fixed bug #68964 (Allowed memory size exhausted with odbc_exec). (Anatol)
 
@@ -101,14 +117,9 @@ PHP                                                                        NEWS
   . Fixed bug #68557 (RecursiveDirectoryIterator::seek(0) broken after 
     calling getChildren()). (Julien)
 
-- CGI:
-  . Fixed bug #69015 (php-cgi's getopt does not see $argv). (Laruence)
-
-- CLI:
-  . Fixed bug #67741 (auto_prepend_file messes up __LINE__). (Reeze Xia)
-
-- FPM:
-  . Fixed bug #68822 (request time is reset too early). (honghu069 at 163 dot com)
+- ZIP:
+  . Fixed bug #69253 (ZIP Integer Overflow leads to writing past heap
+    boundary) (CVE-2015-2331). (Stas)
 
 19 Feb 2015, PHP 5.5.22