Prepare NEWS for 7.4.21

derickr · derickr · commit 3fb79c2b6e8e · 2021-06-29T16:15:22.000+01:00
diff --git a/NEWS b/NEWS
@@ -1,6 +1,6 @@
 PHP                                                                        NEWS
 |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
-17 Jun 2021, PHP 7.4.21RC1
+?? ??? 2021, PHP 7.4.21
 
 - Core:
   . Fixed bug #81068 (Double free in realpath_cache_clean()). (Dimitry Andric)
@@ -9,6 +9,8 @@ PHP                                                                        NEWS
     (Nikita)
   . Fixed bug #81070 (Integer underflow in memory limit comparison).
     (Peter van Dommelen)
+  . Fixed bug #81122 (SSRF bypass in FILTER_VALIDATE_URL).
+    (CVE-2021-21705) (cmb)
 
 - Bzip2:
   . Fixed bug #81092 (fflush before stream_filter_remove corrupts stream).
@@ -18,6 +20,16 @@ PHP                                                                        NEWS
   . Fixed bug #76694 (native Windows cert verification uses CN as sever name).
     (cmb)
 
+- PDO_Firebird:
+  . Fixed bug #76448 (Stack buffer overflow in firebird_info_cb).
+    (CVE-2021-21704) (cmb)
+  . Fixed bug #76449 (SIGSEGV in firebird_handle_doer).
+    (CVE-2021-21704) (cmb)
+  . Fixed bug #76450 (SIGSEGV in firebird_stmt_execute).
+    (CVE-2021-21704) (cmb)
+  . Fixed bug #76452 (Crash while parsing blob data in firebird_fetch_blob).
+    (CVE-2021-21704) (cmb)
+
 - Standard:
   . Fixed bug #81048 (phpinfo(INFO_VARIABLES) "Array to string conversion").
     (cmb)
