Update NEWS

smalyshev · Gabriel Caruso · commit b7cbb6c53f93 · 2022-10-25T10:59:05.000+02:00
diff --git a/NEWS b/NEWS
@@ -2,9 +2,16 @@ PHP                                                                        NEWS
 |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
 ?? ??? ????, PHP 8.0.26
 
+- Hash:
+  . Fixed bug #81738: buffer overflow in hash_update() on long parameter. 
+    (CVE-2022-37454) (nicky at mouha dot be)
 
 13 Oct 2022, PHP 8.0.25RC1
 
+- GD:
+  . Fixed bug #81739: OOB read due to insufficient input validation in
+    imageloadfont(). (CVE-2022-31630) (cmb)
+
 - Session:
   . Fixed bug GH-9583 (session_create_id() fails with user defined save handler
     that doesn't have a validateId() method). (Girgias)
