Update NEWS with info about security issues

bukka · bukka · commit c48a9f42d336 · 2025-12-16T15:26:59.000+01:00
diff --git a/NEWS b/NEWS
@@ -10,6 +10,18 @@ PHP                                                                        NEWS
   . Reset global pointers to prevent use-after-free in zend_jit_status().
     (Florian Engelhardt)
 
+- PDO:
+  . Fixed GHSA-8xr5-qppj-gvwj (PDO quoting result null deref). (CVE-2025-14180)
+    (Jakub Zelenka)
+
+- Standard:
+  . Fixed GHSA-www2-q4fc-65wf (Null byte termination in dns_get_record()).
+    (ndossche)
+  . Fixed GHSA-h96m-rvf9-jgm2 (Heap buffer overflow in array_merge()).
+    (CVE-2025-14178) (ndossche)
+  . Fixed GHSA-3237-qqm7-mfv7 (Information Leak of Memory in getimagesize).
+    (CVE-2025-14177) (ndossche)
+
 03 Jul 2025, PHP 8.1.33
 
 - PGSQL:
