1 files changed, 27 insertions, 26 deletions

diff --git a/NEWS b/NEWS
index 0041bcf1fa..07ea9c2738 100644
--- a/NEWS
+++ b/NEWS
@@ -1,31 +1,11 @@
 PHP                                                                        NEWS
 |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
-15 Aug 2013, PHP 5.5.2
-
-- Core:
-  . Fixed bug #62691 (solaris sed has no -i switch). (Chris Jones)
-  . Fixed bug #61345 (CGI mode - make install don't work). (Michael Heimpold)
-  . Fixed bug #61268 (--enable-dtrace leads make to clobber
-    Zend/zend_dtrace.d) (Chris Jones)
-
-- DOM:
-  . Added flags option to DOMDocument::schemaValidate() and 
-    DOMDocument::schemaValidateSource(). Added LIBXML_SCHEMA_CREATE flag. 
-    (Chris Wright)
+22 Aug 2013, PHP 5.5.3
 
-- Sessions:
-  . Implemented strict sessions RFC (https://wiki.php.net/rfc/strict_sessions)
-    which protects against session fixation attacks and session collisions.    
-    (Yasuo Ohgaki)
-  . Fixed possible buffer overflow under Windows. Note: Not a security fix.
-    (Yasuo)
-  . Changed session.auto_start to PHP_INI_PERDIR. (Yasuo)
-
-- Pgsql:
-  . Fixed bug #62978 (Disallow possible SQL injections with pg_select()/pg_update()
-    /pg_delete()/pg_insert()). (Yasuo)
+- Openssl:
+  . Fixed UMR in fix for CVE-2013-4248.
 
-?? ??? 2013, PHP 5.5.2
+15 Aug 2013, PHP 5.5.2
 
 - Core:
   . Fixed bug #65372 (Segfault in gc_zval_possible_root when return reference
@@ -36,26 +16,47 @@ PHP                                                                        NEWS
   . Fixed bug #65304 (Use of max int in array_sum). (Laruence)
   . Fixed bug #65291 (get_defined_constants() causes PHP to crash in a very
     limited case). (Arpad)
+  . Fixed bug #62691 (solaris sed has no -i switch). (Chris Jones)
+  . Fixed bug #61345 (CGI mode - make install don't work). (Michael Heimpold)
+  . Fixed bug #61268 (--enable-dtrace leads make to clobber
+    Zend/zend_dtrace.d) (Chris Jones)
+
+- DOM:
+  . Added flags option to DOMDocument::schemaValidate() and 
+    DOMDocument::schemaValidateSource(). Added LIBXML_SCHEMA_CREATE flag. 
+    (Chris Wright)
 
 - OPcache:
   . Added opcache.restrict_api configuration directive that may limit
-    usage of OPcahce API functions only to patricular script(s). (Dmitry)
+    usage of OPcache API functions only to particular script(s). (Dmitry)
   . Added support for glob symbols in blacklist entries (?, *, **).
     (Terry Elison, Dmitry)
   . Fixed bug #65338 (Enabling both php_opcache and php_wincache AVs on
     shutdown). (Dmitry)
 
 - Openssl:
-  . Fixed handling null bytes in subjectAltName (CVE-2013-4073).
+  . Fixed handling null bytes in subjectAltName (CVE-2013-4248).
     (Christian Heimes)
 
 - PDO_mysql:
   . Fixed bug #65299 (pdo mysql parsing errors). (Johannes)
 
+- Pgsql:
+  . Fixed bug #62978 (Disallow possible SQL injections with pg_select()/pg_update()
+    /pg_delete()/pg_insert()). (Yasuo)
+
 - Phar:
   . Fixed bug #65028 (Phar::buildFromDirectory creates corrupt archives for 
     some specific contents). (Stas)
 
+- Sessions:
+  . Implemented strict sessions RFC (https://wiki.php.net/rfc/strict_sessions)
+    which protects against session fixation attacks and session collisions.    
+    (CVE-2011-4718). (Yasuo Ohgaki)
+  . Fixed possible buffer overflow under Windows. Note: Not a security fix.
+    (Yasuo)
+  . Changed session.auto_start to PHP_INI_PERDIR. (Yasuo)
+
 - SOAP:
   . Fixed bug #65018 (SoapHeader problems with SoapServer). (Dmitry)