diff --git a/NEWS b/NEWS
index 8a2de0f7d2a..51f53327236 100644
--- a/NEWS
+++ b/NEWS
@@ -5,14 +5,6 @@ PHP                                                                        NEWS
 - CLI:
   . Fixed bug GH-9709 (Null pointer dereference with -w/-s options). (Adam Saponara)
 
-- GD:
-  . Fixed bug #81739: OOB read due to insufficient input validation in
-    imageloadfont(). (CVE-2022-31630) (cmb)
-
-- Hash:
-  . Fixed bug #81738: buffer overflow in hash_update() on long parameter. 
-    (CVE-2022-37454) (nicky at mouha dot be)
-
 - Core:
   . Fixed bug GH-9752 (Generator crashes when interrupted during argument
     evaluation with extra named params). (Arnaud)
@@ -39,6 +31,14 @@ PHP                                                                        NEWS
   . Fixed bug GH-8805 (finfo returns wrong mime type for woff/woff2 files).
     (Anatol)
 
+- GD:
+  . Fixed bug #81739: OOB read due to insufficient input validation in
+    imageloadfont(). (CVE-2022-31630) (cmb)
+
+- Hash:
+  . Fixed bug #81738: buffer overflow in hash_update() on long parameter.
+    (CVE-2022-37454) (nicky at mouha dot be)
+
 - MBString:
   - Fixed bug GH-9683 (Problem when ISO-2022-JP-MS is specified in
     mb_ encode_mimeheader). (Alex Dowad)