diff --git a/NEWS b/NEWS
index 6531e35b457..4a0af3c911c 100644
--- a/NEWS
+++ b/NEWS
@@ -117,6 +117,8 @@ PHP                                                                        NEWS
     partial CVE-2022-31629 fix). (CVE-2024-2756) (nielsdos)
   . Fixed bug GHSA-h746-cjrr-wfmr (password_verify can erroneously return true,
     opening ATO risk). (CVE-2024-3096) (Jakub Zelenka)
+  . Fixed bug GHSA-fjp9-9hwx-59fq (mb_encode_mimeheader runs endlessly for some
+    inputs). (CVE-2024-2757) (Alex Dowad)
 
 14 Mar 2024, PHP 8.3.4