diff --git a/NEWS b/NEWS
index 1191d932b6f..8a2de0f7d2a 100644
--- a/NEWS
+++ b/NEWS
@@ -5,6 +5,14 @@ PHP                                                                        NEWS
 - CLI:
   . Fixed bug GH-9709 (Null pointer dereference with -w/-s options). (Adam Saponara)
 
+- GD:
+  . Fixed bug #81739: OOB read due to insufficient input validation in
+    imageloadfont(). (CVE-2022-31630) (cmb)
+
+- Hash:
+  . Fixed bug #81738: buffer overflow in hash_update() on long parameter. 
+    (CVE-2022-37454) (nicky at mouha dot be)
+
 - Core:
   . Fixed bug GH-9752 (Generator crashes when interrupted during argument
     evaluation with extra named params). (Arnaud)