diff --git a/NEWS b/NEWS
index d7104a363ee..6a56ddf70fb 100644
--- a/NEWS
+++ b/NEWS
@@ -8,7 +8,6 @@ PHP                                                                        NEWS
   . Fixed bug #67626 (User exceptions not properly handled in streams). 
     (Julian)
   . Fixed bug #68917 (parse_url fails on some partial urls). (Wei Dai)
-  . Fixed bug #68976 (Use After Free Vulnerability in unserialize()). (Stas)
   . Fixed bug #69134 (Per Directory Values overrides PHP_INI_SYSTEM
     configuration options). (Anatol Belski)
   . Fixed bug #69207 (move_uploaded_file allows nulls in path). (Stas)
@@ -56,7 +55,8 @@ PHP                                                                        NEWS
   . Fixed bug #68166 (Exception with invalid character causes segv). (Rasmus)
   . Fixed bug #69141 (Missing arguments in reflection info for some builtin
     functions). (kostyantyn dot lysyy at oracle dot com)
-  . Fixed bug #68976 (Use After Free Vulnerability in unserialize()). (Stas)
+  . Fixed bug #68976 (Use After Free Vulnerability in unserialize()).
+    (CVE-2015-0231) (Stas)
   . Fixed bug #69134 (Per Directory Values overrides PHP_INI_SYSTEM
     configuration options). (Anatol Belski)
   . Fixed bug #69207 (move_uploaded_file allows nulls in path). (Stas)