1 files changed, 8 insertions, 10 deletions

diff --git a/NEWS b/NEWS
index 9c22f96c1d..b56bb2134f 100644
--- a/NEWS
+++ b/NEWS
@@ -29,16 +29,6 @@ PHP                                                                        NEWS
   . Fixed bug #79257 (Duplicate named groups (?J) prefer last alternative even
     if not matched). (Nikita)
 
-- Phar:
-  . Fixed bug #79082 (Files added to tar with Phar::buildFromIterator have
-    all-access permissions). (CVE-2020-7063) (stas)
-  . Fixed bug #79171 (heap-buffer-overflow in phar_extract_file).
-    (CVE-	2020-7061) (cmb)
-
-- Session:
-  . Fixed bug #79221 (Null Pointer Dereference in PHP Session Upload Progress).
-    (CVE-2020-7062) (stas)
-
 - Standard:
   . Fixed bug #79254 (getenv() w/o arguments not showing changes). (cmb)
 
@@ -97,12 +87,20 @@ PHP                                                                        NEWS
   . Fixed bug #79145 (openssl memory leak). (cmb, Nikita)
 
 - Phar:
+  . Fixed bug #79082 (Files added to tar with Phar::buildFromIterator have
+    all-access permissions). (CVE-2020-7063) (stas)
+  . Fixed bug #79171 (heap-buffer-overflow in phar_extract_file).
+    (CVE-	2020-7061) (cmb)
   . Fixed bug #76584 (PharFileInfo::decompress not working). (cmb)
 
 - Reflection:
   . Fixed bug #79115 (ReflectionClass::isCloneable call reflected class
     __destruct). (Nikita)
 
+- Session:
+  . Fixed bug #79221 (Null Pointer Dereference in PHP Session Upload Progress).
+    (CVE-2020-7062) (stas)
+
 - Standard:
   . Fixed bug #78902 (Memory leak when using stream_filter_append). (liudaixiao)
   . Fixed bug #78969 (PASSWORD_DEFAULT should match PASSWORD_BCRYPT instead of being null). (kocsismate)