diff --git a/Misc/NEWS b/Misc/NEWS
index c5d7e65bcb1..fd04cd11198 100644
--- a/Misc/NEWS
+++ b/Misc/NEWS
@@ -47,6 +47,10 @@ Library
 - Issue #23365: Fixed possible integer overflow in
   itertools.combinations_with_replacement.
 
+- Issue #21529 (CVE-2014-4616): Fix arbitrary memory access in
+  JSONDecoder.raw_decode with a negative second parameter. Bug reported by Guido
+  Vranken.
+
 C API
 -----
 
@@ -97,9 +101,6 @@ Library
 - Issue #21766: Prevent a security hole in CGIHTTPServer by URL unquoting paths
   before checking for a CGI script at that path.
 
-- Fix arbitrary memory access in JSONDecoder.raw_decode with a negative second
-  parameter. Bug reported by Guido Vranken.
-
 - Issue #20633: Replace relative import by absolute import.
 
 - Issue #21082: In os.makedirs, do not set the process-wide umask. Note this