diff --git a/NEWS b/NEWS
index cc469dd4d01..948dcdc50db 100644
--- a/NEWS
+++ b/NEWS
@@ -54,7 +54,7 @@ PHP                                                                        NEWS
 - Sessions:
   . Implemented strict sessions RFC (https://wiki.php.net/rfc/strict_sessions)
     which protects against session fixation attacks and session collisions.    
-    (Yasuo Ohgaki)
+    (CVE-2011-4718). (Yasuo Ohgaki)
   . Fixed possible buffer overflow under Windows. Note: Not a security fix.
     (Yasuo)
   . Changed session.auto_start to PHP_INI_PERDIR. (Yasuo)