diff --git a/Misc/NEWS b/Misc/NEWS
index 88ef91ead0a..935b0672c54 100644
--- a/Misc/NEWS
+++ b/Misc/NEWS
@@ -15,14 +15,14 @@ Core and Builtins
   service attacks due to hash collisions within the dict and set types.  Patch
   by David Malcolm, based on work by Victor Stinner.
 
+Library
+-------
+
 - Issue #14234: CVE-2012-0876: Randomize hashes of xml attributes in the hash
   table internal to the pyexpat module's copy of the expat library to avoid a
   denial of service due to hash collisions.  Patch by David Malcolm with some
   modifications by the expat project.
 
-Library
--------
-
 - Issue #14001: CVE-2012-0845: xmlrpc: Fix an endless loop in
   SimpleXMLRPCServer upon malformed POST request.