diff --git a/NEWS b/NEWS
index 05b398ecd6..6b34b13457 100644
--- a/NEWS
+++ b/NEWS
@@ -26,8 +26,9 @@ Version 2.21
 * CVE-2012-3406 printf-style functions could run into a stack overflow when
   processing format strings with a large number of format specifiers.
 
-* The nss_dns implementation of getnetbyname could run into an infinite loop
-  if the DNS response contained a PTR record of an unexpected format.
+* CVE-2014-9402 The nss_dns implementation of getnetbyname could run into an
+  infinite loop if the DNS response contained a PTR record of an unexpected
+  format.
 
 * The minimum GCC version that can be used to build this version of the GNU
   C Library is GCC 4.6.  Older GCC versions, and non-GNU compilers, can