diff --git a/NEWS b/NEWS
index f8a006a1ecd0c..8478a5ce82cbc 100644
--- a/NEWS
+++ b/NEWS
@@ -23,12 +23,22 @@ PHP                                                                        NEWS
 
 30 May 2019, PHP 7.2.19
 
+- EXIF:
+  . Fixed bug #77988 (heap-buffer-overflow on php_jpg_get16).
+    (CVE-2019-11040) (Stas)
+
 - FPM:
   . Fixed bug #77934 (php-fpm kill -USR2 not working). (Jakub Zelenka)
   . Fixed bug #77921 (static.php.net doesn't work anymore). (Peter Kokot)
 
 - GD:
   . Fixed bug #77943 (imageantialias($image, false); does not work). (cmb)
+  . Fixed bug #77973 (Uninitialized read in gdImageCreateFromXbm).
+    (CVE-2019-11038) (cmb)
+
+- Iconv:
+  . Fixed bug #78069 (Out-of-bounds read in iconv.c:_php_iconv_mime_decode()
+    due to integer overflow). (CVE-2019-11039). (maris dot adam)
 
 - JSON:
   . Fixed bug #77843 (Use after free with json serializer). (Nikita)
@@ -50,6 +60,9 @@ PHP                                                                        NEWS
   . Fixed bug #77024 (SplFileObject::__toString() may return array). (Craig
     Duncan)
 
+- SQLite:
+  . Fixed bug #77967 (Bypassing open_basedir restrictions via file uris). (Stas)
+
 02 May 2019, PHP 7.2.18
 
 - CLI: