[ci skip] Update NEWS

Author: smalyshev

NEWS

@@ -73,6 +73,8 @@ PHP                                                                        NEWS
   . Fixed bug #76813 (Access violation near NULL on source operand). (cmb)
 
 - Standard:
+  . Fixed bug #77423 (FILTER_VALIDATE_URL accepts URLs with invalid userinfo). 
+    (CVE-2020-7071) (cmb)
   . Fixed bug #80366 (Return Value of zend_fstat() not Checked). (sagpant, cmb)
   . Fixed bug #80411 (References to null-serialized object break serialize()).
     (Nikita)