NEWS.md : Fix the mentioned of the PR in CVE-2024-35176. (#253)

I think the mentioned of CVE-2024-35176 in NEWS.md is incorrect.

```
- Improved parse performance when an attribute has many <s.
  - GH-126
```

#126 looks like fixes the issue with attribute value that contains
multiple '>' characters.

Author: naitoh

NEWS.md

@@ -386,7 +386,7 @@
 
     * Patch by NAITOH Jun.
 
-  * Improved parse performance when an attribute has many `<`s.
+  * Improved parse performance when an attribute has many `>`s.
 
     * GH-126