diff --git a/MozillaThunderbird.changes b/MozillaThunderbird.changes
index d654d97..aba51d1 100644
--- a/MozillaThunderbird.changes
+++ b/MozillaThunderbird.changes
@@ -1,7 +1,26 @@
 -------------------------------------------------------------------
 Tue Mar  7 15:08:23 UTC 2017 - wr@rosenauer.org
 
-- update to Thunderbird 45.8.0
+- update to Thunderbird 45.8.0 (boo#1028391)
+  * MFSA 2017-07
+    CVE-2017-5400: asm.js JIT-spray bypass of ASLR and DEP
+                   (bmo#1334933)
+    CVE-2017-5401: Memory Corruption when handling ErrorResult
+                   (bmo#1328861)
+    CVE-2017-5402: Use-after-free working with events in FontFace
+                   objects (bmo#1334876)
+    CVE-2017-5404: Use-after-free working with ranges in selections
+                   (bmo#1340138)
+    CVE-2017-5407: Pixel and history stealing via floating-point
+                   timing side channel with SVG filters (bmo#1336622)
+    CVE-2017-5410: Memory corruption during JavaScript garbage
+                   collection incremental sweeping (bmo#1330687)
+    CVE-2017-5408: Cross-origin reading of video captions in violation
+                   of CORS (bmo#1313711)
+    CVE-2017-5405: FTP response codes can cause use of
+                   uninitialized values for ports (bmo#1336699)
+    CVE-2017-5398: Memory safety bugs fixed in Firefox 52 and
+                   Firefox ESR 45.8
 
 -------------------------------------------------------------------
 Thu Feb  9 07:49:54 UTC 2017 - wr@rosenauer.org