diff --git a/busybox.changes b/busybox.changes
index 9c0d4d7..7a46756 100644
--- a/busybox.changes
+++ b/busybox.changes
@@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Mon Oct 17 17:26:27 UTC 2022 - Radoslav Kolev <radoslav.kolev@suse.com>
+
+- Annotate CVEs already fixed in upstream, but not mentioned in .changes:
+  * CVE-2014-9645 (bsc#914660):  strips of / in module names that can lead to loading unwanted modules 
+
 -------------------------------------------------------------------
 Thu Jun 30 08:30:05 UTC 2022 - Ludwig Nussel <lnussel@suse.de>