diff --git a/qutebrowser.changes b/qutebrowser.changes
index 0652a5a..4f75c80 100644
--- a/qutebrowser.changes
+++ b/qutebrowser.changes
@@ -4,7 +4,7 @@ Wed Jul 11 17:46:59 UTC 2018 - 9+suse@cirno.systems
 - Update to version 1.4.1:
   Security:
     * CVE-2018-10895: Fix CSRF issue on the qute://settings page,
-      leading to possible arbitrary code execution.
+      leading to possible arbitrary code execution (boo#1100968).
       See the related GitHub issue for details:
       https://github.com/qutebrowser/qutebrowser/issues/4060
   Fixed:
@@ -123,7 +123,8 @@ Tue Jul  3 16:29:33 UTC 2018 - 9+suse@cirno.systems
     * Various subtle keyboard focus issues.
     * The security fix in v1.3.3 caused URLs with ampersands
       (www.example.com?one=1&two=2) to send the wrong arguments
-      when clicked on the qute://history page.
+      when clicked on the qute://history page (boo#1100968,
+      CVE-2018-1000559).
     * Crash when opening a PDF page with PDF.js enabled
       (on QtWebKit), but no PDF.js installed.
     * Crash when closing a tab shortly after opening it.