diff --git a/roundcubemail.changes b/roundcubemail.changes
index 21d09bf..85673bc 100644
--- a/roundcubemail.changes
+++ b/roundcubemail.changes
@@ -4,8 +4,10 @@ Sun Feb  8 12:51:32 UTC 2026 - Lars Vogdt <lars@linux-schulserver.de>
 - update to 1.6.13
   This is a security update to the stable version 1.6 of Roundcube Webmail.
   It provides fixes to recently reported security vulnerabilities:
-  + Fix CSS injection vulnerability reported by CERT Polska.
-  + Fix remote image blocking bypass via SVG content reported by nullcathedral.
+  + Fix CSS injection vulnerability reported by CERT Polska (boo#1258052,
+    CVE-2026-26079).
+  + Fix remote image blocking bypass via SVG content reported by nullcathedral
+    (boo#1257909, CVE-2026-25916).
 
   This version is considered stable and we recommend to update all productive 
   installations of Roundcube 1.6.x with it. Please do backup your data 
@@ -25,9 +27,9 @@ Mon Dec 15 13:38:36 UTC 2025 - Lars Vogdt <lars@linux-schulserver.de>
   It provides fixes to recently reported security vulnerabilities:
   
   + Fix Cross-Site-Scripting vulnerability via SVG's animate tag 
-    reported by Valentin T., CrowdStrike.
+    reported by Valentin T., CrowdStrike (boo#1255308, CVE-2025-68461).
   + Fix Information Disclosure vulnerability in the HTML style 
-    sanitizer reported by somerandomdev.
+    sanitizer reported by somerandomdev (boo#1255306, CVE-2025-68460).
 
   This version is considered stable and we recommend to update all 
   productive installations of Roundcube 1.6.x with it.