diff --git a/runc.changes b/runc.changes
index b38f8d9..8311113 100644
--- a/runc.changes
+++ b/runc.changes
@@ -1,4 +1,14 @@
 -------------------------------------------------------------------
+Wed Dec 19 19:55:11 UTC 2018 - clee@suse.com
+
+- Update go requirements to >= go1.10 to fix
+  * bsc#1118897 CVE-2018-16873
+    go#29230 cmd/go: remote command execution during "go get -u"
+  * bsc#1118898 CVE-2018-16874
+    go#29231 cmd/go: directory traversal in "go get" via curly braces in import paths
+  * bsc#1118899 CVE-2018-16875
+    go#29233 crypto/x509: CPU denial of service 
+-------------------------------------------------------------------
 Thu Dec 13 04:34:25 UTC 2018 - dorf@suse.com
 
 - Require golang = 1.10.