diff --git a/xmlgraphics-batik.changes b/xmlgraphics-batik.changes
index 008a6b5..21ac244 100644
--- a/xmlgraphics-batik.changes
+++ b/xmlgraphics-batik.changes
@@ -8,9 +8,10 @@ Fri Mar  1 19:02:03 UTC 2024 - Fridrich Strba <fstrba@suse.com>
     (CVE-2022-44729)
 - Upgrade to version 1.16
   * Java 8 or later is minimum runtime required
-  * BATIK-1338: Block loading jar inside svg (CVE-2022-41704)
+  * BATIK-1338: Block loading jar inside svg (CVE-2022-41704,
+    bsc#1204704)
   * BATIK-1345: Restrict what java classes can be run thru rhino
-    (CVE-2022-42890)
+    (CVE-2022-42890, bsc#1204709)
 - Removed patch:
   * xmlgraphics-batik-nosourcetarget.patch
     + not needed since Java 8 compatibility is now the default