diff --git a/python314.changes b/python314.changes
index b5d1c54..5a27233 100644
--- a/python314.changes
+++ b/python314.changes
@@ -1,17 +1,15 @@
 -------------------------------------------------------------------
 Thu Feb  5 17:26:23 UTC 2026 - Matej Cepl <mcepl@cepl.eu>
 
-- Add CVE-2025-12781-b64decode-alt-chars.patch fixing bsc#1257108
-  (CVE-2025-12781) combining gh#python/cpython!141061,
-  gh#python/cpython!141128, and gh#python/cpython!141153. All
-  `*b64decode` functions should not accept non-altchars.
-- Add CVE-2025-15366-imap-ctrl-chars.patch fixing bsc#1257044
-  (CVE-2025-15366, gh-143921) using gh#python/cpython!143922 and
-  doing basically the same as the previous patch for IMAP
-  protocol.
-- Add CVE-2025-15367-poplib-ctrl-chars.patch fixing bsc#1257041
-  (CVE-2025-15367) using gh#python/cpython!143924 and doing
-  basically the same as the previous patch for poplib library.
+- CVE-2025-12781: All `*b64decode` functions should not accept
+  non-altchars. (bsc#1257108, gh#python/cpython#125346)
+  CVE-2025-12781-b64decode-alt-chars.patch
+- CVE-2025-15366: IMAP protocol should not accept non-altchars as
+  well. (bsc#1257044, gh-143921)
+  CVE-2025-15366-imap-ctrl-chars.patch
+- CVE-2025-15367: basically the same as the previous patch but for
+  the poplib library. (bsc#1257041, gh#python/cpython#143923)
+  CVE-2025-15367-poplib-ctrl-chars.patch
 
 -------------------------------------------------------------------
 Thu Feb  5 12:57:09 UTC 2026 - Matej Cepl <mcepl@cepl.eu>
@@ -43,21 +41,22 @@ Thu Feb  5 12:57:09 UTC 2026 - Matej Cepl <mcepl@cepl.eu>
       (write) headers that are unsafely folded or delimited; see
       verify_generated_headers. (Contributed by Bas Bloemsaat and
       Petr Viktorin in gh-121650).
-    - gh-143935: Fixed a bug in the folding of comments when
+    - CVE-2025-11468: Fixed a bug in the folding of comments when
       flattening an email message using a modern email policy.
       Comments consisting of a very long sequence of non-foldable
       characters could trigger a forced line wrap that omitted
       the required leading space on the continuation line,
       causing the remainder of the comment to be interpreted as
       a new header field. This enabled header injection with
-      carefully crafted inputs (bsc#1257029, CVE-2025-11468).
-    - gh-143925: Reject control characters in data: URL media
-      types (bsc#1257046, CVE-2025-15282).
-    - gh-143919: Reject control characters in http.cookies.Morsel
-      fields and values (bsc#1257031, CVE-2026-0672).
-    - gh-143916: Reject C0 control characters within
+      carefully crafted inputs (bsc#1257029, gh-143935).
+    - CVE-2025-15282: Reject control characters in data: URL
+      media types (bsc#1257046, gh-143925).
+    - CVE-2026-0672: Reject control characters in
+      http.cookies.Morsel fields and values (bsc#1257031,
+      gh-143919).
+    - CVE-2026-0865: Reject C0 control characters within
       wsgiref.headers.Headers fields, values, and parameters
-      (bsc#1257042, CVE-2026-0865).
+      (bsc#1257042, gh-143916).
   - Library
     - gh-144380: Improve performance of io.BufferedReader line
       iteration by ~49%.