diff --git a/python314.changes b/python314.changes
index 9d74d04..b6a555a 100644
--- a/python314.changes
+++ b/python314.changes
@@ -12,12 +12,14 @@ Sat Jun 21 22:30:08 UTC 2025 - Matej Cepl <mcepl@cepl.eu>
     - gh-135462: Fix quadratic complexity in processing specially
       crafted input in html.parser.HTMLParser. End-of-file errors
       are now handled according to the HTML5 specs – comments and
-      declarations are automatically closed, tags are ignored.
+      declarations are automatically closed, tags are ignored
+      (bsc#1244705, CVE-2025-6069).
     - gh-135034: Fixes multiple issues that allowed tarfile
       extraction filters (filter="data" and filter="tar") to be
-      bypassed using crafted symlinks and hard links.
-      Addresses CVE 2024-12718, CVE 2025-4138, CVE 2025-4330, and
-      CVE 2025-4517.
+      bypassed using crafted symlinks and hard links.  Addresses
+      CVE 2024-12718, CVE 2025-4138, CVE 2025-4330, and CVE
+      2025-4517. Also addresses CVE-2025-4435 (gh#135034,
+      bsc#1244061).
   - Library
     - gh-65697: configparser’s error message when attempting to
       write an invalid key is now more helpful.