diff --git a/python-urllib3.changes b/python-urllib3.changes
index ca0a1a5..68c7bc5 100644
--- a/python-urllib3.changes
+++ b/python-urllib3.changes
@@ -73,7 +73,7 @@ Tue Apr 23 10:27:36 UTC 2019 - Tomáš Chvátal <tchvatal@suse.com>
 -------------------------------------------------------------------
 Tue Apr 23 04:04:50 UTC 2019 - Thomas Bechtold <tbechtold@suse.com>
 
-- update to 1.25 (bsc#1132663, CVE-2019-11236):
+- update to 1.25 (bsc#1132663, CVE-2019-9740, CVE-2019-11236):
   * Require and validate certificates by default when using HTTPS
   * Upgraded ``urllib3.utils.parse_url()`` to be RFC 3986 compliant.
   * Added support for ``key_password`` for ``HTTPSConnectionPool`` to use
@@ -94,7 +94,7 @@ Tue Apr 23 04:04:50 UTC 2019 - Thomas Bechtold <tbechtold@suse.com>
 -------------------------------------------------------------------
 Thu Apr 18 00:02:07 CEST 2019 - Matej Cepl <mcepl@suse.com>
 
-- Update to 1.24.2:
+- Update to 1.24.2 (bsc#1132900, CVE-2019-11324):
   - Implemented a more efficient HTTPResponse.__iter__() method.
     (Issue #1483)
   - Upgraded urllib3.utils.parse_url() to be RFC 3986 compliant.
@@ -179,7 +179,7 @@ Wed Jul 18 09:19:49 UTC 2018 - tchvatal@suse.com
 -------------------------------------------------------------------
 Sun Jul 15 22:30:26 UTC 2018 - mimi.vx@gmail.com
 
-- update to 1.23
+- update to 1.23 (bsc#1119376, CVE-2018-20060)
 - add 1414.patch - fix tests with new tornado
 - refresh python-urllib3-recent-date.patch
 - drop urllib3-test-no-coverage.patch