diff --git a/ceph-test.changes b/ceph-test.changes
index b5a8435..eaac453 100644
--- a/ceph-test.changes
+++ b/ceph-test.changes
@@ -7,7 +7,7 @@ Fri May 14 10:20:23 UTC 2021 - Nathan Cutler <ncutler@suse.com>
     * mgr/dashboard: fix base-href: revert it to previous approach
     * (bsc#1186021) mgr/dashboard: fix cookie injection issue (CVE-2021-3509)
     * mgr/dashboard: fix set-ssl-certificate{,-key} commands
-    * rgw: RGWSwiftWebsiteHandler::is_web_dir checks empty subdir_name (CVE-2021-3531)
+    * (bsc#1186020) rgw: RGWSwiftWebsiteHandler::is_web_dir checks empty subdir_name (CVE-2021-3531)
     * (bsc#1185619) rgw: sanitize \r in s3 CORSConfiguration’s ExposeHeader (CVE-2021-3524)
     * systemd: remove ProtectClock=true for ceph-osd@.service
 
diff --git a/ceph.changes b/ceph.changes
index b5a8435..eaac453 100644
--- a/ceph.changes
+++ b/ceph.changes
@@ -7,7 +7,7 @@ Fri May 14 10:20:23 UTC 2021 - Nathan Cutler <ncutler@suse.com>
     * mgr/dashboard: fix base-href: revert it to previous approach
     * (bsc#1186021) mgr/dashboard: fix cookie injection issue (CVE-2021-3509)
     * mgr/dashboard: fix set-ssl-certificate{,-key} commands
-    * rgw: RGWSwiftWebsiteHandler::is_web_dir checks empty subdir_name (CVE-2021-3531)
+    * (bsc#1186020) rgw: RGWSwiftWebsiteHandler::is_web_dir checks empty subdir_name (CVE-2021-3531)
     * (bsc#1185619) rgw: sanitize \r in s3 CORSConfiguration’s ExposeHeader (CVE-2021-3524)
     * systemd: remove ProtectClock=true for ceph-osd@.service