diff --git a/ceph-test.changes b/ceph-test.changes
index 92ee562..7a2c074 100644
--- a/ceph-test.changes
+++ b/ceph-test.changes
@@ -8,7 +8,7 @@ Fri May 14 10:20:23 UTC 2021 - Nathan Cutler <ncutler@suse.com>
     * mgr/dashboard: fix cookie injection issue (CVE-2021-3509)
     * mgr/dashboard: fix set-ssl-certificate{,-key} commands
     * rgw: RGWSwiftWebsiteHandler::is_web_dir checks empty subdir_name (CVE-2021-3531)
-    * rgw: sanitize \r in s3 CORSConfiguration’s ExposeHeader (CVE-2021-3524)
+    * (bsc#1185619) rgw: sanitize \r in s3 CORSConfiguration’s ExposeHeader (CVE-2021-3524)
     * systemd: remove ProtectClock=true for ceph-osd@.service
 
 -------------------------------------------------------------------
diff --git a/ceph.changes b/ceph.changes
index 92ee562..7a2c074 100644
--- a/ceph.changes
+++ b/ceph.changes
@@ -8,7 +8,7 @@ Fri May 14 10:20:23 UTC 2021 - Nathan Cutler <ncutler@suse.com>
     * mgr/dashboard: fix cookie injection issue (CVE-2021-3509)
     * mgr/dashboard: fix set-ssl-certificate{,-key} commands
     * rgw: RGWSwiftWebsiteHandler::is_web_dir checks empty subdir_name (CVE-2021-3531)
-    * rgw: sanitize \r in s3 CORSConfiguration’s ExposeHeader (CVE-2021-3524)
+    * (bsc#1185619) rgw: sanitize \r in s3 CORSConfiguration’s ExposeHeader (CVE-2021-3524)
     * systemd: remove ProtectClock=true for ceph-osd@.service
 
 -------------------------------------------------------------------