diff --git a/ceph-test.changes b/ceph-test.changes
index 7a2c074..b5a8435 100644
--- a/ceph-test.changes
+++ b/ceph-test.changes
@@ -5,7 +5,7 @@ Fri May 14 10:20:23 UTC 2021 - Nathan Cutler <ncutler@suse.com>
   + rebased on top of v16.2.4 tag
     https://ceph.io/releases/v16-2-4-pacific-released/
     * mgr/dashboard: fix base-href: revert it to previous approach
-    * mgr/dashboard: fix cookie injection issue (CVE-2021-3509)
+    * (bsc#1186021) mgr/dashboard: fix cookie injection issue (CVE-2021-3509)
     * mgr/dashboard: fix set-ssl-certificate{,-key} commands
     * rgw: RGWSwiftWebsiteHandler::is_web_dir checks empty subdir_name (CVE-2021-3531)
     * (bsc#1185619) rgw: sanitize \r in s3 CORSConfiguration’s ExposeHeader (CVE-2021-3524)
diff --git a/ceph.changes b/ceph.changes
index 7a2c074..b5a8435 100644
--- a/ceph.changes
+++ b/ceph.changes
@@ -5,7 +5,7 @@ Fri May 14 10:20:23 UTC 2021 - Nathan Cutler <ncutler@suse.com>
   + rebased on top of v16.2.4 tag
     https://ceph.io/releases/v16-2-4-pacific-released/
     * mgr/dashboard: fix base-href: revert it to previous approach
-    * mgr/dashboard: fix cookie injection issue (CVE-2021-3509)
+    * (bsc#1186021) mgr/dashboard: fix cookie injection issue (CVE-2021-3509)
     * mgr/dashboard: fix set-ssl-certificate{,-key} commands
     * rgw: RGWSwiftWebsiteHandler::is_web_dir checks empty subdir_name (CVE-2021-3531)
     * (bsc#1185619) rgw: sanitize \r in s3 CORSConfiguration’s ExposeHeader (CVE-2021-3524)