diff --git a/python38.changes b/python38.changes
index 8d993bc..44e238b 100644
--- a/python38.changes
+++ b/python38.changes
@@ -4,7 +4,7 @@ Thu Mar 21 20:29:12 UTC 2024 - Matej Cepl <mcepl@cepl.eu>
 - Update to 3.8.19:
   - Security
     - gh-115398: Allow controlling Expat >=2.6.0 reparse deferral
-      (CVE-2023-52425) by adding five new methods:
+      (CVE-2023-52425, bsc#1219559) by adding five new methods:
         xml.etree.ElementTree.XMLParser.flush()
         xml.etree.ElementTree.XMLPullParser.flush()
         xml.parsers.expat.xmlparser.GetReparseDeferralEnabled()
@@ -26,7 +26,8 @@ Thu Mar 21 20:29:12 UTC 2024 - Matej Cepl <mcepl@cepl.eu>
       socket.if_indextoname() on 64-bit non-Windows platforms.
     - gh-109858: Protect zipfile from “quoted-overlap”
       zipbomb. It now raises BadZipFile when try to read an entry
-      that overlaps with other entry or central directory.
+      that overlaps with other entry or central directory
+      (CVE-2024-0450, bsc#1221854).
     - gh-107077: Seems that in some conditions, OpenSSL will
       return SSL_ERROR_SYSCALL instead of SSL_ERROR_SSL
       when a certification verification has failed, but
@@ -36,7 +37,8 @@ Thu Mar 21 20:29:12 UTC 2024 - Matej Cepl <mcepl@cepl.eu>
       ssl.SSLCertVerificationError. Patch by Pablo Galindo
     - gh-91133: Fix a bug in tempfile.TemporaryDirectory cleanup,
       which now no longer dereferences symlinks when working
-      around file system permission errors.
+      around file system permission errors (CVE-2023-6597,
+      bsc#1219666).
   - Documentation
     - gh-115399: Document CVE-2023-52425 of Expat <2.6.0 under
       “XML vulnerabilities”.