--- a/ChangeLog	Mon Feb 13 11:56:27 2012 +0000
+++ b/ChangeLog	Mon Feb 13 11:57:50 2012 +0000
@@ -1,3 +1,7 @@
+2012-02-13  Andrew John Hughes  <ahughes@redhat.com>
+
+	* NEWS: Add CVE numbers.
+
 2012-02-10  Andrew John Hughes  <ahughes@redhat.com>
 
 	* Makefile.am: Apply 7112642 security patch

--- a/NEWS	Mon Feb 13 11:56:27 2012 +0000
+++ b/NEWS	Mon Feb 13 11:57:50 2012 +0000
@@ -11,15 +11,15 @@
 New in release 1.9.13 (2012-02-14):
 
 * Security fixes
-  - S7082299: Fix in AtomicReferenceArray
-  - S7088367: Fix issues in java sound
-  - S7110683: Issues with some KeyboardFocusManager method
-  - S7110687: Issues with TimeZone class
-  - S7110700: Enhance exception throwing mechanism in ObjectStreamClass
-  - S7110704: Issues with some method in corba
-  - S7112642: Incorrect checking for graphics rendering object
-  - S7118283: Better input parameter checking in zip file processing
-  - S7126960: Add property to limit number of request headers to the HTTP Server
+  - S7082299, CVE-2011-3571: Fix in AtomicReferenceArray
+  - S7088367, CVE-2011-3563: Fix issues in java sound
+  - S7110683, CVE-2012-0502: Issues with some KeyboardFocusManager method
+  - S7110687, CVE-2012-0503: Issues with TimeZone class
+  - S7110700, CVE-2012-0505: Enhance exception throwing mechanism in ObjectStreamClass
+  - S7110704, CVE-2012-0506: Issues with some method in corba
+  - S7112642, CVE-2012-0497: Incorrect checking for graphics rendering object
+  - S7118283, CVE-2012-0501: Better input parameter checking in zip file processing
+  - S7126960, CVE-2011-5035: Add property to limit number of request headers to the HTTP Server
 * Bug fixes
   - RH580478: Desktop files should not use hardcoded path