diff --git a/proftpd.spec b/proftpd.spec
index 5920bee..60aa264 100644
--- a/proftpd.spec
+++ b/proftpd.spec
@@ -596,7 +596,7 @@ fi
 * Wed Feb 19 2020 Paul Howarth <paul@city-fan.org> - 1.3.6c-1
 - Update to 1.3.6c
   - Use-after-free vulnerability in memory pools during data transfer
-    (https://github.com/proftpd/proftpd/issues/903)
+    (CVE-2020-9273, https://github.com/proftpd/proftpd/issues/903)
   - Fix mod_tls compilation with LibreSSL 2.9.x
     (https://github.com/proftpd/proftpd/issues/810)
   - MaxClientsPerUser was not enforced for SFTP logins when mod_digest was
@@ -620,9 +620,9 @@ fi
     (https://github.com/proftpd/proftpd/issues/898)
   - Out-of-bounds read in mod_cap getstateflags() function; this has been
     addressed by updating the bundled version of libcap
-    (https://github.com/proftpd/proftpd/issues/902)
+    (CVE-2020-9272, https://github.com/proftpd/proftpd/issues/902)
     Note that this build of ProFTPD uses the system version of libcap and not
-    the bundled version
+    the bundled version, and is not vulnerable to this issue
 
 * Thu Jan 30 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.3.6b-4
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild