diff --git a/xen.spec b/xen.spec
index daa3901..2c2356c 100644
--- a/xen.spec
+++ b/xen.spec
@@ -909,11 +909,12 @@ rm -rf %{buildroot}
 %changelog
 * Tue Jun 02 2015 Michael Young <m.a.young@durham.ac.uk> - 4.3.4-5
 - Potential unintended writes to host MSI message data field via qemu
-	[XSA-128, CVE-2015-4103]
+	[XSA-128, CVE-2015-4103] (#1227627)
 - PCI MSI mask bits inadvertently exposed to guests [XSA-129, CVE-2015-4104]
+	(#1227628)
 - Guest triggerable qemu MSI-X pass-through error messages [XSA-130,
-	CVE-2015-4105]
-- Unmediated PCI register access in qemu [XSA-131, CVE-2015-4106]
+	CVE-2015-4105] (#1227629)
+- Unmediated PCI register access in qemu [XSA-131, CVE-2015-4106] (#1227631)
 
 * Wed May 13 2015 Michael Young <m.a.young@durham.ac.uk> - 4.3.4-4
 - Privilege escalation via emulated floppy disk drive [XSA-133,