diff --git a/CHANGES b/CHANGES
index 39ee59b66f..9023f05f43 100644
--- a/CHANGES
+++ b/CHANGES
@@ -15,7 +15,7 @@
 
 4170.	[security]	An incorrect boundary check in the OPENPGPKEY
 			rdatatype could trigger an assertion failure.
-			[RT #40286]
+			(CVE-2015-2986) [RT #40286]
 
 4169.	[test]		Added a 'wire_test -d' option to read input as
 			raw binary data, for use as a fuzzing harness.
diff --git a/README b/README
index ee836b869d..d8bc88c686 100644
--- a/README
+++ b/README
@@ -56,7 +56,7 @@ BIND 9.10.3
 	BIND 9.10.3 is a maintenance release and addresses bugs
 	found in BIND 9.10.2 and earlier, as well as the security
 	flaws described in CVE-2015-4620, CVE-2015-5477,
-	and CVE-2015-5722.
+	CVE-2015-5722, and CVE-2015-5986.
 
 	It also makes the following new features available:
 
diff --git a/doc/arm/notes.xml b/doc/arm/notes.xml
index 031901af46..b3d578f099 100644
--- a/doc/arm/notes.xml
+++ b/doc/arm/notes.xml
@@ -41,7 +41,8 @@
       <listitem>
 	<para>
 	  An incorrect boundary check in the OPENPGPKEY rdatatype
-	  could trigger an assertion failure. [RT #40286]
+	  could trigger an assertion failure. This flaw is disclosed
+	  in CVE-2015-5986. [RT #40286]
 	</para>
       </listitem>
       <listitem>