diff --git a/CHANGES b/CHANGES
index ca6e7bb3f63dd1c52f5a97ad36fbbef803b9f777..6174a09590145dc1f76d35ab509033a935df50e3 100644
--- a/CHANGES
+++ b/CHANGES
@@ -20,7 +20,7 @@
 2016.72 - 9 March 2016
 
 - Validate X11 forwarding input. Could allow bypass of authorized_keys command= restrictions,
-  found by github.com/tintinweb. Thanks for Damien Miller for a patch.
+  found by github.com/tintinweb. Thanks for Damien Miller for a patch. CVE-2016-3116
 
 2015.71 - 3 December 2015