diff --git a/CHANGES b/CHANGES
index 1f9659725f..597cd3cf51 100644
--- a/CHANGES
+++ b/CHANGES
@@ -15,7 +15,7 @@
 
 4170.	[security]	An incorrect boundary check in the OPENPGPKEY
 			rdatatype could trigger an assertion failure.
-			[RT #40286]
+			(CVE-2015-2986) [RT #40286]
 
 4169.	[test]		Added a 'wire_test -d' option to read input as
 			raw binary data, for use as a fuzzing harness.
diff --git a/README b/README
index 670183f8ce..43c051911c 100644
--- a/README
+++ b/README
@@ -55,8 +55,8 @@ BIND 9.9.8
 
 	BIND 9.9.8 is a maintenance release and addresses bugs
 	found in BIND 9.9.7 and earlier, as well as the security
-	flaws described in CVE-2015-4620, CVE-2015-5477, and
-	CVE-2015-5722.
+	flaws described in CVE-2015-4620, CVE-2015-5477,
+	CVE-2015-5722, and CVE-2015-5986.
 
 	It also makes the following new features available via a
 	compile-time option:
diff --git a/doc/arm/notes.xml b/doc/arm/notes.xml
index 49ce0428e2..ed65af3656 100644
--- a/doc/arm/notes.xml
+++ b/doc/arm/notes.xml
@@ -41,7 +41,8 @@
       <listitem>
 	<para>
 	  An incorrect boundary check in the OPENPGPKEY rdatatype
-	  could trigger an assertion failure. [RT #40286]
+	  could trigger an assertion failure. This flaw is disclosed
+	  in CVE-2015-5986. [RT #40286]
 	</para>
       </listitem>
       <listitem>