diff --git a/debian/changelog b/debian/changelog
index d44ca542bc40c9ddda5d27b70b8ab5402a53bb92..ac0da011981296030cfe3b0198a921257cb9eba7 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,7 +1,7 @@
 mariadb-10.1 (10.1.38-0+deb9u1) stretch-security; urgency=high
 
   * SECURITY UPDATE: New upstream release 10.1.38. Includes fixes for
-    the following security vulnerabilities (Closes: #920933);
+    the following security vulnerabilities (Closes: #920933):
     - CVE-2019-2537
     - CVE-2019-2529
   * Update correct branch name in gbp.conf
@@ -11,7 +11,7 @@ mariadb-10.1 (10.1.38-0+deb9u1) stretch-security; urgency=high
 mariadb-10.1 (10.1.37-0+deb9u1) stretch-security; urgency=high
 
   * SECURITY UPDATE: New upstream release 10.1.37. Includes fixes for
-    the following security vulnerabilities (Closes: #912848);
+    the following security vulnerabilities (Closes: #912848):
     - CVE-2018-3282
     - CVE-2018-3251
     - CVE-2018-3174
@@ -24,6 +24,9 @@ mariadb-10.1 (10.1.37-0+deb9u1) stretch-security; urgency=high
   * Physically remove patches no longer in series and not applied anyway
   * Fix wrong-path-for-interpreter in innotop script to make package
     Lintian error free as pass CI systems fully
+  * Previous upstream version 10.1.36 included fixes for the following
+    security vulnerabilities:
+    - CVE-2019-2503
   * Previous upstream version 10.1.35 included fixes for the following
     security vulnerabilities:
     - CVE-2018-3066