diff --git a/debian/changelog b/debian/changelog
index 3a4f88b..2c450e5 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,5 +1,10 @@
 bind9 (1:9.20.23-1~deb13u1deepin1) unstable; urgency=medium
 
+  * Security (CVE-2026-3593/5946/5947/3039): These CVEs are fixed in
+    upstream version 9.20.23, no backport needed.
+    Generated-By: Qwen3.6-35B-A3B-UD-Q4_K_M.gguf
+    Co-Authored-By: hudeng <hudeng@deepin.org>
+
   [ lichenggang ]
   * Disable Build-Dep xindy for sunway.