Add CVE numbers to security update descriptions in CHANGELOG

CHANGELOG

@@ -4,17 +4,18 @@ version 2.83
 
 	Fix a remote buffer overflow problem in the DNSSEC code. Any
 	dnsmasq with DNSSEC compiled in and enabled is vulnerable to this,
-	referenced by CERT VU#434904.
+	referenced by CVE-2020-25681, CVE-2020-25682, CVE-2020-25683
+	CVE-2020-25687.
 
 	Be sure to only accept UDP DNS query replies at the address
 	from which the query was originated. This keeps as much entropy
 	in the {query-ID, random-port} tuple as possible, to help defeat
-	cache poisoning attacks. Refer: CERT VU#434904.
+	cache poisoning attacks. Refer: CVE-2020-25684.
 
 	Use the SHA-256 hash function to verify that DNS answers
 	received are for the questions originally asked. This replaces
 	the slightly insecure SHA-1 (when compiled with DNSSEC) or
-	the very insecure CRC32 (otherwise). Refer: CERT VU#434904.
+	the very insecure CRC32 (otherwise). Refer: CVE-2020-25685.
 
 	Handle multiple identical near simultaneous DNS queries better.
 	Previously, such queries would all be forwarded
@@ -28,7 +29,7 @@ version 2.83
 	of the query. The new behaviour detects repeated queries and
 	merely stores the clients sending repeats so that when the
 	first query completes, the answer can be sent to all the
-	clients who asked. Refer: CERT VU#434904.
+	clients who asked. Refer: CVE-2020-25686.
 	
 
 version 2.82