diff --git a/cure53-Security-Audit-2015.md b/cure53-Security-Audit-2015.md
index 0152ceb..d87b55b 100644
--- a/cure53-Security-Audit-2015.md
+++ b/cure53-Security-Audit-2015.md
@@ -1,5 +1,6 @@
 Audit can be downloaded at https://cure53.de/pentest-report_openkeychain.pdf
 
+All identified vulnerabilities has been discussed with cure53 and fixed in OpenKeychain 3.6. Only OKC-01-006 has not been fixed because it is not in our threat model. We will work on two Miscellaneous Issues (not vulnerabilities!) for a future version of OpenKeychain.
 
 ## Identified Vulnerabilities
 ### OKC-01-001 Private Keys can be imported from Keyserver (Medium)
@@ -33,6 +34,8 @@ https://github.com/open-keychain/open-keychain/commit/57a04cb8a14a4777a3d77a9295
 
 ### OKC-01-011 Unconfirmed Main Identities are shown as confirmed (Low)
 Confirmed identities (if they exist) are now prioritized over non-confirmed ones.
+
+FIXED IN
   * https://github.com/open-keychain/open-keychain/commit/486117d9de8618c1ecfb2a592c781fc43f1cc886
 
 ### OKC-01-012 Database Extraction possible via Version Downgrade (Medium)