diff --git a/SPECS/grafana.spec b/SPECS/grafana.spec
index 3be15e3..0a96dc0 100644
--- a/SPECS/grafana.spec
+++ b/SPECS/grafana.spec
@@ -30,7 +30,7 @@ end}
 
 Name:             grafana
 Version:          7.5.15
-Release:          2%{?dist}
+Release:          3%{?dist}
 Summary:          Metrics dashboard and graph editor
 License:          ASL 2.0
 URL:              https://grafana.org
@@ -973,6 +973,17 @@ OPENSSL_FORCE_FIPS_MODE=1 GOLANG_FIPS=1 go test -v ./pkg/util -run TestEncryptio
 
 
 %changelog
+* Wed Aug 10 2022 Andreas Gerstmayr <agerstmayr@redhat.com> 7.5.15-3
+- resolve CVE-2022-1962 golang: go/parser: stack exhaustion in all Parse* functions
+- resolve CVE-2022-1705 golang: net/http: improper sanitization of Transfer-Encoding header
+- resolve CVE-2022-32148 golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working
+- resolve CVE-2022-30631 golang: compress/gzip: stack exhaustion in Reader.Read
+- resolve CVE-2022-30630 golang: io/fs: stack exhaustion in Glob
+- resolve CVE-2022-30632 golang: path/filepath: stack exhaustion in Glob
+- resolve CVE-2022-30635 golang: encoding/gob: stack exhaustion in Decoder.Decode
+- resolve CVE-2022-28131 golang: encoding/xml: stack exhaustion in Decoder.Skip
+- resolve CVE-2022-30633 golang: encoding/xml: stack exhaustion in Unmarshal
+
 * Wed Jul 20 2022 Andreas Gerstmayr <agerstmayr@redhat.com> 7.5.15-2
 - resolve CVE-2022-31107 grafana: OAuth account takeover