We could say something like the following, I suppose. Or maybe you'd want to tone it down a bit.
"This release of Bison fixes all known bugs reported for Bison in MITRE's Common Vulnerabilities and Exposures (CVE) system. Although these bugs are typically irrelevant to how Bison is used, they are worth fixing if only to give users peace of mind."
