diff --git a/changelog/security/2024-04-08-weekly-updates.md b/changelog/security/2024-04-08-weekly-updates.md
new file mode 100644
index 0000000000..eb5d3770a1
--- /dev/null
+++ b/changelog/security/2024-04-08-weekly-updates.md
@@ -0,0 +1,3 @@
+- coreutils ([coreutils-2024-03-28](https://lists.gnu.org/archive/html/info-gnu/2024-03/msg00006.html))
+- curl ([CVE-2024-2004](https://nvd.nist.gov/vuln/detail/CVE-2024-2004), [CVE-2024-2379](https://nvd.nist.gov/vuln/detail/CVE-2024-2379), [CVE-2024-2398](https://nvd.nist.gov/vuln/detail/CVE-2024-2398), [CVE-2024-2466](https://nvd.nist.gov/vuln/detail/CVE-2024-2466))
+- nghttp2 ([CVE-2024-28182](https://nvd.nist.gov/vuln/detail/CVE-2024-28182))
diff --git a/changelog/updates/2024-04-08-weekly-updates.md b/changelog/updates/2024-04-08-weekly-updates.md
new file mode 100644
index 0000000000..b61d60e4d3
--- /dev/null
+++ b/changelog/updates/2024-04-08-weekly-updates.md
@@ -0,0 +1,3 @@
+- coreutils ([9.5](https://lists.gnu.org/archive/html/info-gnu/2024-03/msg00006.html))
+- curl ([8.7.1](https://curl.se/changes.html#8_7_1) (includes [8.7.0](https://curl.se/changes.html#8_7_0)))
+- nghttp2 ([1.61.0](https://github.com/nghttp2/nghttp2/releases/tag/v1.61.0) (includes [1.58.0](https://github.com/nghttp2/nghttp2/releases/tag/v1.58.0), [1.59.0](https://github.com/nghttp2/nghttp2/releases/tag/v1.59.0) and [1.60.0](https://github.com/nghttp2/nghttp2/releases/tag/v1.60.0)))