diff --git a/core/modules/update/update.module b/core/modules/update/update.module
index da8342d51f66dec28fd43e00a9a36b9c2f523ba3..6f1ab74dcfd207c61a0d4bcecd1f12644061ed1a 100644
--- a/core/modules/update/update.module
+++ b/core/modules/update/update.module
@@ -413,7 +413,7 @@ function update_get_available($refresh = FALSE) {
   // @todo This is a temporary fix to allow minor-version backports of security
   //   fixes to be shown as secure. It should not be included in the codebase of
   //   any release or branch other than such backports. Replace this with
-  //   https://www.drupal.org/project/drupal/issues/2766491.
+  //   https://www.drupal.org/project/drupal/issues/2804155.
   foreach (_update_equivalent_security_releases() as $equivalent_release) {
     if (!empty($available['drupal']['releases'][$equivalent_release]['terms']['Release type'])) {
       $security_release_key = array_search('Security update', $available['drupal']['releases'][$equivalent_release]['terms']['Release type']);
@@ -439,12 +439,15 @@ function update_get_available($refresh = FALSE) {
  *   (i.e. covered by the same advisory), for backported security fixes only.
  *
  * @todo This is a temporary fix to allow minor-version backports of security
- *   fixes to be shown as secure. It should not be included in the codebase of
- *   any release or branch other than such backports. Replace this with
+ *   fixes to be shown as secure. Replace this with
  *   https://www.drupal.org/project/drupal/issues/2766491.
  */
 function _update_equivalent_security_releases() {
   switch (\Drupal::VERSION) {
+    case '8.3.8':
+      return ['8.4.5', '8.5.0-rc1'];
+    case '8.3.9':
+      return ['8.4.6', '8.5.1'];
     case '8.4.5':
       return ['8.5.0-rc1'];
     case '8.4.6':