Added release notes

radarhere · hugovk · commit facf3af93dab · 2024-04-01T09:25:59.000+03:00
diff --git a/docs/releasenotes/10.3.0.rst b/docs/releasenotes/10.3.0.rst
@@ -4,21 +4,11 @@
 Security
 ========
 
-TODO
-^^^^
+:cve:`2024-28219`: Fix buffer overflow in ``_imagingcms.c``
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 
-TODO
-
-:cve:`YYYY-XXXXX`: TODO
-^^^^^^^^^^^^^^^^^^^^^^^
-
-TODO
-
-Backwards Incompatible Changes
-==============================
-
-TODO
-^^^^
+In ``_imagingcms.c``, two ``strcpy`` calls were able to copy too much data into fixed
+length strings. This has been fixed by using ``strncpy`` instead.
 
 Deprecations
 ============
