From fff5a43469382489c09ad96cab00c48f6ed6df16 Mon Sep 17 00:00:00 2001
From: Adriaan de Groot <groot@kde.org>
Date: Tue, 2 Jul 2019 21:50:43 +0200
Subject: [PATCH] Changes: document luksbootkey issue

---
 CHANGES | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)

diff --git a/CHANGES b/CHANGES
index 5085ad3c7..723747e44 100644
--- a/CHANGES
+++ b/CHANGES
@@ -6,11 +6,31 @@ website will have to do for older versions.
 # 3.2.11 (unreleased) #
 
 This release contains contributions from (alphabetically by first name):
+ - No other contributors this time around.
+
+This is a security release with no functional changes (except for
+improved security) relative to 3.2.10. The Calamares team would like
+to acknowledge the help of the following people in reporting and
+understanding the issues (alphabetically by first name):
+ - Kevin Kofler
+ - Seth Arnold
+ - Simon Quigley
+ - Thomas Ward
+
 
 ## Core ##
 
+No core changes.
+
 ## Modules ##
 
+ - *initramfs* could create an initramfs with insecure permissions.
+   Since the keyfile is included in the initramfs, an attacker could
+   read the file from the initramfs. #1190
+ - *luksbootkeyfile* created a key file where a window of opportunity
+   existed where the key file could have too-lax file permissions.
+   #1191 CVE-2019-13179
+
 
 # 3.2.10 (2019-06-28) #