From 66ac7a129a70a225adc263602bcf7f5750698e8d Mon Sep 17 00:00:00 2001
From: Carlton Gibson <carlton.gibson@noumenal.es>
Date: Mon, 1 Oct 2018 11:54:31 +0200
Subject: [PATCH] [2.0.x] Added CVE-2018-16984 to the security release archive.

Backport of 0b3b7c4b0ab2567cfe5df3ac19563d4a59276cb1
and 92ccc3917058b1025b2d657ffdf3c21eb8009f7b from master
---
 docs/releases/security.txt | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/docs/releases/security.txt b/docs/releases/security.txt
index f74ec87c7e..9ddef50547 100644
--- a/docs/releases/security.txt
+++ b/docs/releases/security.txt
@@ -898,3 +898,14 @@ Versions affected
 * Django 2.1 `(patch) <https://github.com/django/django/commit/c4e5ff7fdb5fce447675e90291fd33fddd052b3c>`__
 * Django 2.0 `(patch) <https://github.com/django/django/commit/6fffc3c6d420e44f4029d5643f38d00a39b08525>`__
 * Django 1.11 `(patch) <https://github.com/django/django/commit/d6eaee092709aad477a9894598496c6deec532ff>`__
+
+October 1, 2018 - :cve:`2018-16984`
+-----------------------------------
+
+Password hash disclosure to "view only" admin users. `Full description
+<https://www.djangoproject.com/weblog/2018/oct/01/security-release/>`__
+
+Versions affected
+~~~~~~~~~~~~~~~~~
+
+* Django 2.1 `(patch) <https://github.com/django/django/commit/c4bd5b597e0aa2432e4c867b86650f18af117851>`__