From 97f0e0ac244eaa1ac258b7091c4ea68642aa4928 Mon Sep 17 00:00:00 2001
From: Tim Graham <timograham@gmail.com>
Date: Mon, 1 Feb 2016 12:42:37 -0500
Subject: [PATCH] [1.8.x] Added CVE-2016-2048 to the security archive.

Backport of ecd502cfdb57706dd0e84d9928934bcae6b1ef25 from master
---
 docs/releases/security.txt | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/docs/releases/security.txt b/docs/releases/security.txt
index f6f2534baa..28b4f37afc 100644
--- a/docs/releases/security.txt
+++ b/docs/releases/security.txt
@@ -692,3 +692,15 @@ Versions affected
 
 * Django 1.8 `(patch) <https://github.com/django/django/commit/9f83fc2f66f5a0bac7c291aec55df66050bb6991>`__
 * Django 1.7 `(patch) <https://github.com/django/django/commit/8a01c6b53169ee079cb21ac5919fdafcc8c5e172>`__
+
+February 1, 2016 -- CVE-2016-2048
+---------------------------------
+
+`CVE-2016-2048 <https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-2048&cid=2>`_:
+User with "change" but not "add" permission can create objects for ``ModelAdmin``’s with ``save_as=True``.
+`Full description <https://www.djangoproject.com/weblog/2016/feb/01/releases-192-and-189/>`__
+
+Versions affected
+~~~~~~~~~~~~~~~~~
+
+* Django 1.9 `(patch) <https://github.com/django/django/commit/adbca5e4db42542575734b8e5d26961c8ada7265>`__