[2.1.x] Added CVE-2019-11358 to the security release archive.

Backport of 8fb0ea55830321852a4a051a478f78e24d4f6889 from master
author: Nick Pope <nick.pope@flightdataservices.com> 2019-06-03 20:15:59 +0100
committer: Carlton Gibson <carlton.gibson@noumenal.es> 2019-06-03 21:46:54 +0200
commit: 8827e0994473225bbb1a8c6c26a07d06bbc94305 (patch)
tree: 01cb0bd595b7f11f531df73d0677b9c7d0530d77
parent: 73158f19f19400dc324acf6a6a69ce985a8bb3cb (diff)
1 files changed, 12 insertions, 0 deletions
diff --git a/docs/releases/security.txt b/docs/releases/security.txt
index cce666ce99..e318c62bf7 100644
--- a/docs/releases/security.txt
+++ b/docs/releases/security.txt
@@ -936,3 +936,15 @@ Versions affected
 * Django 2.0 :commit:`(patch <1f42f82566c9d2d73aff1c42790d6b1b243f7676>` and
   :commit:`correction) <392e040647403fc8007708d52ce01d915b014849>`
 * Django 1.11 :commit:`(patch) <0bbb560183fabf0533289700845dafa94951f227>`
+
+June 3, 2019 - :cve:`2019-11358`
+--------------------------------
+
+Prototype pollution in bundled jQuery. `Full description
+<https://www.djangoproject.com/weblog/2019/jun/03/security-releases/>`__
+
+Versions affected
+~~~~~~~~~~~~~~~~~
+
+* Django 2.2 :commit:`(patch) <baaf187a4e354bf3976c51e2c83a0d2f8ee6e6ad>`
+* Django 2.1 :commit:`(patch) <95649bc08547a878cebfa1d019edec8cb1b80829>`
author	Nick Pope <nick.pope@flightdataservices.com>	2019-06-03 20:15:59 +0100
committer	Carlton Gibson <carlton.gibson@noumenal.es>	2019-06-03 21:46:54 +0200
commit	8827e0994473225bbb1a8c6c26a07d06bbc94305 (patch)
tree	01cb0bd595b7f11f531df73d0677b9c7d0530d77
parent	73158f19f19400dc324acf6a6a69ce985a8bb3cb (diff)