diff --git a/docs/releasenotes/10.3.0.rst b/docs/releasenotes/10.3.0.rst
index a73efcee418..e5a47b28142 100644
--- a/docs/releasenotes/10.3.0.rst
+++ b/docs/releasenotes/10.3.0.rst
@@ -4,21 +4,11 @@
 Security
 ========
 
-TODO
-^^^^
+:cve:`2024-28219`: Fix buffer overflow in ``_imagingcms.c``
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 
-TODO
-
-:cve:`YYYY-XXXXX`: TODO
-^^^^^^^^^^^^^^^^^^^^^^^
-
-TODO
-
-Backwards Incompatible Changes
-==============================
-
-TODO
-^^^^
+In ``_imagingcms.c``, two ``strcpy`` calls were able to copy too much data into fixed
+length strings. This has been fixed by using ``strncpy`` instead.
 
 Deprecations
 ============