From 121115d2c291b3969ac00ca62253f23513481739 Mon Sep 17 00:00:00 2001
From: Mariusz Felisiak <felisiak.mariusz@gmail.com>
Date: Wed, 18 Dec 2019 10:36:22 +0100
Subject: [PATCH] [1.11.x] Added CVE-2019-19844 to the security archive.

Backport of 5a2b9f0b546222e928df91310acb9cf363a6c920 from master
---
 docs/releases/security.txt | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/docs/releases/security.txt b/docs/releases/security.txt
index ef70cac0d9..d461ce3d86 100644
--- a/docs/releases/security.txt
+++ b/docs/releases/security.txt
@@ -1029,3 +1029,16 @@ Versions affected
 * Django 2.2 :commit:`(patch) <cf694e6852b0da7799f8b53f1fb2f7d20cf17534>`
 * Django 2.1 :commit:`(patch) <5d50a2e5fa36ad23ab532fc54cf4073de84b3306>`
 * Django 1.11 :commit:`(patch) <869b34e9b3be3a4cfcb3a145f218ffd3f5e3fd79>`
+
+December 18, 2019 - :cve:`2019-19844`
+-------------------------------------
+
+Potential account hijack via password reset form. `Full description
+<https://www.djangoproject.com/weblog/2019/dec/18/security-releases/>`__
+
+Versions affected
+~~~~~~~~~~~~~~~~~
+
+* Django 3.0 :commit:`(patch) <302a4ff1e8b1c798aab97673909c7a3dfda42c26>`
+* Django 2.2 :commit:`(patch) <4d334bea06cac63dc1272abcec545b85136cca0e>`
+* Django 1.11 :commit:`(patch) <f4cff43bf921fcea6a29b726eb66767f67753fa2>`