add CVE ID to security issue (pyca#4360)

reaperhulk · alex · commit 61114a2e6987 · 2018-07-18T17:35:55.000-05:00
diff --git a/CHANGELOG.rst b/CHANGELOG.rst
@@ -18,6 +18,7 @@ Changelog
   allowed tag truncation by default which can allow tag forgery in some cases.
   The method now enforces the ``min_tag_length`` provided to the
   :class:`~cryptography.hazmat.primitives.ciphers.modes.GCM` constructor.
+  *CVE-2018-10903*
 * Added support for Python 3.7.
 * Added :meth:`~cryptography.fernet.Fernet.extract_timestamp` to get the
   authenticated timestamp of a :doc:`Fernet </fernet>` token.
