From 564cd284b0fa8785a410eda3aa33d83e2e10baf0 Mon Sep 17 00:00:00 2001
From: Andrew Murray <radarhere@users.noreply.github.com>
Date: Sat, 29 Mar 2025 22:47:06 +1100
Subject: [PATCH] Added release notes for #8837

---
 docs/releasenotes/11.2.0.rst | 13 +++++--------
 1 file changed, 5 insertions(+), 8 deletions(-)

diff --git a/docs/releasenotes/11.2.0.rst b/docs/releasenotes/11.2.0.rst
index 00f8678cf..d40d86f21 100644
--- a/docs/releasenotes/11.2.0.rst
+++ b/docs/releasenotes/11.2.0.rst
@@ -4,15 +4,12 @@
 Security
 ========
 
-TODO
-^^^^
+Undefined shift when loading compressed DDS images
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 
-TODO
-
-:cve:`YYYY-XXXXX`: TODO
-^^^^^^^^^^^^^^^^^^^^^^^
-
-TODO
+When loading some compressed DDS formats, an integer was bitshifted by 24 places to
+generate the 32 bits of the lookup table. This was undefined behaviour, and has been
+present since Pillow 3.4.0.
 
 Deprecations
 ============