Update CHANGES.rst [ci skip]

radarhere · radarhere · commit 63cbfcfdea2d · 2024-04-01T20:19:46.000+11:00
diff --git a/CHANGES.rst b/CHANGES.rst
@@ -5,6 +5,9 @@ Changelog (Pillow)
 10.3.0 (unreleased)
 -------------------
 
+- CVE-2024-28219: Use strncpy to avoid buffer overflow #7928
+  [radarhere, hugovk]
+
 - Deprecate eval(), replacing it with lambda_eval() and unsafe_eval() #7927
   [radarhere, hugovk]
 
