Added release notes

Author: radarhere

docs/releasenotes/10.3.0.rst

@@ -4,21 +4,11 @@
 Security
 ========
 
-TODO
-^^^^
+:cve:`2024-28219`: Fix buffer overflow in ``_imagingcms.c``
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 
-TODO
-
-:cve:`YYYY-XXXXX`: TODO
-^^^^^^^^^^^^^^^^^^^^^^^
-
-TODO
-
-Backwards Incompatible Changes
-==============================
-
-TODO
-^^^^
+In ``_imagingcms.c``, two ``strcpy`` calls were able to copy too much data into fixed
+length strings. This has been fixed by using ``strncpy`` instead.
 
 Deprecations
 ============