From 544a1661ce601f4cc30c4c34f417d2e3d84b9731 Mon Sep 17 00:00:00 2001
From: Jacob Hammons <jhammons@saltstack.com>
Date: Wed, 23 Mar 2016 14:04:29 -0600
Subject: [PATCH] 2015.5.10 release docs

---
 doc/conf.py                       |  4 ++--
 doc/topics/releases/2015.5.10.rst | 24 ++++++++++++++++++++----
 doc/topics/releases/2015.5.11.rst |  6 ++++++
 3 files changed, 28 insertions(+), 6 deletions(-)
 create mode 100644 doc/topics/releases/2015.5.11.rst

diff --git a/doc/conf.py b/doc/conf.py
index 3e327a87a0..8a3aa867b5 100644
--- a/doc/conf.py
+++ b/doc/conf.py
@@ -155,8 +155,8 @@ project = 'Salt'
 copyright = '2016 SaltStack, Inc.'
 
 version = salt.version.__version__
-latest_release = '2015.8.7'  # latest release
-previous_release = '2015.5.9'  # latest release from previous branch
+latest_release = '2015.8.8'  # latest release
+previous_release = '2015.5.10'  # latest release from previous branch
 previous_release_dir = '2015.5'  # path on web server for previous branch
 build_type = 'previous'  # latest, previous, develop, inactive
 
diff --git a/doc/topics/releases/2015.5.10.rst b/doc/topics/releases/2015.5.10.rst
index 311ad7c5ed..49a5598140 100644
--- a/doc/topics/releases/2015.5.10.rst
+++ b/doc/topics/releases/2015.5.10.rst
@@ -1,5 +1,21 @@
-==========================================
-Salt 2015.5.10 Release Notes (In Progress)
-==========================================
+============================
+Salt 2015.5.10 Release Notes
+============================
+
+Security Fix
+============
+
+CVE-2016-3176: Insecure configuration of PAM external authentication service
+
+This issue affects all Salt versions prior to 2015.8.8/2015.5.10 when PAM
+:ref:`external authentication <acl-eauth>` is enabled. This issue involves
+passing an alternative PAM authentication service with a command that is sent
+to :ref:`LocalClient <local-client>`, enabling the attacker to bypass the
+configured authentication service. Thank you to Dylan Frese <dmfrese@gmail.com>
+for bringing this issue to our attention.
+
+This update defines the PAM eAuth ``service`` that users authenticate against
+in the Salt Master configuration.
+
+(No additional fixes are contained in this release).
 
-In progress, not yet released.
diff --git a/doc/topics/releases/2015.5.11.rst b/doc/topics/releases/2015.5.11.rst
new file mode 100644
index 0000000000..787ae49b47
--- /dev/null
+++ b/doc/topics/releases/2015.5.11.rst
@@ -0,0 +1,6 @@
+==========================================
+Salt 2015.5.11 Release Notes (In Progress)
+==========================================
+
+In progress, not yet released.
+