=== modified file 'debian/changelog'
--- debian/changelog	2015-08-04 19:58:21 +0000
+++ debian/changelog	2015-08-06 22:02:07 +0000
@@ -1,3 +1,9 @@
+cinder (1:2015.1.1-0ubuntu2) UNRELEASED; urgency=medium
+
+  * d/changelog: Add Marc Deslauriers' CVE-2015-1851
+
+ -- David Ames <david.ames@canonical.com>  Thu, 06 Aug 2015 08:52:22 -0700
+
 cinder (1:2015.1.1-0ubuntu1) vivid; urgency=medium
 
   * Resynchronize with stable/kilo (651bab0) (LP: #1481008):
@@ -30,6 +36,16 @@
 
  -- David Ames <david.ames@canonical.com>  Mon, 03 Aug 2015 10:43:21 -0700
 
+cinder (1:2015.1.0-0ubuntu1.1) vivid-security; urgency=medium
+
+  * SECURITY UPDATE: arbitrary file read via crafted qcow2 backing file
+    - debian/patches/CVE-2015-1851.patch: disallow backing files in
+      cinder/image/image_utils.py, added test to
+      cinder/tests/test_image_utils.py.
+    - CVE-2015-1851
+
+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Wed, 22 Jul 2015 10:37:01 -0400
+
 cinder (1:2015.1.0-0ubuntu1) vivid; urgency=medium
 
   [ Chuck Short ]