diff --git a/releasenotes/notes/12.0.1-cve-bugs-7b04b2e34a3e9a70.yaml b/releasenotes/notes/12.0.1-cve-bugs-7b04b2e34a3e9a70.yaml
new file mode 100644
index 000000000000..cfeca5ad05b4
--- /dev/null
+++ b/releasenotes/notes/12.0.1-cve-bugs-7b04b2e34a3e9a70.yaml
@@ -0,0 +1,14 @@
+---
+prelude: |
+  The 12.0.1 release contains fixes for two security issues.
+security:
+  - |
+    [OSSA 2016-001] Nova host data leak through snapshot (CVE-2015-7548)
+
+    * `Bug 1524274 <https://bugs.launchpad.net/nova/+bug/1524274>`_
+    * `Announcement <http://lists.openstack.org/pipermail/openstack-announce/2016-January/000911.html>`_
+
+    [OSSA 2016-002] Xen connection password leak in logs via StorageError (CVE-2015-8749)
+
+    * `Bug 1516765 <https://bugs.launchpad.net/nova/+bug/1516765>`_
+    * `Announcement <http://lists.openstack.org/pipermail/openstack-announce/2016-January/000916.html>`_