Update Sep 2014 board report with CVE security issue links
diff --git a/2014/2014-09.md b/2014/2014-09.md
index bc4fd79..874117f 100644
--- a/2014/2014-09.md
+++ b/2014/2014-09.md
@@ -6,8 +6,6 @@
Current releases have been voted on according to the Apache vote policy. We are currently on track for XXX, and are actively working on versions X.Y.Z and
beyond for the upcoming quarter. (PLUS ANY MORE AWESOME HERE)
-* MENTION CVE REPORTS HERE
-
Since the last board report, Apache Cordova has had:
- over XXX commits in its 51 (UPDATE#) Git repositories
@@ -16,6 +14,12 @@
- AAA new contributors filed iCLAs specifically for contributing to
Apache Cordova
+Several security issues were resolved as well:
+
+- [CVE-2014-3500: Cordova cross-application scripting via Android intent URLs](http://cordova.apache.org/announcements/2014/08/04/android-351.html)
+- [CVE-2014-3501: Cordova whitelist bypass for non-HTTP URLs](http://cordova.apache.org/announcements/2014/08/04/android-351.html)
+- [CVE-2014-3502: Cordova apps can potentially leak data to other apps via Android intent URLs](http://cordova.apache.org/announcements/2014/08/04/android-351.html)
+
Since the last board report, Apache Cordova has had XX different releases
which are related to the overall version of Apache Cordova X.Y.Z, noted
below.
