doc: releases: Add CVE-2019-9506 to release notes

Add section about security vulnerability issues in the 2.0.0 release
notes.

Signed-off-by: David Brown <[email protected]>

Author: d3zd3z

doc/releases/release-notes-2.0.rst

@@ -23,6 +23,19 @@ Major enhancements with this release include:
 
 The following sections provide detailed lists of changes by component.
 
+Security Vulnerability Related
+******************************
+
+The following security vulnerability (CVE) was addressed in this
+release:
+
+* Fixes CVE-2019-9506: The Bluetooth BR/EDR specification up to and
+  including version 5.1 permits sufficiently low encryption key length
+  and does not prevent an attacker from influencing the key length
+  negotiation. This allows practical brute-force attacks (aka "KNOB")
+  that can decrypt traffic and inject arbitrary ciphertext without the
+  victim noticing.
+
 Kernel
 ******