diff --git a/NEWS b/NEWS
index 79c2fe18ba..3babf2ed50 100644
--- a/NEWS
+++ b/NEWS
@@ -1,5 +1,20 @@
                        User-Visible OpenAFS Changes
 
+OpenAFS 1.6.15 (Security Release)
+
+  All client and server platforms
+
+    * Fix for OPENAFS-SA-2015-007 "Tattletale"
+
+      When constructing an Rx acknowledgment (ACK) packet, Andrew-derived
+      Rx implementations do not initialize three octets of data that are
+      padding in the C language structure and were inadvertently included
+      in the wire protocol (CVE-2015-7762).  Additionally, OpenAFS Rx in
+      versions 1.5.75 through 1.5.78, 1.6.0 through 1.6.14, and 1.7.0
+      through 1.7.32 include a variable-length padding at the end of the
+      ACK packet, in an attempt to detect the path MTU, but only four octets
+      of the additional padding are initialized (CVE-2015-7763).
+
 OpenAFS 1.6.14.1
 
   Linux clients