diff --git a/ChangeLog b/ChangeLog
index 4ab77fa62..771f7c50c 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -11,6 +11,10 @@ Security
      mbedtls_x509write_csr_der() when the signature is copied to the buffer
      without checking whether there is enough space in the destination. The
      issue cannot be triggered remotely. (found by Jethro Beekman)
+   * Fix potential stack corruption in mbedtls_x509write_crt_der() and
+     mbedtls_x509write_csr_der() when the signature is copied to the buffer
+     without checking whether there is enough space in the destination. It is
+     not triggerable remotely in SSL/TLS.
 
 Bugfix
    * Fix an issue that caused valid certificates being rejected whenever an