diff --git a/ChangeLog b/ChangeLog
index 68c437144..aaee2a498 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -5,6 +5,7 @@ Bugfix
    * Support escaping of commas in x509_string_to_names()
    * Fix compile error in ssl_pthread_server (found by Julian Ospald).
    * Fix net_accept() regarding non-blocking sockets (found by Luca Pesce).
+   * Don't print uninitialised buffer in ssl_mail_client (found by Marc Abel).
 
 Changes
    * Ciphersuites using SHA-256 or SHA-384 now require TLS 1.x (there is no
diff --git a/programs/ssl/ssl_mail_client.c b/programs/ssl/ssl_mail_client.c
index e44af85d4..4f3124f2c 100644
--- a/programs/ssl/ssl_mail_client.c
+++ b/programs/ssl/ssl_mail_client.c
@@ -352,7 +352,7 @@ static int write_and_get_response( int sock_fd, unsigned char *buf, size_t len )
 int main( int argc, char *argv[] )
 {
     int ret = 0, len, server_fd;
-    unsigned char buf[1024];
+    unsigned char buf[1024] = { 0 };
 #if defined(POLARSSL_BASE64_C)
     unsigned char base[1024];
 #endif