diff --git a/ChangeLog b/ChangeLog
index 44f440819..ddba5c0eb 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,15 @@
 mbed TLS ChangeLog (Sorted per branch, date)
 
+= mbed TLS 1.3.14 released 2015-10-xx
+
+Security
+   * Added fix for CVE-2015-xxxxx to prevent heap corruption due to buffer
+     overflow of the hostname or session ticket. (Found by Guido Vranken)
+
+Changes
+   * Added checking of hostname length in ssl_set_hostname() to ensure domain
+     names are compliant with RFC 1035.
+
 = mbed TLS 1.3.13 reladsed 2015-09-17
 
 Security
diff --git a/library/ssl_cli.c b/library/ssl_cli.c
index deeee3390..ef86cd29a 100644
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@@ -75,7 +75,7 @@ static void ssl_write_hostname_ext( ssl_context *ssl,
     SSL_DEBUG_MSG( 3, ( "client hello, adding server name extension: %s",
                    ssl->hostname ) );
 
-    if( (size_t)(end - p) < ssl->hostname_len + 9 )
+    if( end < p || (size_t)( end - p ) < ssl->hostname_len + 9 )
     {
          SSL_DEBUG_MSG( 1, ( "buffer too small" ) );
          return;
@@ -877,13 +877,13 @@ static int ssl_write_client_hello( ssl_context *ssl )
     ext_len += olen;
 #endif
 
-#if defined(POLARSSL_SSL_SESSION_TICKETS)
-    ssl_write_session_ticket_ext( ssl, p + 2 + ext_len, &olen );
+#if defined(POLARSSL_SSL_ALPN)
+    ssl_write_alpn_ext( ssl, p + 2 + ext_len, &olen );
     ext_len += olen;
 #endif
 
-#if defined(POLARSSL_SSL_ALPN)
-    ssl_write_alpn_ext( ssl, p + 2 + ext_len, &olen );
+#if defined(POLARSSL_SSL_SESSION_TICKETS)
+    ssl_write_session_ticket_ext( ssl, p + 2 + ext_len, &olen );
     ext_len += olen;
 #endif