diff --git a/ChangeLog.d/local-lucky13.txt b/ChangeLog.d/local-lucky13.txt
index 5a3eed0ba..adf493abe 100644
--- a/ChangeLog.d/local-lucky13.txt
+++ b/ChangeLog.d/local-lucky13.txt
@@ -1,9 +1,11 @@
 Security
-   * Fix a local timing side channel vulnerability in (D)TLS record decryption
-     when using a CBC ciphersuites without the Encrypt-then-Mac extension. In
-     those circumstances, a local attacker able to observe the state of the
-     cache could use well-chosen functions to measure the exact computation
-     time of the HMAC, and follow up with the usual range of Lucky 13 attacks,
-     including plaintext recovery and key recovery. Found and reported by Tuba
-     Yavuz, Farhaan Fowze, Ken (Yihan) Bai, Grant Hernandez, and Kevin Butler
+   * In (D)TLS record decryption, when using a CBC ciphersuites without the
+     Encrypt-then-Mac extension, use constant code flow memory access patterns
+     to extract and check the MAC. This is an improvement to the existing
+     countermeasure against Lucky 13 attacks. The previous countermeasure was
+     effective against network-based attackers, but less so against local
+     attackers. The new countermeasure defends against local attackers, even
+     if they have access to fine-grained measurements. In particular, this
+     fixes a local Lucky 13 cache attack found and reported by Tuba Yavuz,
+     Farhaan Fowze, Ken (Yihan) Bai, Grant Hernandez, and Kevin Butler
      (University of Florida) and Dave Tian (Purdue University).