Add ChangeLog entry
diff --git a/ChangeLog b/ChangeLog
index 3f49a21..0e39bb0 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -2,8 +2,22 @@
= mbed TLS x.x.x branch released xxxx-xx-xx
-Bugfix
+Security
+ * Fix a vulnerability in TLS ciphersuites based on CBC and using SHA-384,
+ in (D)TLS 1.0 to 1.2, that allowed an active network attacker to
+ partially recover the plaintext of messages under some conditions by
+ exploiting timing measurements. With DTLS, the attacker could perform
+ this recovery by sending many messages in the same connection. With TLS
+ or if mbedtls_ssl_conf_dtls_badmac_limit() was used, the attack only
+ worked if the same secret (for example a HTTP Cookie) has been repeatedly
+ sent over connections manipulated by the attacker. Connections using GCM
+ or CCM instead of CBC, using hash sizes other than SHA-384, or using
+ Encrypt-then-Mac (RFC 7366) were not affected. The vulnerability was
+ caused by a miscalculation (for SHA-384) in a countermeasure to the
+ original Lucky 13 attack. Found by Kenny Paterson, Eyal Ronen and Adi
+ Shamir.
+Bugfix
* Fix braces in mbedtls_memory_buffer_alloc_status(). Found by sbranden, #552.
* Added the macro MBEDTLS_X509_MAX_FILE_PATH_LEN that enables the user to
configure the maximum length of a file path that can be buffered when