Fix NULL dereference in buffer-based allocator
diff --git a/ChangeLog b/ChangeLog
index 8370738..a1e9837 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -9,6 +9,12 @@
* Add support for Extended Master Secret (draft-ietf-tls-session-hash)
* Add support for Encrypt-then-MAC (RFC 7366)
+Security
+ * NULL pointer dereference in the buffer-based allocator when the buffer is
+ full and polarssl_free() is called (found by Jean-Philippe Aumasson)
+ (only possible if POLARSSL_MEMORY_BUFFER_ALLOC_C is enabled, which it is
+ not by default).
+
Bugfix
* Stack buffer overflow if ctr_drbg_update() is called with too large
add_len (found by Jean-Philippe Aumasson) (not triggerable remotely).