Update change log
diff --git a/ChangeLog b/ChangeLog
index 9ea55e1..ce3554c 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -2,6 +2,12 @@
= mbed TLS x.x.x branch released xxxx-xx-xx
+Security
+ * Fix an issue in the X.509 module which could lead to a buffer overread
+ during certificate extensions parsing. In case of receiving malformed
+ input (extensions length field equal to 0), an illegal read of one byte
+ beyond the input buffer is made. Found and analyzed by Nathan Crandall.
+
Bugfix
* Fix compilation error on C++, because of a variable named new.
Found and fixed by Hirotaka Niisato in #1783.