Fix missing bound check
diff --git a/ChangeLog b/ChangeLog
index 89c87e0..8370738 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -9,6 +9,10 @@
* Add support for Extended Master Secret (draft-ietf-tls-session-hash)
* Add support for Encrypt-then-MAC (RFC 7366)
+Bugfix
+ * Stack buffer overflow if ctr_drbg_update() is called with too large
+ add_len (found by Jean-Philippe Aumasson) (not triggerable remotely).
+
= PolarSSL 1.3.9 released 2014-10-20
Security
* Lowest common hash was selected from signature_algorithms extension in