Fix memory leak while parsing some X.509 certs
diff --git a/ChangeLog b/ChangeLog
index 8e74c0b..84420b9 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -4,6 +4,9 @@
 Security
    * Lowest common hash was selected from signature_algorithms extension in
      TLS 1.2 (found by Darren Bane) (introduced in 1.3.8).
+   * Remotely-triggerable memory leak when parsing some X.509 certificates
+     (server is not affected if it doesn't ask for a client certificate).
+     (Found using Codenomicon Defensics.)
 
 Bugfix
    * Support escaping of commas in x509_string_to_names()
@@ -36,6 +39,8 @@
    * POLARSSL_MPI_MAX_SIZE now defaults to 1024 in order to allow 8192 bits
      RSA keys.
    * Accept spaces at end of line or end of buffer in base64_decode().
+   * X.509 certificates with more than one AttributeTypeAndValue per
+     RelativeDistinguishedName are not accepted any more.
 
 = PolarSSL 1.3.8 released 2014-07-11
 Security