Forbid sequence number wrapping
diff --git a/ChangeLog b/ChangeLog
index 9ce5b83..89d159f 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -19,6 +19,7 @@
      "triple handshake" attack when authentication mode is optional (the
      attack was already impossible when authentication is required).
    * Check notBefore timestamp of certificates and CRLs from the future.
+   * Forbid sequence number wrapping
 
 Bugfix
    * ecp_gen_keypair() does more tries to prevent failure because of