Further tightened the padlen check to prevent underflow / overflow
diff --git a/ChangeLog b/ChangeLog
index f633391..cf5897b 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -32,6 +32,8 @@
    * Check notBefore timestamp of certificates and CRLs from the future.
    * Forbid sequence number wrapping
    * Fixed possible buffer overflow with overlong PSK
+   * Possible remotely-triggered out-of-bounds memory access fixed (found by
+     TrustInSoft)
 
 Bugfix
    * ecp_gen_keypair() does more tries to prevent failure because of