Fix possible client crash on API misuse
diff --git a/ChangeLog b/ChangeLog
index 2030ceb..8c602fa 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -2,6 +2,11 @@
 
 = mbed TLS 1.3.13 reladsed 2015-??-??
 
+Security
+   * Fix possible client-side NULL pointer dereference (read) when the client
+     tries to continue the handshake after it failed (a misuse of the API).
+     (Found by GDS Labs using afl-fuzz, patch provided by GDS Labs.)
+
 Bugfix
    * Setting SSL_MIN_DHM_BYTES in config.h had no effect (overriden in ssl.h)
      (found by Fabio Solari) (#256)