Merge remote-tracking branch 'upstream-restricted/pr/430' into mbedtls-2.1-restricted-proposed
diff --git a/ChangeLog b/ChangeLog
index b8ac52b..b3cefcb 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -54,6 +54,8 @@
      reset it. Found independently by ccli8 on Github.
    * In mbedtls_entropy_free(), properly free the message digest context.
    * Fix memory leak in RSA self test.
+   * Fix X509 CRT parsing that would potentially accept an invalid tag when
+     parsing the subject alternative names.
 
 Changes
    * Clarified the documentation of mbedtls_ssl_setup.