diff --git a/ChangeLog b/ChangeLog
index d8b106100..6b697333a 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,6 +1,6 @@
 mbed TLS ChangeLog (Sorted per branch, date)
 
-= mbed TLS x.x.x branch released xxxx-xx-xx
+= mbed TLS 1.3.x branch released xxxx-xx-xx
 
 Security
     * Add checks to prevent signature forgeries for very large messages while
@@ -10,6 +10,9 @@ Security
       pk_sign(). Found by Jean-Philippe Aumasson.
 
 Bugfix
+   * Fixed multiple buffer overreads in mbedtls_pem_read_buffer() when parsing
+     the input string in PEM format to extract the different components. Found
+     by Eyal Itkin.
    * Fix unused variable/function compilation warnings in pem.c and x509_csr.c
      that are reported when building mbed TLS with a config.h that does not
      define POLARSSL_PEM_PARSE_C. Found by omnium21. #562