Adapt ChangeLog
diff --git a/ChangeLog b/ChangeLog
index 6a1be98..f77278b 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -2,6 +2,14 @@
= mbed TLS 1.3.22 branch released 2017-xx-xx
+Security
+ * Fix heap corruption in implementation of truncated HMAC extension.
+ When the truncated HMAC extension is enabled and CBC is used,
+ sending a malicious application packet can be used to selectively
+ corrupt 6 bytes on the peer's heap, potentially leading to crash or
+ remote code execution. This can be triggered remotely from either
+ side.
+
Bugfix
* Fix memory leak in ssl_set_hostname() when called multiple times.
Found by projectgus and jethrogb, #836.