diff --git a/ChangeLog b/ChangeLog
index 4b4cd3aea..ea69e8642 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -7,8 +7,11 @@ Security
      decryption that could lead to a Bleichenbacher-style padding oracle
      attack. In TLS, this affects servers that accept ciphersuites based on
      RSA decryption (i.e. ciphersuites whose name contains RSA but not
-     (EC)DH(E)). Reported by Eyal Ronen, Robert Gillham, Daniel Genkin, Adi
-     Shamir, David Wong and Yuval Yarom. CVE-2018-19608
+     (EC)DH(E)). Discovered by Eyal Ronen (Weizmann Institute),  Robert Gillham
+     (University of Adelaide), Daniel Genkin (University of Michigan),
+     Adi Shamir (Weizmann Institute), David Wong (NCC Group), and Yuval Yarom
+     (University of Adelaide, Data61). The attack is described in more detail
+     in the paper available here: http://cat.eyalro.net/cat.pdf  CVE-2018-19608
    * In mbedtls_mpi_write_binary(), don't leak the exact size of the number
      via branching and memory access patterns. An attacker who could submit
      a plaintext for RSA PKCS#1 v1.5 decryption but only observe the timing