diff --git a/ChangeLog.d/local-lucky13.txt b/ChangeLog.d/local-lucky13.txt
new file mode 100644
index 000000000..5a3eed0ba
--- /dev/null
+++ b/ChangeLog.d/local-lucky13.txt
@@ -0,0 +1,9 @@
+Security
+   * Fix a local timing side channel vulnerability in (D)TLS record decryption
+     when using a CBC ciphersuites without the Encrypt-then-Mac extension. In
+     those circumstances, a local attacker able to observe the state of the
+     cache could use well-chosen functions to measure the exact computation
+     time of the HMAC, and follow up with the usual range of Lucky 13 attacks,
+     including plaintext recovery and key recovery. Found and reported by Tuba
+     Yavuz, Farhaan Fowze, Ken (Yihan) Bai, Grant Hernandez, and Kevin Butler
+     (University of Florida) and Dave Tian (Purdue University).