diff --git a/ChangeLog.d/ecp-internal-rng.txt b/ChangeLog.d/ecp-internal-rng.txt
index bf11a7391..c0419acad 100644
--- a/ChangeLog.d/ecp-internal-rng.txt
+++ b/ChangeLog.d/ecp-internal-rng.txt
@@ -3,3 +3,13 @@ Changes
      `MBEDTLS_CTR_DRBG_C` or `MBEDTLS_HMAC_DRBG_C` for some side-channel
      coutermeasures. If side channels are not a concern, this dependency can
      be avoided by enabling the new option `MBEDTLS_ECP_NO_INTERNAL_RNG`.
+
+Security
+   * Fix side channel in mbedtls_ecp_check_pub_priv() and
+     mbedtls_pk_parse_key() / mbedtls_pk_parse_keyfile() (when loading a
+     private key that didn't include the uncompressed public key), as well as
+     mbedtls_ecp_mul() / mbedtls_ecp_mul_restartable() when called with a NULL
+     f_rng argument. An attacker with access to precise enough timing and
+     memory access information (typically an untrusted operating system
+     attacking a secure enclave) could fully recover the ECC private key.
+     Found and reported by Alejandro Cabrera Aldaya and Billy Brumley.