diff --git a/ChangeLog.d/inet_pton.txt b/ChangeLog.d/inet_pton.txt
new file mode 100644
index 0000000000..526cd9be5f
--- /dev/null
+++ b/ChangeLog.d/inet_pton.txt
@@ -0,0 +1,4 @@
+Security
+   * Fix a limited buffer underflow in x509_inet_pton_ipv6(). In rare cases
+     (e.g. on platforms with memory protection when the overread crosses page
+     boundary) this could lead to DoS. Found and reported by Haruto Kimura.