diff --git a/ChangeLog.d/fix-ccm-finish.txt b/ChangeLog.d/fix-ccm-finish.txt
index 7bf5841612..7600ec89a0 100644
--- a/ChangeLog.d/fix-ccm-finish.txt
+++ b/ChangeLog.d/fix-ccm-finish.txt
@@ -1,3 +1,6 @@
-Bugfix
-   * Add tag length validation in mbedtls_ccm_finish() to reject lengths
-     that are invalid or differ from the negotiated tag length.
+Security
+   * Add tag length validation in mbedtls_ccm_finish() to prevent
+     out-of-bounds reads and mitigate potential application buffer
+     overflows where applications relied on the library to enforce
+     tag length constraints.
+