diff --git a/ChangeLog.d/context_load_and_session_load_documentation.txt b/ChangeLog.d/context_load_and_session_load_documentation.txt
index 200ab27bf1..dbbbda1fea 100644
--- a/ChangeLog.d/context_load_and_session_load_documentation.txt
+++ b/ChangeLog.d/context_load_and_session_load_documentation.txt
@@ -4,5 +4,5 @@ Security
      mbedtls_ssl_context_load() has been updated to clarify the responsibility
      of the application to preserve the confidentiality and integrity of
      serialized data, mitigating the risk of misuse of these APIs.
-     Credit to Haruto Kimura (Stella) for highlighting risks associated with
-     tampered serialized data.
+     Credit to Haruto Kimura (Stella) and Eva Crystal (0xiviel) for
+     highlighting risks associated with tampered serialized data.
diff --git a/ChangeLog.d/fix-null-pointer-dereference.txt b/ChangeLog.d/fix-null-pointer-dereference.txt
index 1eb3c416a8..1dd7d61905 100644
--- a/ChangeLog.d/fix-null-pointer-dereference.txt
+++ b/ChangeLog.d/fix-null-pointer-dereference.txt
@@ -1,4 +1,5 @@
 Security
    * Fix a NULL pointer dereference in mbedtls_x509_string_to_names() when
      mbedtls_calloc() fails to allocate memory. This was caused by failing to
-     check whether mbedtls_calloc() returned NULL.
+     check whether mbedtls_calloc() returned NULL. Found and reported by
+     Haruto Kimura (Stella).
diff --git a/ChangeLog.d/inet_pton.txt b/ChangeLog.d/inet_pton.txt
index 22e6806556..73b9aa6b19 100644
--- a/ChangeLog.d/inet_pton.txt
+++ b/ChangeLog.d/inet_pton.txt
@@ -2,4 +2,4 @@ Security
    * Fix a limited buffer underflow in x509_inet_pton_ipv6(). In rare cases
      (e.g. on platforms with memory protection when the overread crosses page
      boundary) this could lead to DoS. Found and reported by Haruto Kimura
-     (Stella).
+     (Stella). CVE-2026-25833