diff --git a/ChangeLog.d/pem-integer-underflow.txt b/ChangeLog.d/pem-integer-underflow.txt
new file mode 100644
index 0000000000..77274aa279
--- /dev/null
+++ b/ChangeLog.d/pem-integer-underflow.txt
@@ -0,0 +1,5 @@
+Security
+   * Fix an integer underflow that could occur when parsing malformed PEM
+     keys, which could be used by an attacker capable of feeding encrypted
+     PEM keys to a user. This could cause a crash or information disclosure.
+     Found and reported by Linh Le and Ngan Nguyen from Calif.