diff --git a/CHANGELOG b/CHANGELOG
index 6ee02d5a..09b503f9 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -21,8 +21,9 @@ Other changes:
 
 Fixed bugs and vulnerabilities:
 
-- fixed out-of-bound read in parseAarePdu function (LIB61850-442)(#513)
-- ACSE: fixed out-of-bounds read in parseAarqPdu function (LIB61850-441)(#512)
+- Vulnerability: fixed potential stack buffer overflow in MMS client identity service and other services (LIB61850-447)
+- Vulnerability: fixed out-of-bound read in parseAarePdu function (LIB61850-442)(#513)
+- Vulnerability: ACSE: fixed out-of-bounds read in parseAarqPdu function (LIB61850-441)(#512)
 - GOOSE receiver: added additional length and plausibility checks to fix #509
 - MmsValue_decodeMmsData: add support for empty visible-string, mms-string, and octet-string values (#506)
 - MMS client: fixed - getNameList task can get stuck in while loop when message cannot be sent (LIB61850-347)
@@ -33,7 +34,7 @@ Fixed bugs and vulnerabilities:
 - MMS server: fixed - server is sending data set response larger than negotiated MMS PDU size (LIB61850-435)
 - fixed - potential race condition when using IedConnection_installReportHandler and IedConnection_uninstallReportHandler
 - fixed - IEC 61580 server: dataset is not released when RCB.Datset is set to empty string by client (LIB61850-425)
-- MMS client: fixed - parsing of servicecsSupported in MMS init response is off by one (LIB61850-419)(#469)
+- Vulnerability: MMS client: fixed - parsing of servicecsSupported in MMS init response is off by one (LIB61850-419)(#469)