diff --git a/ChangeLog.d/padding-ct-changelog.txt b/ChangeLog.d/padding-ct-changelog.txt
new file mode 100644
index 000000000..e3d3424a9
--- /dev/null
+++ b/ChangeLog.d/padding-ct-changelog.txt
@@ -0,0 +1,6 @@
+Security
+   * Improve padding calculations in CBC decryption, NIST key unwrapping and
+     RSA OAEP decryption. With the previous implementation, some compilers
+     (notably recent versions of Clang) could produce non-constant time code,
+     which could allow a padding oracle attack if the attacker has access to
+     precise timing measurements.