diff --git a/ChangeLog.d/fix_reporting_of_key_usage_issues.txt b/ChangeLog.d/fix_reporting_of_key_usage_issues.txt
index 08a0ab2708..b81fb426a7 100644
--- a/ChangeLog.d/fix_reporting_of_key_usage_issues.txt
+++ b/ChangeLog.d/fix_reporting_of_key_usage_issues.txt
@@ -3,7 +3,7 @@ Security
      client, if the client-provided certificate does not have appropriate values
      in keyUsage or extKeyUsage extensions, then the return value of
      mbedtls_ssl_get_verify_result() would incorrectly have the
-     MBEDTLS_X509_BADCERT_KEY_USAGE and MBEDTLS_X509_BADCERT_KEY_USAGE bits
+     MBEDTLS_X509_BADCERT_KEY_USAGE and MBEDTLS_X509_BADCERT_EXT_KEY_USAGE bits
      clear. As a result, an attacker that had a certificate valid for uses other
      than TLS client authentication could be able to use it for TLS client
      authentication anyway. Only TLS 1.3 servers were affected, and only with