diff --git a/ChangeLog b/ChangeLog
index d31dbbf02..e6d129cf8 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,4 +1,4 @@
-Changes in version 0.3.3.6 - 2018-05-??
+Changes in version 0.3.3.6 - 2018-05-22
   Tor 0.3.3.6 is the first stable release in the 0.3.3 series. It
   backports several important fixes from the 0.3.4.1-alpha.
 
@@ -13,6 +13,13 @@ Changes in version 0.3.3.6 - 2018-05-??
   Below are the changes since 0.3.3.5-rc. For a list of all changes
   since 0.3.2, see the ReleaseNotes file.
 
+  o Major bugfixes (security, directory authority, denial-of-service):
+    - Fix a bug that could have allowed an attacker to force a
+      directory authority to use up all its RAM by passing it a
+      maliciously crafted protocol versions string. Fixes bug 25517;
+      bugfix on 0.2.9.4-alpha.  This issue is also tracked as
+      TROVE-2018-005.
+
   o Major bugfixes (directory authorities, security, backport from 0.3.4.1-alpha):
     - When directory authorities read a zero-byte bandwidth file, they
       would previously log a warning with the contents of an
diff --git a/ReleaseNotes b/ReleaseNotes
index 1772288f2..d63f87ccb 100644
--- a/ReleaseNotes
+++ b/ReleaseNotes
@@ -2,7 +2,7 @@ This document summarizes new features and bugfixes in each stable release
 of Tor. If you want to see more detailed descriptions of the changes in
 each development snapshot, see the ChangeLog file.
 
-Changes in version 0.3.3.6 - 2018-05-??
+Changes in version 0.3.3.6 - 2018-05-22
   Tor 0.3.3.6 is the first stable release in the 0.3.3 series. It
   backports several important fixes from the 0.3.4.1-alpha.
 
@@ -21,6 +21,13 @@ Changes in version 0.3.3.6 - 2018-05-??
     - When built with Rust, Tor now depends on version 0.2.39 of the
       libc crate. Closes tickets 25310 and 25664.
 
+  o Major bugfixes (security, directory authority, denial-of-service):
+    - Fix a bug that could have allowed an attacker to force a
+      directory authority to use up all its RAM by passing it a
+      maliciously crafted protocol versions string. Fixes bug 25517;
+      bugfix on 0.2.9.4-alpha.  This issue is also tracked as
+      TROVE-2018-005.
+
   o Major features (denial-of-service mitigation):
     - Give relays some defenses against the recent network overload. We
       start with three defenses (default parameters in parentheses).
diff --git a/changes/TROVE-2018-005 b/changes/TROVE-2018-005
deleted file mode 100644
index 769c653f4..000000000
--- a/changes/TROVE-2018-005
+++ /dev/null
@@ -1,6 +0,0 @@
-  o Major bugfixes (security, directory authority, denial-of-service):
-    - Fix a bug that could have allowed an attacker to force a
-      directory authority to use up all its RAM by passing it a
-      maliciously crafted protocol versions string. Fixes bug 25517;
-      bugfix on 0.2.9.4-alpha.  This issue is also tracked as
-      TROVE-2018-005.