diff --git a/ChangeLog b/ChangeLog
index 42a74e126..e8d1da5c9 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -2,22 +2,6 @@ mbed TLS ChangeLog (Sorted per branch, date)
 
 = mbed TLS x.x.x branch released xxxx-xx-xx
 
-Bugfix
-   * Add a check if iv_len is zero, and return an error if it is zero. reported
-     by roberto. #716
-   * Replace preproccessor condition from #if defined(MBEDTLS_THREADING_PTHREAD)
-     to #if defined(MBEDTLS_THREADING_C) as the library cannot assume they will
-     always be implemented by pthread support. Fix for #696
-   * Fix resource leak on windows platform, in mbedtls_x509_crt_parse_path.
-     In case of failure, when an error occures, goto cleanup.
-     Found by redplait #590
-   * Add MBEDTLS_MPI_CHK to check for error value of mbedtls_mpi_fill_random.
-     Reported and fix suggested by guidovranken in #740
-   * Fix a potential integer overflow in the version verification for DER
-     encoded X509 CRLs. The overflow would enable maliciously constructed CRLs
-     to bypass the version verification check. Found by Peng Li/Yueh-Hsun Lin,
-     KNOX Security, Samsung Research America
-
 Features
    * Add the functions mbedtls_platform_setup() and mbedtls_platform_teardown()
      and the context struct mbedtls_platform_context to perform
@@ -46,10 +30,17 @@ Bugfix
      Reported and fix suggested by guidovranken in #740
    * Fix conditional preprocessor directives in bignum.h to enable 64-bit
      compilation when using ARM Compiler 6.
+   * Fix a potential integer overflow in the version verification for DER
+     encoded X509 CRLs. The overflow would enable maliciously constructed CRLs
+     to bypass the version verification check. Found by Peng Li/Yueh-Hsun Lin,
+     KNOX Security, Samsung Research America
    * Fix potential integer overflow in the version verification for DER
      encoded X509 CSRs. The overflow would enable maliciously constructed CSRs
      to bypass the version verification check. Found by Peng Li/Yueh-Hsun Lin,
      KNOX Security, Samsung Research America
+   * Fix a potential integer overflow in the version verification for DER
+     encoded X509 certificates. The overflow would enable maliciously
+     constructed certificates to bypass the certificate verification check.
 
 Changes
    * Added config.h option MBEDTLS_NO_UDBL_DIVISION, to prevent the use of
@@ -216,9 +207,6 @@ Bugfix
      digits. Found and fixed by Guido Vranken.
    * Fix unlisted DES configuration dependency in some pkparse test cases. Found
      by inestlerode. #555
-   * Fix a potential integer overflow in the version verification for DER
-     encoded X509 certificates. The overflow would enable maliciously
-     constructed certificates to bypass the certificate verification check.
 
 = mbed TLS 2.4.1 branch released 2016-12-13