diff --git a/ChangeLog b/ChangeLog
index 87b818532..27d36494c 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -36,14 +36,14 @@ Bugfix
    * Fix documentation and implementation missmatch for function arguments of
      mbedtls_gcm_finish(). Found by cmiatpaar. #602
    * Guarantee that P>Q at RSA key generation. Found by inestlerode. #558
-   * Fix missing return code check after call to mbedtls_md_setup() that could
-     result in usage of invalid md_ctx in mbedtls_rsa_rsaes_oaep_encrypt(),
-     mbedtls_rsa_rsaes_oaep_decrypt(), mbedtls_rsa_rsassa_pss_sign() and
-     mbedtls_rsa_rsassa_pss_verify_ext(). Fixed by Brian J. Murray. #502
    * Fix potential byte overread when verifying malformed SERVER_HELLO in
      ssl_parse_hello_verify_request() for DTLS. Found by Guido Vranken.
    * Fix check for validity of date when parsing in mbedtls_x509_get_time().
      Found by subramanyam-c. #626
+   * Fix missing return code check after call to mbedtls_md_setup() that could
+     result in usage of invalid md_ctx in mbedtls_rsa_rsaes_oaep_encrypt(),
+     mbedtls_rsa_rsaes_oaep_decrypt(), mbedtls_rsa_rsassa_pss_sign() and
+     mbedtls_rsa_rsassa_pss_verify_ext(). Fixed by Brian J. Murray. #502
 
 = mbed TLS 2.1.5 branch released 2016-06-28