diff --git a/ChangeLog b/ChangeLog
index 92410a373..00a771ed5 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -3,24 +3,25 @@ mbed TLS ChangeLog (Sorted per branch, date)
 = mbed TLS 1.3.x branch 2016-xx-xx
 
 Security
-   * Remove MBEDTLS_SSL_AEAD_RANDOM_IV option, because it was not compliant
-     with RFC5116 and could lead to session key recovery in very long TLS
-     sessions. (H. Bock, A. Zauner, S. Devlin, J. Somorovsky, P. Jovanovic -
-     "Nonce-Disrespecting Adversaries Practical Forgery Attacks on GCM in TLS")
-   * Fix potential stack corruption in mbedtls_x509write_crt_der() and
+   * Removed the MBEDTLS_SSL_AEAD_RANDOM_IV option, because it was not compliant
+     with RFC-5116 and could lead to session key recovery in very long TLS
+     sessions. "Nonce-Disrespecting Adversaries Practical Forgery Attacks on GCM in
+     TLS" - H. Bock, A. Zauner, S. Devlin, J. Somorovsky, P. Jovanovic.
+     https://eprint.iacr.org/2016/475.pdf
+   * Fixed potential stack corruption in mbedtls_x509write_crt_der() and
      mbedtls_x509write_csr_der() when the signature is copied to the buffer
      without checking whether there is enough space in the destination. The
-     issue cannot be triggered remotely. (found by Jethro Beekman)
+     issue cannot be triggered remotely. Found by Jethro Beekman.
 
 Bugfix
    * Fix an issue that caused valid certificates being rejected whenever an
      expired or not yet valid version of the trusted certificate was before the
      valid version in the trusted certificate list.
-   * Fix incorrect handling of block lengths in crypt_and_hash sample program,
-     when GCM is used. #441
+   * Fix incorrect handling of block lengths in crypt_and_hash.c sample program,
+     when GCM is used. Found by udf2457. #441
    * Fix for key exchanges based on ECDH-RSA or ECDH-ECDSA which weren't
      enabled unless others were also present. Found by David Fernandez. #428
-   * Fixed cert_app sample program for debug output and for use when no root
+   * Fixed cert_app.c sample program for debug output and for use when no root
      certificates are provided.
    * Fix conditional statement that would cause a 1 byte overread in
      mbedtls_asn1_get_int(). Found and fixed by Guido Vranken. #599
@@ -36,9 +37,9 @@ Bugfix
      rsa_rsassa_pss_verify_ext(). Fixed by Brian J. Murray. #502
 
 Changes
-   * Add compile time option for relaxed X509 time verification to enable
+   * Add compile time option for relaxed X.509 time verification to enable
      accepting certificates with non-standard time format (that is without
-     seconds or with a time zone). Patch provided by OpenVPN.
+     seconds or with a time zone). Patch provided by James Yonan of OpenVPN.
 
 = mbed TLS 1.3.17 branch 2016-06-28