diff --git a/ChangeLog b/ChangeLog
index 5c2bf4c6e..c6cb0e9cb 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -7,11 +7,7 @@ Security
      with RFC5116 and could lead to session key recovery in very long TLS
      sessions. (H. Bock, A. Zauner, S. Devlin, J. Somorovsky, P. Jovanovic -
      "Nonce-Disrespecting Adversaries Practical Forgery Attacks on GCM in TLS")
-   * Fix potential stack corruption in mbedtls_x509write_crt_der() and
-     mbedtls_x509write_csr_der() when the signature is copied to the buffer
-     without checking whether there is enough space in the destination. The
-     issue cannot be triggered remotely. (found by Jethro Beekman)
-   * Fix potential stack corruption in mbedtls_x509write_crt_der() and
+  * Fix potential stack corruption in mbedtls_x509write_crt_der() and
      mbedtls_x509write_csr_der() when the signature is copied to the buffer
      without checking whether there is enough space in the destination. The
      issue cannot be triggered remotely. (found by Jethro Beekman)
@@ -40,22 +36,6 @@ Changes
      accepting certificates with non-standard time format (that is without
      seconds or with a time zone). Patch provided by OpenVPN.
 
-Bugfix
-   * Fix an issue that caused valid certificates being rejected whenever an
-     expired or not yet valid version of the trusted certificate was before the
-     valid version in the trusted certificate list.
-   * Fix incorrect handling of block lengths in crypt_and_hash sample program,
-     when GCM is used. #441
-   * Fix for key exchanges based on ECDH-RSA or ECDH-ECDSA which weren't
-     enabled unless others were also present. Found by David Fernandez. #428
-   * Fixed configuration of debug output in cert_app sample program.
-   * Fixed the sample applications gen_key.c, cert_req.c and cert_write.c for
-     builds where the configuration POLARSSL_PEM_WRITE_C is not defined. Found
-     by inestlerode. #559.
-   * Fix an issue that caused valid certificates being rejected whenever an
-   expired or not yet valid version of the trusted certificate was before the
-   valid version in the trusted certificate list.
-
 = mbed TLS 1.3.17 branch 2016-06-28
 
 Security