diff --git a/ChangeLog b/ChangeLog
index 10ea41de7..36d7ec184 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -10,6 +10,10 @@ Bugfix
      when GCM is used. #441
    * Fix for key exchanges based on ECDH-RSA or ECDH-ECDSA which weren't
      enabled unless others were also present. Found by David Fernandez. #428
+   * Fix missing return code check after call to md_init_ctx() that could
+     result in usage of invalid md_ctx in rsa_rsaes_oaep_encrypt(),
+     rsa_rsaes_oaep_decrypt(), rsa_rsassa_pss_sign() and
+     rsa_rsassa_pss_verify_ext(). Fixed by Brian J. Murray.
 
 = mbed TLS 1.3.17 branch 2016-06-28