diff --git a/ChangeLog.d/fix_reporting_of_key_usage_issues.txt b/ChangeLog.d/fix_reporting_of_key_usage_issues.txt
index 75fbb6cc1..b81fb426a 100644
--- a/ChangeLog.d/fix_reporting_of_key_usage_issues.txt
+++ b/ChangeLog.d/fix_reporting_of_key_usage_issues.txt
@@ -1,9 +1,9 @@
 Security
    * With TLS 1.3, when a server enables optional authentication of the
      client, if the client-provided certificate does not have appropriate values
-     in if keyUsage or extKeyUsage extensions, then the return value of
+     in keyUsage or extKeyUsage extensions, then the return value of
      mbedtls_ssl_get_verify_result() would incorrectly have the
-     MBEDTLS_X509_BADCERT_KEY_USAGE and MBEDTLS_X509_BADCERT_KEY_USAGE bits
+     MBEDTLS_X509_BADCERT_KEY_USAGE and MBEDTLS_X509_BADCERT_EXT_KEY_USAGE bits
      clear. As a result, an attacker that had a certificate valid for uses other
      than TLS client authentication could be able to use it for TLS client
      authentication anyway. Only TLS 1.3 servers were affected, and only with
diff --git a/ChangeLog.d/mbedtls_psa_rsa_load_representation-memory_leak.txt b/ChangeLog.d/mbedtls_psa_rsa_load_representation-memory_leak.txt
new file mode 100644
index 000000000..dba25af61
--- /dev/null
+++ b/ChangeLog.d/mbedtls_psa_rsa_load_representation-memory_leak.txt
@@ -0,0 +1,3 @@
+Bugfix
+   * Fix a memory leak that could occur when failing to process an RSA
+     key through some PSA functions due to low memory conditions.