diff --git a/ChangeLog b/ChangeLog
index 8729c87e2..ad773c73a 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -8,6 +8,8 @@ Features
 Bugfix
    * Fix ssl_parse_record_header() to silently discard invalid DTLS records
      as recommended in RFC 6347 Section 4.1.2.7.
+   * Fix memory leak in mbedtls_ssl_set_hostname() when called multiple times.
+     Found by projectgus and jethrogb, #836.
 
 = mbed TLS 2.6.0 branch released 2017-08-10
 
@@ -198,8 +200,6 @@ Security
      team. #569 CVE-2017-2784
 
 Bugfix
-   * Fix memory leak in mbedtls_ssl_set_hostname() when called multiple times.
-     Found by jethrogb, #836.
    * Fix output certificate verification flags set by x509_crt_verify_top() when
      traversing a chain of trusted CA. The issue would cause both flags,
      MBEDTLS_X509_BADCERT_NOT_TRUSTED and MBEDTLS_X509_BADCERT_EXPIRED, to be