Fix indentation in the Changelog

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
diff --git a/ChangeLog b/ChangeLog
index 31b2c15..079661d 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -41,15 +41,15 @@
      curves and no longer needs to be configured explicitly to save RAM.
 
 Security
-* Fix a bias in the generation of finite-field Diffie-Hellman-Merkle (DHM)
-  private keys and of blinding values for DHM and elliptic curves (ECP)
-  computations. Reported by FlorianF89 in #4245.
-* Fix a potential side channel vulnerability in ECDSA ephemeral key generation.
-  An adversary who is capable of very precise timing measurements could
-  learn partial information about the leading bits of the nonce used for the
-  signature, allowing the recovery of the private key after observing a
-  large number of signature operations. This completes a partial fix in
-  Mbed TLS 2.20.0.
+   * Fix a bias in the generation of finite-field Diffie-Hellman-Merkle (DHM)
+     private keys and of blinding values for DHM and elliptic curves (ECP)
+     computations. Reported by FlorianF89 in #4245.
+   * Fix a potential side channel vulnerability in ECDSA ephemeral key generation.
+     An adversary who is capable of very precise timing measurements could
+     learn partial information about the leading bits of the nonce used for the
+     signature, allowing the recovery of the private key after observing a
+     large number of signature operations. This completes a partial fix in
+     Mbed TLS 2.20.0.
    * It was possible to configure MBEDTLS_ECP_MAX_BITS to a value that is
      too small, leading to buffer overflows in ECC operations. Fail the build
      in such a case.