diff --git a/debian/changelog b/debian/changelog
index 2c0111bdb..1385a49dc 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -41,6 +41,7 @@ linux (3.16.7-ckt2-1) UNRELEASED; urgency=medium
     - [x86] intel_pstate: Correct BYT VID values.
     - [x86] kvm: don't kill guest on unknown exit reason
     - kvm: fix excessive pages un-pinning in kvm_iommu_map error path.
+      (CVE-2014-8369)
     - vfs: be careful with nd->inode in path_init() and follow_dotdot_rcu()
     - pstore: Fix duplicate {console,ftrace}-efi entries
     - [x86] bpf_jit: fix two bugs in eBPF JIT compiler (regression in 3.16)
@@ -202,7 +203,7 @@ linux (3.16.7-ckt2-1) UNRELEASED; urgency=medium
     - NFSv4: Ensure that we call FREE_STATEID when NFSv4.x stateids are revoked
     - NFS: Don't try to reclaim delegation open state if recovery failed
     - [arm64] efi: Fix stub cache maintenance
-    - [arm64] __clear_user: handle exceptions on strb
+    - [arm64] __clear_user: handle exceptions on strb (CVE-2014-7843)
     - [arm64] Correct the race condition in aarch64_insn_patch_text_sync()
     - Fix thinko in iov_iter_single_seg_count
     - libceph: do not crash on large auth tickets
@@ -213,7 +214,7 @@ linux (3.16.7-ckt2-1) UNRELEASED; urgency=medium
       (regression in 3.13)
     - vxlan: Do not reuse sockets for a different address family
     - net: sctp: fix NULL pointer dereference in af->from_addr_param on
-      malformed packet
+      malformed packet (CVE-2014-7841)
     - net: sctp: fix memory leak in auth key management
     - [armel,m68k] ipv6: fix IPV6_PKTINFO with v4 mapped (regression in 3.15)
     - netlink: Properly unbind in error conditions. (regression in 3.16)