diff --git a/debian/changelog b/debian/changelog
index dde3cba8a..4b06cf636 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,4 +1,4 @@
-linux (3.9.7-1) UNRELEASED; urgency=low
+linux (3.9.8-1) UNRELEASED; urgency=low
 
   * New upstream stable update:
     http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.9.7
@@ -18,11 +18,42 @@ linux (3.9.7-1) UNRELEASED; urgency=low
     - USB: pl2303: fix device initialisation at open
     - USB: f81232: fix device initialisation at open
     - USB: spcp8x5: fix device initialisation at open
+  * New upstream stable update:
+    http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.9.8
+    - ARM: 7752/1: errata: LoUIS bit field in CLIDR register is incorrect
+    - clk: remove notifier from list before freeing it
+    - [hppa] make interrupt and interruption stack allocation reentrant
+    - ACPI / dock: Take ACPI scan lock in write_undock()
+    - net: fec: fix kernel oops when plug/unplug cable many times
+    - tcp: fix tcp_md5_hash_skb_data()
+    - net/802/mrp: fix lockdep splat
+    - ipv6: fix possible crashes in ip6_cork_release()
+    - r8169: fix offloaded tx checksum for small packets.
+    - xfrm: properly handle invalid states as an error
+    - ip_tunnel: fix kernel panic with icmp_dest_unreach
+    - net: Block MSG_CMSG_COMPAT in send(m)msg and recv(m)msg
+    - net: force a reload of first item in hlist_nulls_for_each_entry_rcu
+    - vhost_net: clear msg.control for non-zerocopy case during tx
+    - net: sctp: fix NULL pointer dereference in socket destruction
+    - team: check return value of team_get_port_by_index_rcu() for NULL
+    - team: move add to port list before port enablement
+    - l2tp: Fix PPP header erasure and memory leak
+    - sctp: fully initialize sctp_outq in sctp_outq_init
+    - macvtap: set transport header before passing skb to lower device
+    - tuntap: set transport header before passing it to kernel
+    - packet: set transport header before doing xmit
+    - netback: set transport header before passing it to kernel
+    - net_sched: better precise estimation on packet length for untrusted
+      packets
+    - firmware loader: fix use-after-free by double abort
+    - target/iscsi: don't corrupt bh_count in iscsit_stop_time2retain_timer()
+    - rbd: use the correct length for format 2 object names
+    - perf: Fix perf mmap bugs
+    - perf: Fix mmap() accounting hole
 
   [ Ben Hutchings ]
   * yama: Disable ptrace restrictions by default, and change boot message
     to indicate this (Closes: #712740)
-  * [x86] efi: Fix dummy variable buffer allocation
   * fanotify: info leak in copy_event_to_user() (CVE-2013-2148)
   * drivers/cdrom/cdrom.c: use kzalloc() for failing hardware (CVE-2013-2164)
   * block: do not pass disk names as format strings (CVE-2013-2851)
diff --git a/debian/patches/bugfix/all/firmware_class-log-every-success-and-failure.patch b/debian/patches/bugfix/all/firmware_class-log-every-success-and-failure.patch
index 1299e58cd..addbdca48 100644
--- a/debian/patches/bugfix/all/firmware_class-log-every-success-and-failure.patch
+++ b/debian/patches/bugfix/all/firmware_class-log-every-success-and-failure.patch
@@ -19,7 +19,7 @@ removed in later patches.
 
 --- a/drivers/base/firmware_class.c
 +++ b/drivers/base/firmware_class.c
-@@ -604,14 +604,23 @@ static ssize_t firmware_loading_store(st
+@@ -619,14 +619,23 @@ static ssize_t firmware_loading_store(st
  			 * is completed.
  			 * */
  			fw_map_pages_buf(fw_buf);
@@ -45,17 +45,17 @@ removed in later patches.
  		fw_load_abort(fw_priv);
  		break;
  	}
-@@ -781,6 +790,9 @@ static void firmware_class_timeout_work(
- 		mutex_unlock(&fw_lock);
- 		return;
- 	}
+@@ -792,6 +801,9 @@ static void firmware_class_timeout_work(
+ 			struct firmware_priv, timeout_work.work);
+ 
+ 	mutex_lock(&fw_lock);
 +	dev_err(fw_priv->dev.parent,
 +		"firmware: agent did not handle request for %s\n",
 +		fw_priv->buf->fw_id);
  	fw_load_abort(fw_priv);
  	mutex_unlock(&fw_lock);
  }
-@@ -832,25 +844,28 @@ static int _request_firmware_load(struct
+@@ -843,25 +855,28 @@ static int _request_firmware_load(struct
  
  	retval = device_add(f_dev);
  	if (retval) {
@@ -88,7 +88,7 @@ removed in later patches.
  		if (timeout != MAX_SCHEDULE_TIMEOUT)
  			schedule_delayed_work(&fw_priv->timeout_work, timeout);
  
-@@ -940,7 +955,8 @@ _request_firmware_prepare(struct firmwar
+@@ -949,7 +964,8 @@ _request_firmware_prepare(struct firmwar
  	}
  
  	if (fw_get_builtin_firmware(firmware, name)) {
@@ -98,7 +98,7 @@ removed in later patches.
  		return 0; /* assigned */
  	}
  
-@@ -970,9 +986,16 @@ static int assign_firmware_buf(struct fi
+@@ -979,9 +995,16 @@ static int assign_firmware_buf(struct fi
  	struct firmware_buf *buf = fw->priv;
  
  	mutex_lock(&fw_lock);
@@ -116,7 +116,7 @@ removed in later patches.
  	}
  
  	/*
-@@ -1021,7 +1044,7 @@ _request_firmware(const struct firmware
+@@ -1030,7 +1053,7 @@ _request_firmware(const struct firmware
  	if (nowait) {
  		timeout = usermodehelper_read_lock_wait(timeout);
  		if (!timeout) {
@@ -125,7 +125,7 @@ removed in later patches.
  				name);
  			ret = -EBUSY;
  			goto out;
-@@ -1047,6 +1070,9 @@ _request_firmware(const struct firmware
+@@ -1056,6 +1079,9 @@ _request_firmware(const struct firmware
  	if (ret < 0) {
  		release_firmware(fw);
  		fw = NULL;
diff --git a/debian/patches/bugfix/x86/x86-efi-Fix-dummy-variable-buffer-allocation.patch b/debian/patches/bugfix/x86/x86-efi-Fix-dummy-variable-buffer-allocation.patch
deleted file mode 100644
index f42bc64be..000000000
--- a/debian/patches/bugfix/x86/x86-efi-Fix-dummy-variable-buffer-allocation.patch
+++ /dev/null
@@ -1,43 +0,0 @@
-From: Ben Hutchings <ben@decadent.org.uk>
-Date: Sun, 16 Jun 2013 21:27:12 +0100
-Subject: x86/efi: Fix dummy variable buffer allocation
-
-commit b8cb62f82103083a6e8fa5470bfe634a2c06514d upstream.
-
-1. Check for allocation failure
-2. Clear the buffer contents, as they may actually be written to flash
-3. Don't leak the buffer
-
-Compile-tested only.
-
-[ Tested successfully on my buggy ASUS machine - Matt ]
-
-Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
-Signed-off-by: Matt Fleming <matt.fleming@intel.com>
----
- arch/x86/platform/efi/efi.c |    7 ++++++-
- 1 file changed, 6 insertions(+), 1 deletion(-)
-
---- a/arch/x86/platform/efi/efi.c
-+++ b/arch/x86/platform/efi/efi.c
-@@ -1074,7 +1074,10 @@ efi_status_t efi_query_variable_store(u3
- 		 * that by attempting to use more space than is available.
- 		 */
- 		unsigned long dummy_size = remaining_size + 1024;
--		void *dummy = kmalloc(dummy_size, GFP_ATOMIC);
-+		void *dummy = kzalloc(dummy_size, GFP_ATOMIC);
-+
-+		if (!dummy)
-+			return EFI_OUT_OF_RESOURCES;
- 
- 		status = efi.set_variable(efi_dummy_name, &EFI_DUMMY_GUID,
- 					  EFI_VARIABLE_NON_VOLATILE |
-@@ -1094,6 +1097,8 @@ efi_status_t efi_query_variable_store(u3
- 					 0, dummy);
- 		}
- 
-+		kfree(dummy);
-+
- 		/*
- 		 * The runtime code may now have triggered a garbage collection
- 		 * run, so check the variable info again
diff --git a/debian/patches/series b/debian/patches/series
index 7625cb074..66c60775f 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -107,7 +107,6 @@ features/arm/0001-ARM-mvebu-Add-thermal-support-to-Armada-XP-device-tr.patch
 bugfix/x86/viafb-autoload-on-olpc-xo1.5-only.patch
 debian/powerpc-machdep-avoid-abi-change-in-3.9.6.patch
 debian/yama-disable-by-default.patch
-bugfix/x86/x86-efi-Fix-dummy-variable-buffer-allocation.patch
 bugfix/all/fanotify-info-leak-in-copy_event_to_user.patch
 bugfix/all/drivers-cdrom-cdrom.c-use-kzalloc-for-failing-hardwa.patch
 bugfix/all/block-do-not-pass-disk-names-as-format-strings.patch