diff --git a/debian/changelog b/debian/changelog
index 46d6deb1d..64e1df671 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,4 +1,4 @@
-linux (4.16.6-1) UNRELEASED; urgency=medium
+linux (4.16.7-1) UNRELEASED; urgency=medium
 
   TODO: deal with ABI changes or bump ABI
 
@@ -88,6 +88,107 @@ linux (4.16.6-1) UNRELEASED; urgency=medium
     - [s390x] cpum_cf: rename IBM z13/z14 counter names
     - kprobes: Fix random address output of blacklist file
     - ACPI / video: Only default only_lcd to true on Win8-ready _desktops_
+    https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.16.7
+    - ext4: prevent right-shifting extents beyond EXT_MAX_BLOCKS
+    - ext4: set h_journal if there is a failure starting a reserved handle
+    - ext4: add MODULE_SOFTDEP to ensure crc32c is included in the initramfs
+    - random: set up the NUMA crng instances after the CRNG is fully
+      initialized
+    - random: fix possible sleeping allocation from irq context
+    - random: rate limit unseeded randomness warnings
+    - usbip: usbip_event: fix to not print kernel pointer address
+    - usbip: usbip_host: fix to hold parent lock for device_attach() calls
+    - usbip: vhci_hcd: Fix usb device and sockfd leaks
+    - usbip: vhci_hcd: check rhport before using in vhci_hub_control()
+    - Revert "xhci: plat: Register shutdown for xhci_plat"
+    - xhci: Fix USB ports for Dell Inspiron 5775
+    - USB: serial: simple: add libtransistor console
+    - USB: serial: ftdi_sio: use jtag quirk for Arrow USB Blaster
+    - USB: serial: cp210x: add ID for NI USB serial console
+    - [arm64] serial: mvebu-uart: Fix local flags handling on termios update
+    - usb: typec: ucsi: Increase command completion timeout value
+    - usb: core: Add quirk for HP v222w 16GB Mini
+    - USB: Increment wakeup count on remote wakeup.
+    - ALSA: usb-audio: Skip broken EU on Dell dock USB-audio
+    - virtio: add ability to iterate over vqs
+    - virtio_console: don't tie bufs to a vq
+    - virtio_console: free buffers after reset
+    - virtio_console: drop custom control queue cleanup
+    - virtio_console: move removal code
+    - virtio_console: reset on out of memory
+    - drm/virtio: fix vq wait_event condition
+    - tty: Don't call panic() at tty_ldisc_init()
+    - tty: n_gsm: Fix long delays with control frame timeouts in ADM mode
+    - tty: n_gsm: Fix DLCI handling for ADM mode if debug & 2 is not set
+    - tty: Avoid possible error pointer dereference at tty_ldisc_restore().
+    - tty: Use __GFP_NOFAIL for tty_ldisc_get()
+    - ALSA: dice: fix OUI for TC group
+    - ALSA: dice: fix error path to destroy initialized stream data
+    - ALSA: hda - Skip jack and others for non-existing PCM streams
+    - ALSA: opl3: Hardening for potential Spectre v1
+    - ALSA: asihpi: Hardening for potential Spectre v1
+    - ALSA: hdspm: Hardening for potential Spectre v1
+    - ALSA: rme9652: Hardening for potential Spectre v1
+    - ALSA: control: Hardening for potential Spectre v1
+    - ALSA: pcm: Return negative delays from SNDRV_PCM_IOCTL_DELAY.
+    - ALSA: core: Report audio_tstamp in snd_pcm_sync_ptr
+    - ALSA: seq: oss: Fix unbalanced use lock for synth MIDI device
+    - ALSA: seq: oss: Hardening for potential Spectre v1
+    - ALSA: hda: Hardening for potential Spectre v1
+    - ALSA: hda/realtek - Add some fixes for ALC233
+    - ALSA: hda/realtek - Update ALC255 depop optimize
+    - ALSA: hda/realtek - change the location for one of two front mics
+    - mtd: spi-nor: cadence-quadspi: Fix page fault kernel panic
+    - mtd: cfi: cmdset_0001: Do not allow read/write to suspend erase block.
+    - mtd: cfi: cmdset_0001: Workaround Micron Erase suspend bug.
+    - mtd: cfi: cmdset_0002: Do not allow read/write to suspend erase block.
+    - mtd: rawnand: tango: Fix struct clk memory leak
+    - mtd: rawnand: marvell: fix the chip-select DT parsing logic
+    - kobject: don't use WARN for registration failures
+    - scsi: sd_zbc: Avoid that resetting a zone fails sporadically
+    - scsi: sd: Defer spinning up drive while SANITIZE is in progress
+    - blk-mq: start request gstate with gen 1
+    - bfq-iosched: ensure to clear bic/bfqq pointers when preparing request
+    - block: do not use interruptible wait anywhere
+    - [s390x] vfio: ccw: process ssch with interrupts disabled
+    - [arm64] PCI: aardvark: Fix logic in advk_pcie_{rd,wr}_conf()
+    - [arm64] PCI: aardvark: Set PIO_ADDR_LS correctly in advk_pcie_rd_conf()
+    - [arm64] PCI: aardvark: Use ISR1 instead of ISR0 interrupt in legacy irq
+      mode
+    - [arm64] PCI: aardvark: Fix PCIe Max Read Request Size setting
+    - [armhf,arm64] KVM: Close VMID generation race
+    - [powerpc*] mm: Flush cache on memory hot(un)plug
+    - [powerpc*] mce: Fix a bug where mce loops on memory UE.
+    - [powerpc*] powernv/npu: Do a PID GPU TLB flush when invalidating a large
+      address range
+    - crypto: drbg - set freed buffers to NULL
+    - libceph: un-backoff on tick when we have a authenticated session
+    - libceph: reschedule a tick in finish_hunting()
+    - libceph: validate con->state at the top of try_write()
+    - PCI / PM: Do not clear state_saved in pci_pm_freeze() when smart suspend
+      is set
+    - module: Fix display of wrong module .text address
+    - earlycon: Use a pointer table to fix __earlycon_table stride
+    - [powerpc*] cpufreq: powernv: Fix hardlockup due to synchronous smp_call
+      in timer interrupt
+    - [powerpc*] rtc: opal: Fix OPAL RTC driver OPAL_BUSY loops
+    - drm/edid: Reset more of the display info
+    - drm/amdgpu: set COMPUTE_PGM_RSRC1 for SGPR/VGPR clearing shaders
+    - [x86] drm/i915/fbdev: Enable late fbdev initial configuration
+    - [x86] drm/i915/audio: set minimum CD clock to twice the BCLK
+    - [x86] drm/i915: Enable display WA#1183 from its correct spot
+    - drm/amd/display: Fix deadlock when flushing irq
+    - drm/amd/display: Don't read EDID in atomic_check
+    - drm/amd/display: Disallow enabling CRTC without primary plane with FB
+    - objtool, perf: Fix GCC 8 -Wrestrict error
+    - [x86] ipc: Fix x32 version of shmid64_ds and msqid64_ds
+    - [x86] smpboot: Don't use mwait_play_dead() on AMD systems
+    - [x86] microcode/intel: Save microcode patch unconditionally
+    - [x86] microcode: Do not exit early from __reload_late()
+    - tick/sched: Do not mess with an enqueued hrtimer
+    - [x86] crypto: ccp - add check to get PSP master only when PSP is
+      detected
+    - [armhf,arm64] KVM: Add PSCI version selection API
 
   [ Romain Perier ]
   * [armhf] DRM: Enable DW_HDMI_AHB_AUDIO and DW_HDMI_CEC (Closes: #897204)
diff --git a/debian/patches/bugfix/all/ext4-add-validity-checks-for-bitmap-block-numbers.patch b/debian/patches/bugfix/all/ext4-add-validity-checks-for-bitmap-block-numbers.patch
deleted file mode 100644
index b7f943954..000000000
--- a/debian/patches/bugfix/all/ext4-add-validity-checks-for-bitmap-block-numbers.patch
+++ /dev/null
@@ -1,96 +0,0 @@
-From: Theodore Ts'o <tytso@mit.edu>
-Date: Mon, 26 Mar 2018 23:54:10 -0400
-Subject: ext4: add validity checks for bitmap block numbers
-Origin: https://git.kernel.org/linus/7dac4a1726a9c64a517d595c40e95e2d0d135f6f
-Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2018-1093
-
-An privileged attacker can cause a crash by mounting a crafted ext4
-image which triggers a out-of-bounds read in the function
-ext4_valid_block_bitmap() in fs/ext4/balloc.c.
-
-This issue has been assigned CVE-2018-1093.
-
-BugLink: https://bugzilla.kernel.org/show_bug.cgi?id=199181
-BugLink: https://bugzilla.redhat.com/show_bug.cgi?id=1560782
-Reported-by: Wen Xu <wen.xu@gatech.edu>
-Signed-off-by: Theodore Ts'o <tytso@mit.edu>
-Cc: stable@vger.kernel.org
----
- fs/ext4/balloc.c | 16 ++++++++++++++--
- fs/ext4/ialloc.c |  7 +++++++
- 2 files changed, 21 insertions(+), 2 deletions(-)
-
---- a/fs/ext4/balloc.c
-+++ b/fs/ext4/balloc.c
-@@ -338,20 +338,25 @@ static ext4_fsblk_t ext4_valid_block_bit
- 	/* check whether block bitmap block number is set */
- 	blk = ext4_block_bitmap(sb, desc);
- 	offset = blk - group_first_block;
--	if (!ext4_test_bit(EXT4_B2C(sbi, offset), bh->b_data))
-+	if (offset < 0 || EXT4_B2C(sbi, offset) >= sb->s_blocksize ||
-+	    !ext4_test_bit(EXT4_B2C(sbi, offset), bh->b_data))
- 		/* bad block bitmap */
- 		return blk;
- 
- 	/* check whether the inode bitmap block number is set */
- 	blk = ext4_inode_bitmap(sb, desc);
- 	offset = blk - group_first_block;
--	if (!ext4_test_bit(EXT4_B2C(sbi, offset), bh->b_data))
-+	if (offset < 0 || EXT4_B2C(sbi, offset) >= sb->s_blocksize ||
-+	    !ext4_test_bit(EXT4_B2C(sbi, offset), bh->b_data))
- 		/* bad block bitmap */
- 		return blk;
- 
- 	/* check whether the inode table block number is set */
- 	blk = ext4_inode_table(sb, desc);
- 	offset = blk - group_first_block;
-+	if (offset < 0 || EXT4_B2C(sbi, offset) >= sb->s_blocksize ||
-+	    EXT4_B2C(sbi, offset + sbi->s_itb_per_group) >= sb->s_blocksize)
-+		return blk;
- 	next_zero_bit = ext4_find_next_zero_bit(bh->b_data,
- 			EXT4_B2C(sbi, offset + sbi->s_itb_per_group),
- 			EXT4_B2C(sbi, offset));
-@@ -417,6 +422,7 @@ struct buffer_head *
- ext4_read_block_bitmap_nowait(struct super_block *sb, ext4_group_t block_group)
- {
- 	struct ext4_group_desc *desc;
-+	struct ext4_sb_info *sbi = EXT4_SB(sb);
- 	struct buffer_head *bh;
- 	ext4_fsblk_t bitmap_blk;
- 	int err;
-@@ -425,6 +431,12 @@ ext4_read_block_bitmap_nowait(struct sup
- 	if (!desc)
- 		return ERR_PTR(-EFSCORRUPTED);
- 	bitmap_blk = ext4_block_bitmap(sb, desc);
-+	if ((bitmap_blk <= le32_to_cpu(sbi->s_es->s_first_data_block)) ||
-+	    (bitmap_blk >= ext4_blocks_count(sbi->s_es))) {
-+		ext4_error(sb, "Invalid block bitmap block %llu in "
-+			   "block_group %u", bitmap_blk, block_group);
-+		return ERR_PTR(-EFSCORRUPTED);
-+	}
- 	bh = sb_getblk(sb, bitmap_blk);
- 	if (unlikely(!bh)) {
- 		ext4_error(sb, "Cannot get buffer for block bitmap - "
---- a/fs/ext4/ialloc.c
-+++ b/fs/ext4/ialloc.c
-@@ -122,6 +122,7 @@ static struct buffer_head *
- ext4_read_inode_bitmap(struct super_block *sb, ext4_group_t block_group)
- {
- 	struct ext4_group_desc *desc;
-+	struct ext4_sb_info *sbi = EXT4_SB(sb);
- 	struct buffer_head *bh = NULL;
- 	ext4_fsblk_t bitmap_blk;
- 	int err;
-@@ -131,6 +132,12 @@ ext4_read_inode_bitmap(struct super_bloc
- 		return ERR_PTR(-EFSCORRUPTED);
- 
- 	bitmap_blk = ext4_inode_bitmap(sb, desc);
-+	if ((bitmap_blk <= le32_to_cpu(sbi->s_es->s_first_data_block)) ||
-+	    (bitmap_blk >= ext4_blocks_count(sbi->s_es))) {
-+		ext4_error(sb, "Invalid inode bitmap blk %llu in "
-+			   "block_group %u", bitmap_blk, block_group);
-+		return ERR_PTR(-EFSCORRUPTED);
-+	}
- 	bh = sb_getblk(sb, bitmap_blk);
- 	if (unlikely(!bh)) {
- 		ext4_error(sb, "Cannot read inode bitmap - "
diff --git a/debian/patches/bugfix/all/ext4-fix-bitmap-position-validation.patch b/debian/patches/bugfix/all/ext4-fix-bitmap-position-validation.patch
deleted file mode 100644
index 14b3dab08..000000000
--- a/debian/patches/bugfix/all/ext4-fix-bitmap-position-validation.patch
+++ /dev/null
@@ -1,76 +0,0 @@
-From: Lukas Czerner <lczerner@redhat.com>
-Date: Tue, 24 Apr 2018 11:31:44 -0400
-Subject: ext4: fix bitmap position validation
-Origin: https://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4.git/commit?id=22be37acce25d66ecf6403fc8f44df9c5ded2372
-
-Currently in ext4_valid_block_bitmap() we expect the bitmap to be
-positioned anywhere between 0 and s_blocksize clusters, but that's
-wrong because the bitmap can be placed anywhere in the block group. This
-causes false positives when validating bitmaps on perfectly valid file
-system layouts. Fix it by checking whether the bitmap is within the group
-boundary.
-
-The problem can be reproduced using the following
-
-mkfs -t ext3 -E stride=256 /dev/vdb1
-mount /dev/vdb1 /mnt/test
-cd /mnt/test
-wget https://cdn.kernel.org/pub/linux/kernel/v4.x/linux-4.16.3.tar.xz
-tar xf linux-4.16.3.tar.xz
-
-This will result in the warnings in the logs
-
-EXT4-fs error (device vdb1): ext4_validate_block_bitmap:399: comm tar: bg 84: block 2774529: invalid block bitmap
-
-[ Changed slightly for clarity and to not drop a overflow test -- TYT ]
-
-Signed-off-by: Lukas Czerner <lczerner@redhat.com>
-Signed-off-by: Theodore Ts'o <tytso@mit.edu>
-Reported-by: Ilya Dryomov <idryomov@gmail.com>
-Fixes: 7dac4a1726a9 ("ext4: add validity checks for bitmap block numbers")
-Cc: stable@vger.kernel.org
----
- fs/ext4/balloc.c | 9 +++++----
- 1 file changed, 5 insertions(+), 4 deletions(-)
-
-diff --git a/fs/ext4/balloc.c b/fs/ext4/balloc.c
-index a33d8fb1bf2a..508b905d744d 100644
---- a/fs/ext4/balloc.c
-+++ b/fs/ext4/balloc.c
-@@ -321,6 +321,7 @@ static ext4_fsblk_t ext4_valid_block_bitmap(struct super_block *sb,
- 	struct ext4_sb_info *sbi = EXT4_SB(sb);
- 	ext4_grpblk_t offset;
- 	ext4_grpblk_t next_zero_bit;
-+	ext4_grpblk_t max_bit = EXT4_CLUSTERS_PER_GROUP(sb);
- 	ext4_fsblk_t blk;
- 	ext4_fsblk_t group_first_block;
- 
-@@ -338,7 +339,7 @@ static ext4_fsblk_t ext4_valid_block_bitmap(struct super_block *sb,
- 	/* check whether block bitmap block number is set */
- 	blk = ext4_block_bitmap(sb, desc);
- 	offset = blk - group_first_block;
--	if (offset < 0 || EXT4_B2C(sbi, offset) >= sb->s_blocksize ||
-+	if (offset < 0 || EXT4_B2C(sbi, offset) >= max_bit ||
- 	    !ext4_test_bit(EXT4_B2C(sbi, offset), bh->b_data))
- 		/* bad block bitmap */
- 		return blk;
-@@ -346,7 +347,7 @@ static ext4_fsblk_t ext4_valid_block_bitmap(struct super_block *sb,
- 	/* check whether the inode bitmap block number is set */
- 	blk = ext4_inode_bitmap(sb, desc);
- 	offset = blk - group_first_block;
--	if (offset < 0 || EXT4_B2C(sbi, offset) >= sb->s_blocksize ||
-+	if (offset < 0 || EXT4_B2C(sbi, offset) >= max_bit ||
- 	    !ext4_test_bit(EXT4_B2C(sbi, offset), bh->b_data))
- 		/* bad block bitmap */
- 		return blk;
-@@ -354,8 +355,8 @@ static ext4_fsblk_t ext4_valid_block_bitmap(struct super_block *sb,
- 	/* check whether the inode table block number is set */
- 	blk = ext4_inode_table(sb, desc);
- 	offset = blk - group_first_block;
--	if (offset < 0 || EXT4_B2C(sbi, offset) >= sb->s_blocksize ||
--	    EXT4_B2C(sbi, offset + sbi->s_itb_per_group) >= sb->s_blocksize)
-+	if (offset < 0 || EXT4_B2C(sbi, offset) >= max_bit ||
-+	    EXT4_B2C(sbi, offset + sbi->s_itb_per_group) >= max_bit)
- 		return blk;
- 	next_zero_bit = ext4_find_next_zero_bit(bh->b_data,
- 			EXT4_B2C(sbi, offset + sbi->s_itb_per_group),
diff --git a/debian/patches/bugfix/all/fs-add-module_softdep-declarations-for-hard-coded-cr.patch b/debian/patches/bugfix/all/fs-add-module_softdep-declarations-for-hard-coded-cr.patch
index 9b5b3b84f..9845511d7 100644
--- a/debian/patches/bugfix/all/fs-add-module_softdep-declarations-for-hard-coded-cr.patch
+++ b/debian/patches/bugfix/all/fs-add-module_softdep-declarations-for-hard-coded-cr.patch
@@ -12,21 +12,21 @@ Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
 ---
 --- a/fs/btrfs/super.c
 +++ b/fs/btrfs/super.c
-@@ -2473,3 +2473,4 @@ late_initcall(init_btrfs_fs);
+@@ -2500,3 +2500,4 @@ late_initcall(init_btrfs_fs);
  module_exit(exit_btrfs_fs)
  
  MODULE_LICENSE("GPL");
 +MODULE_SOFTDEP("pre: crypto-crc32c");
 --- a/fs/crypto/crypto.c
 +++ b/fs/crypto/crypto.c
-@@ -614,3 +614,4 @@ static void __exit fscrypt_exit(void)
+@@ -468,3 +468,4 @@ static void __exit fscrypt_exit(void)
  module_exit(fscrypt_exit);
  
  MODULE_LICENSE("GPL");
 +MODULE_SOFTDEP("pre: crypto-aes crypto-ecb");
 --- a/fs/ext4/super.c
 +++ b/fs/ext4/super.c
-@@ -5692,5 +5692,13 @@ static void __exit ext4_exit_fs(void)
+@@ -5868,6 +5868,14 @@ static void __exit ext4_exit_fs(void)
  MODULE_AUTHOR("Remy Card, Stephen Tweedie, Andrew Morton, Andreas Dilger, Theodore Ts'o and others");
  MODULE_DESCRIPTION("Fourth Extended Filesystem");
  MODULE_LICENSE("GPL");
@@ -38,11 +38,12 @@ Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
 +#endif
 +MODULE_SOFTDEP("pre: crypto-crc32c" EXT4_ENC_EXTRA_SOFTDEPS);
 +
+ MODULE_SOFTDEP("pre: crc32c");
  module_init(ext4_init_fs)
  module_exit(ext4_exit_fs)
 --- a/fs/f2fs/super.c
 +++ b/fs/f2fs/super.c
-@@ -2244,4 +2244,5 @@ module_exit(exit_f2fs_fs)
+@@ -2990,4 +2990,5 @@ module_exit(exit_f2fs_fs)
  MODULE_AUTHOR("Samsung Electronics's Praesto Team");
  MODULE_DESCRIPTION("Flash Friendly File System");
  MODULE_LICENSE("GPL");
@@ -50,7 +51,7 @@ Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
  
 --- a/fs/jbd2/journal.c
 +++ b/fs/jbd2/journal.c
-@@ -2674,6 +2674,7 @@ static void __exit journal_exit(void)
+@@ -2726,6 +2726,7 @@ static void __exit journal_exit(void)
  }
  
  MODULE_LICENSE("GPL");
@@ -60,7 +61,7 @@ Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
  
 --- a/fs/nfsd/nfsctl.c
 +++ b/fs/nfsd/nfsctl.c
-@@ -1308,5 +1308,8 @@ static void __exit exit_nfsd(void)
+@@ -1334,5 +1334,8 @@ static void __exit exit_nfsd(void)
  
  MODULE_AUTHOR("Olaf Kirch <okir@monad.swb.de>");
  MODULE_LICENSE("GPL");
diff --git a/debian/patches/series b/debian/patches/series
index e6e8a3398..4c47e7b68 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -142,8 +142,6 @@ features/all/lockdown/arm64-add-kernel-config-option-to-lock-down-when.patch
 debian/i386-686-pae-pci-set-pci-nobios-by-default.patch
 bugfix/all/xfs-enhance-dinode-verifier.patch
 bugfix/all/xfs-set-format-back-to-extents-if-xfs_bmap_extents_t.patch
-bugfix/all/ext4-add-validity-checks-for-bitmap-block-numbers.patch
-bugfix/all/ext4-fix-bitmap-position-validation.patch
 
 # Fix exported symbol versions
 bugfix/all/module-disable-matching-missing-version-crc.patch