diff --git a/debian/changelog b/debian/changelog
index 062777f15..a849553bc 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,4 +1,4 @@
-linux (4.14.11-1) UNRELEASED; urgency=medium
+linux (4.14.12-1) UNRELEASED; urgency=medium
 
   * New upstream stable update:
     https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.8
@@ -38,6 +38,15 @@ linux (4.14.11-1) UNRELEASED; urgency=medium
       (CVE-2017-15129)
   * [amd64] Implement Kernel Page Table Isolation (KPTI, aka KAISER)
     (CVE-2017-5754)
+    https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.12
+    - exec: Weaken dumpability for secureexec
+    - capabilities: fix buffer overread on very short xattr
+    - x86/cpu, x86/pti: Do not enable PTI on AMD processors
+    - x86/pti: Make sure the user/kernel PTEs match
+    - x86/dumpstack: Fix partial register dumps
+    - x86/dumpstack: Print registers for first stack frame
+    - x86/pti: Switch to kernel CR3 at early in entry_SYSCALL_compat()
+    - x86/process: Define cpu_tss_rw in same section as declaration
 
   [ Ben Hutchings ]
   * e1000e: Fix e1000_check_for_copper_link_ich8lan return value.