diff --git a/debian/changelog b/debian/changelog
index f03e093c4..7f2095648 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,4 +1,4 @@
-linux (3.13.8-1) UNRELEASED; urgency=medium
+linux (3.13.9-1) UNRELEASED; urgency=medium
 
   * New upstream stable update:
     http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.13.8
@@ -25,6 +25,21 @@ linux (3.13.8-1) UNRELEASED; urgency=medium
     - KVM: MMU: handle invalid root_hpa at __direct_map
     - [x86] KVM: x86: handle invalid root_hpa everywhere
     - KVM: VMX: fix use after free of vmx->loaded_vmcs
+    http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.13.9
+    - ext4: atomically set inode->i_flags in ext4_set_inode_flags()
+    - rcuwalk: recheck mount_lock after mountpoint crossing attempts
+    - Input: mousedev - fix race when creating mixed device
+    - xen/balloon: flush persistent kmaps in correct position
+    - Revert "xen: properly account for _PAGE_NUMA during xen pte translations"
+      (regression in 3.13.5)
+    - drm/i915: Undo gtt scratch pte unmapping again (regression in 3.12)
+    - [i386/486] fix boot on uniprocessor systems
+    - random32: avoid attempt to late reseed if in the middle of seeding
+    - rcuwalk: switch mnt_hash to hlist
+    - mm: close PageTail race
+    - cgroup: protect modifications to cgroup_idr with cgroup_mutex
+    - netfilter: nf_conntrack_dccp: fix skb_header_pointer API usages
+      (CVE-2014-2523)
 
   [ Ben Hutchings ]
   * vhost: fix total length when packets are too short (CVE-2014-0077)