diff --git a/debian/changelog b/debian/changelog
index 9227974f5..68855db18 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -102,7 +102,7 @@ linux (4.13.9-1) UNRELEASED; urgency=medium
     - [x86] platform: fujitsu-laptop: Don't oops when FUJ02E3 is not presnt
     - PM / OPP: Call notifier without holding opp_table->lock
     - [x86] mm: Fix fault error path using unsafe vma pointer
-    - [x86] fpu: Don't let userspace set bogus xcomp_bv
+    - [x86] fpu: Don't let userspace set bogus xcomp_bv (CVE-2017-15537)
     - [x86] KVM: VMX: do not change SN bit in vmx_update_pi_irte()
     - [x86] KVM: VMX: remove WARN_ON_ONCE in kvm_vcpu_trigger_posted_interrupt
     - [x86] KVM: VMX: use cmpxchg64
@@ -131,7 +131,7 @@ linux (4.13.9-1) UNRELEASED; urgency=medium
     - tcp: fastopen: fix on syn-data transmit failure
     - [powerpc*] net: emac: Fix napi poll list corruption
     - net: ipv6: fix regression of no RTM_DELADDR sent after DAD failure
-    - packet: hold bind lock when rebinding to fanout hook
+    - packet: hold bind lock when rebinding to fanout hook (CVE-2017-15649)
     - net: change skb->mac_header when Generic XDP calls adjust_head
     - net_sched: always reset qdisc backlog in qdisc_reset()
     - [armhf,arm64] net: stmmac: Cocci spatch "of_table"
@@ -142,7 +142,7 @@ linux (4.13.9-1) UNRELEASED; urgency=medium
     - [armhf,arm64] net: dsa: mv88e6xxx: Allow dsa and cpu ports in multiple
       vlans
     - [armhf,arm64] net: dsa: Fix network device registration order
-    - packet: in packet_do_bind, test fanout with bind_lock held
+    - packet: in packet_do_bind, test fanout with bind_lock held (CVE-2017-15649)
     - packet: only test po->has_vnet_hdr once in packet_snd
     - [armhf,arm64] net: dsa: mv88e6xxx: lock mutex when freeing IRQs
     - net: Set sk_prot_creator when cloning sockets to the right proto
@@ -291,7 +291,7 @@ linux (4.13.9-1) UNRELEASED; urgency=medium
       functions
     - [armhf,armhf] Revert "PCI: tegra: Do not allocate MSI target memory"
     - direct-io: Prevent NULL pointer access in submit_page_section
-    - fix unbalanced page refcounting in bio_map_user_iov
+    - fix unbalanced page refcounting in bio_map_user_iov (CVE-2017-12190)
     - more bio_map_user_iov() leak fixes
     - bio_copy_user_iov(): don't ignore ->iov_offset
     - perf script: Add missing separator for "-F ip,brstack" (and brstackoff)