diff --git a/debian/arch/powerpc/defines b/debian/arch/powerpc/defines
index af2b50230..1db4d721d 100644
--- a/debian/arch/powerpc/defines
+++ b/debian/arch/powerpc/defines
@@ -10,19 +10,17 @@ kpkg-subarch: ppc
 subarches:
  vserver
 
-[image]
-
 [apus]
-depends: mkvmlinuz (>= 18)
+depends: mkvmlinuz (>= 19)
 
 [powerpc]
-depends: mkvmlinuz (>= 18)
+depends: mkvmlinuz (>= 19)
 
 [powerpc-smp]
-depends: mkvmlinuz (>= 18)
+depends: mkvmlinuz (>= 19)
 
 [powerpc-miboot]
-depends: mkvmlinuz (>= 18)
+depends: mkvmlinuz (>= 19)
 
 [powerpc64]
 kpkg-subarch: powerpc64
diff --git a/debian/changelog b/debian/changelog
index 12d24789b..3f8f1b297 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,14 +1,36 @@
 linux-2.6 (2.6.16-99experimental.1) UNRELEASED; urgency=low
 
-  [ Bastian Blank ]
   *
 
+ -- Bastian Blank <waldi@debian.org>  Fri, 14 Apr 2006 17:52:48 +0200
+
+linux-2.6 (2.6.16-7) UNRELEASED; urgency=low
+
+  [ Frederik Schüler ]
+  * Add stable release 2.6.16.3:
+    - Keys: Fix oops when adding key to non-keyring (CVE-2006-1522)
+
+  [ Bastian Blank ]
+  * Add stable release 2.6.16.4:
+    - RCU signal handling (CVE-2006-1523)
+
+  [ Sven Luther ]
+  * [powerpc] Transitioned mkvmlinuz support patch to the 2.6.16 ARCH=powerpc
+    tree. PReP is broken in 2.6.16 though.
+
   [ maximilian attems ]
-  * Unset CONFIG_SECCOMP.
+  * Add stable release 2.6.16.5:
+   - x86_64: Clean up execve
+   - x86_64: When user could have changed RIP always force IRET (CVE-2006-0744)
+  * Disable CONFIG_SECCOMP (adds useless overhead on context-switch) -
+    thanks to fs for checking abi.
 
- -- maximilian attems <maks@sternwelten.at>  Tue, 11 Apr 2006 01:07:28 +0200
+  [ Christian T. Steigies ]
+  * [m68k] update m68k patch and config to 2.6.16, temporarily disable atari
 
-linux-2.6 (2.6.16-6) UNRELEASED; urgency=low
+ -- maximilian attems <maks@sternwelten.at>  Thu, 13 Apr 2006 11:16:42 +0200
+
+linux-2.6 (2.6.16-6) unstable; urgency=medium
 
   [ Bastian Blank ]
   * Provide version infos in support package and don't longer rely on the
@@ -43,7 +65,7 @@ linux-2.6 (2.6.16-6) UNRELEASED; urgency=low
     - Fix the p4-clockmod N60 errata workaround.
     - kdump proc vmcore size oveflow fix
 
- -- Bastian Blank <waldi@debian.org>  Fri,  7 Apr 2006 22:58:17 +0200
+ -- Bastian Blank <waldi@debian.org>  Mon, 10 Apr 2006 16:09:51 +0200
 
 linux-2.6 (2.6.16-5) unstable; urgency=low
 
diff --git a/debian/patches/2.6.16.3 b/debian/patches/2.6.16.3
new file mode 100644
index 000000000..438766b15
--- /dev/null
+++ b/debian/patches/2.6.16.3
@@ -0,0 +1,27 @@
+diff --git a/security/keys/key.c b/security/keys/key.c
+index 99781b7..0e2584e 100644
+--- a/security/keys/key.c
++++ b/security/keys/key.c
+@@ -785,6 +785,10 @@ key_ref_t key_create_or_update(key_ref_t
+ 
+ 	key_check(keyring);
+ 
++	key_ref = ERR_PTR(-ENOTDIR);
++	if (keyring->type != &key_type_keyring)
++		goto error_2;
++
+ 	down_write(&keyring->sem);
+ 
+ 	/* if we're going to allocate a new key, we're going to have
+diff --git a/security/keys/keyring.c b/security/keys/keyring.c
+index d65a180..bffa924 100644
+--- a/security/keys/keyring.c
++++ b/security/keys/keyring.c
+@@ -437,6 +437,7 @@ EXPORT_SYMBOL(keyring_search);
+ /*
+  * search the given keyring only (no recursion)
+  * - keyring must be locked by caller
++ * - caller must guarantee that the keyring is a keyring
+  */
+ key_ref_t __keyring_search_one(key_ref_t keyring_ref,
+ 			       const struct key_type *ktype,
diff --git a/debian/patches/2.6.16.4 b/debian/patches/2.6.16.4
new file mode 100644
index 000000000..d134fbe5a
--- /dev/null
+++ b/debian/patches/2.6.16.4
@@ -0,0 +1,12 @@
+diff --git a/kernel/signal.c b/kernel/signal.c
+index ea15410..bc8f80b 100644
+--- a/kernel/signal.c
++++ b/kernel/signal.c
+@@ -975,7 +975,6 @@ __group_complete_signal(int sig, struct 
+ 		if (t == NULL)
+ 			/* restart balancing at this thread */
+ 			t = p->signal->curr_target = p;
+-		BUG_ON(t->tgid != p->tgid);
+ 
+ 		while (!wants_signal(sig, t)) {
+ 			t = next_thread(t);
diff --git a/debian/patches/2.6.16.5 b/debian/patches/2.6.16.5
new file mode 100644
index 000000000..78d0633c0
--- /dev/null
+++ b/debian/patches/2.6.16.5
@@ -0,0 +1,63 @@
+diff --git a/arch/x86_64/kernel/entry.S b/arch/x86_64/kernel/entry.S
+index 7c10e90..ab6e44d 100644
+--- a/arch/x86_64/kernel/entry.S
++++ b/arch/x86_64/kernel/entry.S
+@@ -180,6 +180,10 @@ rff_trace:
+  *
+  * XXX	if we had a free scratch register we could save the RSP into the stack frame
+  *      and report it properly in ps. Unfortunately we haven't.
++ *
++ * When user can change the frames always force IRET. That is because
++ * it deals with uncanonical addresses better. SYSRET has trouble
++ * with them due to bugs in both AMD and Intel CPUs.
+  */ 			 		
+ 
+ ENTRY(system_call)
+@@ -254,7 +258,10 @@ sysret_signal:
+ 	xorl %esi,%esi # oldset -> arg2
+ 	call ptregscall_common
+ 1:	movl $_TIF_NEED_RESCHED,%edi
+-	jmp sysret_check
++	/* Use IRET because user could have changed frame. This
++	   works because ptregscall_common has called FIXUP_TOP_OF_STACK. */
++	cli
++	jmp int_with_check
+ 	
+ badsys:
+ 	movq $-ENOSYS,RAX-ARGOFFSET(%rsp)
+@@ -280,7 +287,8 @@ tracesys:			 
+ 	call syscall_trace_leave
+ 	RESTORE_TOP_OF_STACK %rbx
+ 	RESTORE_REST
+-	jmp ret_from_sys_call
++	/* Use IRET because user could have changed frame */
++	jmp int_ret_from_sys_call
+ 	CFI_ENDPROC
+ 		
+ /* 
+@@ -408,25 +416,9 @@ ENTRY(stub_execve)
+ 	CFI_ADJUST_CFA_OFFSET -8
+ 	CFI_REGISTER rip, r11
+ 	SAVE_REST
+-	movq %r11, %r15
+-	CFI_REGISTER rip, r15
+ 	FIXUP_TOP_OF_STACK %r11
+ 	call sys_execve
+-	GET_THREAD_INFO(%rcx)
+-	bt $TIF_IA32,threadinfo_flags(%rcx)
+-	CFI_REMEMBER_STATE
+-	jc exec_32bit
+ 	RESTORE_TOP_OF_STACK %r11
+-	movq %r15, %r11
+-	CFI_REGISTER rip, r11
+-	RESTORE_REST
+-	pushq %r11
+-	CFI_ADJUST_CFA_OFFSET 8
+-	CFI_REL_OFFSET rip, 0
+-	ret
+-
+-exec_32bit:
+-	CFI_RESTORE_STATE
+ 	movq %rax,RAX(%rsp)
+ 	RESTORE_REST
+ 	jmp int_ret_from_sys_call
diff --git a/debian/patches/powerpc-mkvmlinuz-support-2.patch b/debian/patches/powerpc-mkvmlinuz-support-2.patch
new file mode 100644
index 000000000..5c9cc2a9e
--- /dev/null
+++ b/debian/patches/powerpc-mkvmlinuz-support-2.patch
@@ -0,0 +1,57 @@
+# 
+# Mkvmlinuz support patch, called by debian's kernel-package to generate
+# the files needed by mkvmlinuz to generate the bootable images from vmlinux.
+# Author: Sven Luther <luther@debian.org>
+# Based on work from: Jens Schmalzing <jensen@debian.org>
+# Original comment from Jens :
+#   This shell script is intended to be put into the debian subdirectory
+#   of a Linux kernel tree, where make-kpkg will find and execute it
+#   while building a kernel-image package.  The purpose of this script
+#   is to add glue (object code, libraries, utilities and so on) from
+#   the kernel tree to the kernel-image package.  Later, the mkvmlinuz
+#   utility, which is available as a separate Debian package, can use
+#   this glue to create a bootable compressed kernel from the
+#   uncompressed kernel in the kernel-image package and optionally a
+#   ramdisk.  This is especially important on PowerPC subarchitectures
+#   that don't have a boot loader, but also comes handy for rescue
+#   systems and the like.
+# Upstream status: This patch stays a debian specific patch for now,
+# but it is not in a form where it could go upstream.
+#
+--- linux-2.6.16/arch/powerpc/Makefile.orig	2006-04-12 16:57:16.000000000 +0000
++++ linux-2.6.16/arch/powerpc/Makefile	2006-04-12 16:58:53.000000000 +0000
+@@ -148,7 +148,7 @@
+ 
+ CPPFLAGS_vmlinux.lds	:= -Upowerpc
+ 
+-BOOT_TARGETS = zImage zImage.initrd znetboot znetboot.initrd vmlinux.sm uImage
++BOOT_TARGETS = zImage zImage.initrd znetboot znetboot.initrd vmlinux.sm uImage mkvmlinuz_support_install
+ 
+ .PHONY: $(BOOT_TARGETS)
+ 
+--- linux-2.6.16/arch/powerpc/boot/Makefile.orig	2006-04-12 16:40:11.000000000 +0000
++++ linux-2.6.16/arch/powerpc/boot/Makefile	2006-04-12 19:23:06.000000000 +0000
+@@ -213,3 +213,23 @@
+ 	sh -x $(srctree)/$(src)/install.sh "$(KERNELRELEASE)" vmlinux System.map "$(INSTALL_PATH)" "$(BOOTIMAGE)"
+ 
+ clean-files += $(addprefix $(objtree)/, $(obj-boot) vmlinux.strip)
++
++#-----------------------------------------------------------
++# install mkvmlinuz support files
++#-----------------------------------------------------------
++quiet_cmd_mkvmlinuz = INSTALL mkvmlinuz support files
++      cmd_mkvmlinuz = cp -f $? $(INSTALL_MKVMLINUZ)
++
++mkvmlinuz-obj-sec = $(foreach section, $(1), $(patsubst %,$(obj)/mkvmlinuz-kernel-%.o, $(section)))
++mkvmlinuz-src-sec = $(foreach section, $(1), $(patsubst %,$(obj)/mkvmlinuz-kernel-%.c, $(section)))
++
++$(call mkvmlinuz-src-sec, $(required) $(initrd)): $(obj)/mkvmlinuz-kernel-%.c:
++	@touch $@
++$(call mkvmlinuz-obj-sec, $(required) $(initrd)): $(obj)/mkvmlinuz-kernel-%.o: $(obj)/mkvmlinuz-kernel-%.c
++	$(call if_changed_dep,bootcc)
++
++$(obj)/mkvmlinuz_support_install: $(obj)/addRamDisk $(obj)/addnote $(obj-boot) $(call mkvmlinuz-obj-sec, $(required) $(initrd)) $(srctree)/$(src)/zImage.lds
++	mkdir -p $(INSTALL_MKVMLINUZ)
++	$(call cmd,mkvmlinuz)
++targets		+= mkvmlinuz_support_install
++
diff --git a/debian/patches/series/7 b/debian/patches/series/7
new file mode 100644
index 000000000..ee82a76a5
--- /dev/null
+++ b/debian/patches/series/7
@@ -0,0 +1,4 @@
++ 2.6.16.3
++ 2.6.16.4
++ powerpc-mkvmlinuz-support-2.patch
++ 2.6.16.5
diff --git a/debian/patches/series/7-extra b/debian/patches/series/7-extra
new file mode 100644
index 000000000..9dfd712f5
--- /dev/null
+++ b/debian/patches/series/7-extra
@@ -0,0 +1 @@
++ m68k-2.6.16.patch m68k