CVE-2013-4312: bugfix/all/unix-properly-account-for-FDs-passed-over-unix-socke.patch
CVE-2013-7446: bugfix/all/unix-avoid-use-after-free-in-ep_remove_wait_queue.patch
CVE-2015-1333: bugfix/all/keys-ensure-we-free-the-assoc-array-edit-if-edit-is-valid.patch
CVE-2015-4692: bugfix/x86/kvm-x86-fix-kvm_apic_has_events-to-check-for-null-po.patch
CVE-2015-5156: bugfix/all/virtio-net-drop-netif_f_fraglist.patch
CVE-2015-5257: bugfix/all/usb-whiteheat-fix-potential-null-deref-at-probe.patch
CVE-2015-5283: bugfix/all/sctp-fix-race-on-protocol-netns-initialization.patch
CVE-2015-5307: bugfix/x86/kvm-x86-vmx-avoid-guest-host-dos-by-intercepting-ac.patch, bugfix/x86/kvm-x86-svm-intercept-ac-to-avoid-guest-host-exploit.patch
CVE-2015-5364: bugfix/all/udp-fix-behavior-of-wrong-checksums.patch
CVE-2015-5366: bugfix/all/udp-fix-behavior-of-wrong-checksums.patch
CVE-2015-5697: bugfix/all/md-use-kzalloc-when-bitmap-is-disabled.patch
CVE-2015-5706: bugfix/all/path_openat-fix-double-fput.patch
CVE-2015-5707: bugfix/all/sg_start_req-make-sure-that-there-s-not-too-many-ele.patch
CVE-2015-6252: bugfix/all/vhost-actually-track-log-eventfd-file.patch
CVE-2015-6937: bugfix/all/rds-verify-the-underlying-transport-exists-before-cr.patch
CVE-2015-7513: bugfix/x86/KVM-x86-Reload-pit-counters-for-all-channels-when-re.patch
CVE-2015-7550: bugfix/all/keys-fix-race-between-read-and-revoke.patch
CVE-2015-7566: bugfix/all/usb-serial-visor-fix-crash-on-detecting-device-without-write_urbs.patch
CVE-2015-7613: bugfix/all/Initialize-msg-shm-IPC-objects-before-doing-ipc_addid.patch
CVE-2015-7833: bugfix/all/usbvision-fix-overflow-of-interfaces-array.patch, media-usbvision-fix-crash-on-detecting-device-with-i.patch
CVE-2015-7872: bugfix/all/KEYS-Fix-crash-when-attempt-to-garbage-collect-an-un.patch
CVE-2015-7990: bugfix/all/rds-fix-race-condition-when-sending-a-message-on-unbound-socket.patch
CVE-2015-8104: bugfix/x86/kvm-svm-unconditionally-intercept-DB.patch
CVE-2015-8374: bugfix/all/btrfs-fix-truncation-of-compressed-and-inlined-exten.patch
CVE-2015-8543: bugfix/all/net-add-validation-for-the-socket-syscall-protocol.patch
CVE-2015-8550: bugfix/all/xen-add-ring_copy_request.patch, bugfix/all/xen-netback-don-t-use-last-request-to-determine-mini.patch, bugfix/all/xen-netback-use-ring_copy_request-throughout.patch, bugfix/all/xen-blkback-only-read-request-operation-from-shared-.patch, bugfix/all/xen-blkback-read-from-indirect-descriptors-only-once.patch, bugfix/all/xen-pciback-save-xen_pci_op-commands-before-processi.patch
CVE-2015-8551: bugfix/all/xen-pciback-return-error-on-xen_pci_op_enable_msi-wh.patch, bugfix/all/xen-pciback-return-error-on-xen_pci_op_enable_msix-w.patch, bugfix/all/xen-pciback-do-not-install-an-irq-handler-for-msi-in.patch, bugfix/all/xen-pciback-for-xen_pci_op_disable_msi-x-only-disabl.patch, bugfix/all/xen-pciback-don-t-allow-msi-x-ops-if-pci_command_mem.patch
CVE-2015-8552: bugfix/all/xen-pciback-return-error-on-xen_pci_op_enable_msi-wh.patch, bugfix/all/xen-pciback-return-error-on-xen_pci_op_enable_msix-w.patch, bugfix/all/xen-pciback-do-not-install-an-irq-handler-for-msi-in.patch, bugfix/all/xen-pciback-for-xen_pci_op_disable_msi-x-only-disabl.patch, bugfix/all/xen-pciback-don-t-allow-msi-x-ops-if-pci_command_mem.patch
CVE-2015-8569: bugfix/all/pptp-verify-sockaddr_len-in-pptp_bind-and-pptp_conne.patch
CVE-2015-8575: bugfix/all/bluetooth-validate-socket-address-length-in-sco_sock.patch
CVE-2015-8709: bugfix/all/ptrace-being-capable-wrt-a-process-requires-mapped-uids-gids.patch
CVE-2015-8767: bugfix/all/sctp-prevent-soft-lockup-when-sctp_accept-is-called-.patch
CVE-2016-0723: bugfix/all/tty-fix-unsafe-ldisc-reference-via-ioctl-tiocgetd.patch
CVE-2016-0728: bugfix/all/KEYS-Fix-keyring-ref-leak-in-join_session_keyring.patch

CVE-2015-3290: apparently fixed in 3.16.7-ckt11-1+deb8u2
CVE-2015-7799: apparently fixed in 3.16.7-ckt20-1+deb8u1