Update advisories to note additional important changes

At the end of each advisory, note:

- The stable updates included.
- The random driver changes and their visible effects.  These are
  slightly different for buster as systemd moved away from using
  /dev/urandom.
- Enabling of crypto implementations for 32-bit Arm, which has
  some security impact.
- Other fixes for Debian bugs.

2 files changed, 43 insertions, 14 deletions

diff --git a/dsa-texts/4.19.249-2 b/dsa-texts/4.19.249-2
index 34f77df7..75f6a590 100644
--- a/dsa-texts/4.19.249-2
+++ b/dsa-texts/4.19.249-2
@@ -259,8 +259,29 @@ CVE-2022-33981
     (crash or memory corruption) or possibly for privilege escalation.
     This ioctl is now disabled by default.
 
-For the oldstable distribution (buster), these problems have been fixed
-in version 4.19.249-2.
+For the oldstable distribution (buster), these problems have been
+fixed in version 4.19.249-2.
+
+This update also corrects a regression in the network scheduler
+subsystem (bug #1013299).
+
+For the 32-bit Arm (armel and armhf) architectures, this update
+enables optimised implementations of several cryptographic and CRC
+algorithms.  For at least AES, this should remove a timing side-
+channel that could lead to a leak of sensitive information.
+
+This update includes many more bug fixes from stable updates
+4.19.236-4.19.249 inclusive, including for bug #1006346.  The random
+driver has been backported from Linux 5.19, fixing numerous
+performance and correctness issues.  Some changes will be visible:
+
+- The entropy pool size is now 256 bits instead of 4096.  You may need
+  to adjust the configuration of system monitoring or user-space
+  entropy gathering services to allow for this.
+
+- On systems without a hardware RNG, the kernel may log more uses of
+  /dev/urandom before it is fully initialised.  These uses were
+  previously under-counted and this is not a regression.
 
 We recommend that you upgrade your linux packages.
 
diff --git a/dsa-texts/4.9.320-2 b/dsa-texts/4.9.320-2
index 7169fec7..b8bfdc34 100644
--- a/dsa-texts/4.9.320-2
+++ b/dsa-texts/4.9.320-2
@@ -36,18 +36,8 @@ CVE-2018-1108
 
     The original fix for this issue had to be reverted because it
     caused the boot process to hang on many systems.  In this version,
-    the random driver has been backported from Linux 5.19 and is more
-    effective in gathering entropy without needing a hardware RNG.
-
-    Some changes will be visible:
-
-    - The entropy pool size is now 256 bits instead of 4096.  You may
-      need to adjust the configuration of system monitoring or
-      user-space entropy gathering services to allow for this.
-
-    - On systems without a hardware RNG, the kernel will log many uses
-      of /dev/urandom before it is fully initialised.  These uses were
-      previously under-counted and this is not a regression.
+    the random driver has been updated, making it more effective in
+    gathering entropy without needing a hardware RNG.
 
 CVE-2021-4149
 
@@ -266,6 +256,24 @@ CVE-2022-33981
 For Debian 9 stretch, these problems have been fixed in version
 4.9.320-2.
 
+For the 32-bit Arm (armel and armhf) architectures, this update
+enables optimised implementations of several cryptographic and CRC
+algorithms.  For at least AES, this should remove a timing side-
+channel that could lead to a leak of sensitive information.
+
+This update includes many more bug fixes from stable updates
+4.9.304-4.9.320 inclusive.  The random driver has been backported from
+Linux 5.19, fixing numerous performance and correctness issues.  Some
+changes will be visible:
+
+- The entropy pool size is now 256 bits instead of 4096.  You may need
+  to adjust the configuration of system monitoring or user-space
+  entropy gathering services to allow for this.
+
+- On systems without a hardware RNG, the kernel will log many more
+  uses of /dev/urandom before it is fully initialised.  These uses
+  were previously under-counted and this is not a regression.
+
 We recommend that you upgrade your linux packages.
 
 For the detailed security status of linux please refer to