Update status for CVE-2021-35477 and CVE-2021-34556

author: Salvatore Bonaccorso <carnil@debian.org> 2021-09-19 09:36:38 +0200
committer: Salvatore Bonaccorso <carnil@debian.org> 2021-09-19 09:36:38 +0200
commit: f240f8b2c90c6118579f792d18a19851a98b0d88 (patch)
tree: cc0630f4ee70fca75e9a0fa989f82cb5d853b0a4 /active/CVE-2021-34556
parent: 77afa069f1a14bb6a03b0cc679a474a3bfb7c3c0 (diff)
1 files changed, 3 insertions, 2 deletions
diff --git a/active/CVE-2021-34556 b/active/CVE-2021-34556
index 67518656..9acf9755 100644
--- a/active/CVE-2021-34556
+++ b/active/CVE-2021-34556
@@ -1,13 +1,14 @@
 Description: BPF protection against Speculative Store Bypass can be bypassed to disclose arbitrary kernel memory
 References:
  https://www.openwall.com/lists/oss-security/2021/08/01/3
+ https://lore.kernel.org/stable/20210913153537.2162465-1-ovidiu.panait@windriver.com/
 Notes:
 Bugs:
 upstream: released (5.14-rc4) [f5e81d1117501546b7be050c5fbafa6efd2c722c, 2039f26f3aca5b0e419b98f65dd36481337b86ee]
 5.10-upstream-stable: released (5.10.56) [bea9e2fd180892eba2574711b05b794f1d0e7b73, 0e9280654aa482088ee6ef3deadef331f5ac5fb0]
-4.19-upstream-stable:
+4.19-upstream-stable: needed
 4.9-upstream-stable:
 sid: released (5.10.46-4) [bugfix/all/bpf-introduce-bpf-nospec-instruction-for-mitigating-.patch, bugfix/all/bpf-fix-leakage-due-to-insufficient-speculative-stor.patch]
 5.10-bullseye-security: N/A "Fixed before branching point"
-4.19-buster-security:
+4.19-buster-security: needed
 4.9-stretch-security:
author	Salvatore Bonaccorso <carnil@debian.org>	2021-09-19 09:36:38 +0200
committer	Salvatore Bonaccorso <carnil@debian.org>	2021-09-19 09:36:38 +0200
commit	f240f8b2c90c6118579f792d18a19851a98b0d88 (patch)
tree	cc0630f4ee70fca75e9a0fa989f82cb5d853b0a4 /active/CVE-2021-34556
parent	77afa069f1a14bb6a03b0cc679a474a3bfb7c3c0 (diff)