Update advisories to note additional important changes

At the end of each advisory, note:

- The stable updates included.
- The random driver changes and their visible effects.  These are
  slightly different for buster as systemd moved away from using
  /dev/urandom.
- Enabling of crypto implementations for 32-bit Arm, which has
  some security impact.
- Other fixes for Debian bugs.

1 files changed, 23 insertions, 2 deletions

diff --git a/dsa-texts/4.19.249-2 b/dsa-texts/4.19.249-2
index 34f77df7..75f6a590 100644
--- a/dsa-texts/4.19.249-2
+++ b/dsa-texts/4.19.249-2
@@ -259,8 +259,29 @@ CVE-2022-33981
     (crash or memory corruption) or possibly for privilege escalation.
     This ioctl is now disabled by default.
 
-For the oldstable distribution (buster), these problems have been fixed
-in version 4.19.249-2.
+For the oldstable distribution (buster), these problems have been
+fixed in version 4.19.249-2.
+
+This update also corrects a regression in the network scheduler
+subsystem (bug #1013299).
+
+For the 32-bit Arm (armel and armhf) architectures, this update
+enables optimised implementations of several cryptographic and CRC
+algorithms.  For at least AES, this should remove a timing side-
+channel that could lead to a leak of sensitive information.
+
+This update includes many more bug fixes from stable updates
+4.19.236-4.19.249 inclusive, including for bug #1006346.  The random
+driver has been backported from Linux 5.19, fixing numerous
+performance and correctness issues.  Some changes will be visible:
+
+- The entropy pool size is now 256 bits instead of 4096.  You may need
+  to adjust the configuration of system monitoring or user-space
+  entropy gathering services to allow for this.
+
+- On systems without a hardware RNG, the kernel may log more uses of
+  /dev/urandom before it is fully initialised.  These uses were
+  previously under-counted and this is not a regression.
 
 We recommend that you upgrade your linux packages.