From 45cf3ca1150c4063420e267efa3c5cc6b430658e Mon Sep 17 00:00:00 2001
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Fri, 5 Aug 2022 09:36:44 +0200
Subject: Add note for CVE-2022-21505

---
 active/CVE-2022-21505 | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/active/CVE-2022-21505 b/active/CVE-2022-21505
index f4df3d8d..7da41eb1 100644
--- a/active/CVE-2022-21505
+++ b/active/CVE-2022-21505
@@ -5,6 +5,8 @@ Notes:
  carnil> Released as well in 5.18.15 for 5.18.y.
  carnil> Commit fixes 29d3c1c8dfe7 ("kexec: Allow kexec_file() with
  carnil> appropriate IMA policy when locked down") in 5.4-rc1.
+ carnil> CONFIG_IMA was only re-enabled in Debian in 5.13.9-1~exp1
+ carnil> and the issue does not affect bullseye's built binary packages.
 Bugs:
 upstream: released (5.19-rc8) [543ce63b664e2c2f9533d089a4664b559c3e6b5b]
 5.10-upstream-stable: released (5.10.134) [ab5050fd7430dde3a9f073129036d3da3facc8ec]
-- 
cgit v1.2.3