From 97db91052b394c5a69910974e0cc3c94cebc1a34 Mon Sep 17 00:00:00 2001
From: Moritz Muehlenhoff <jmm@debian.org>
Date: Wed, 14 Dec 2022 14:02:17 +0100
Subject: retire some issues

---
 active/CVE-2021-33624 | 20 --------------------
 1 file changed, 20 deletions(-)
 delete mode 100644 active/CVE-2021-33624

(limited to 'active/CVE-2021-33624')

diff --git a/active/CVE-2021-33624 b/active/CVE-2021-33624
deleted file mode 100644
index 3da976cd..00000000
--- a/active/CVE-2021-33624
+++ /dev/null
@@ -1,20 +0,0 @@
-Description: Linux kernel BPF protection against speculative execution attacks can be bypassed to read arbitrary kernel memory
-References:
- https://www.openwall.com/lists/oss-security/2021/06/21/1
-Notes:
- carnil> 9183671af6db ("bpf: Fix leakage under speculation on
- carnil> mispredicted branches") is the main part of the fixes.
- carnil> The selftest fixes commit was included in later release as well
- carnil> in 5.10.57 but the CVE fixes covered already in 5.10.46.
- bwh> I think this can be ignored. Privileged users can generally read
- bwh> kernel memory through kprobes/tracepoints. Unprivileged use of
- bwh> eBPF is now disabled by default in all Debian suites.
-Bugs:
-upstream: released (5.13-rc7) [d203b0fd863a2261e5d00b97f3d060c4c2a6db71, fe9a5ca7e370e613a9a75a13008a3845ea759d6e, 9183671af6dbf60a1219371d4ed73e23f43b49db, 973377ffe8148180b2651825b92ae91988141b05]
-5.10-upstream-stable: released (5.10.46) [e9d271731d21647f8f9e9a261582cf47b868589a, 8c82c52d1de931532200b447df8b4fc92129cfd9, 5fc6ed1831ca5a30fb0ceefd5e33c7c689e7627b], released (5.10.57) [30ea1c535291e88e41413464277fcf98a95cf8c6]
-4.19-upstream-stable: released (4.19.204) [0abc8c9754c953f5cd0ac7488c668ca8d53ffc90, c510c1845f7b54214b4117272e0d87dff8732af6, 5fc6ed1831ca5a30fb0ceefd5e33c7c689e7627b, c15b387769446c37a892f958b169744dabf7ff23]
-4.9-upstream-stable: needed
-sid: released (5.10.46-1)
-5.10-bullseye-security: N/A "Fixed before branching point"
-4.19-buster-security: released (4.19.208-1)
-4.9-stretch-security: ignored "Too risky to backport, and mitigated by default"
-- 
cgit v1.2.3