From 961332f27b8eb7b7a685d640c7e1a41166c1e6c2 Mon Sep 17 00:00:00 2001
From: Ben Hutchings <ben@decadent.org.uk>
Date: Mon, 29 Nov 2021 12:13:57 +0100
Subject: Mark issues pending for stretch

---
 active/CVE-2021-3600 | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

(limited to 'active/CVE-2021-3600')

diff --git a/active/CVE-2021-3600 b/active/CVE-2021-3600
index 0fd38bbe..96a22802 100644
--- a/active/CVE-2021-3600
+++ b/active/CVE-2021-3600
@@ -6,6 +6,9 @@ Notes:
  carnil> in 4.15-rc9 (and was backported to 4.9.79). Though the specifc
  carnil> attach will not work on v4.9.y as pointer arithmetic is
  carnil> prohibited on those kernels.
+ bwh> For 4.9, commits f6b1b3bf0d5f "bpf: fix subprog verifier bypass by
+ bwh> div/mod by 0 exception" and d405c7407a54 "bpf: allocate 0x06 to new
+ bwh> eBPF instruction class JMP32" etc. need to be applied first.
 Bugs:
 upstream: released (5.11) [e88b2c6e5a4d9ce30d75391e4d950da74bb2bd90]
 5.10-upstream-stable: released (5.10.16) [1d16cc210fabd0a7ebf52d3025f81c2bde054a90]
@@ -14,4 +17,4 @@ upstream: released (5.11) [e88b2c6e5a4d9ce30d75391e4d950da74bb2bd90]
 sid: released (5.10.19-1)
 5.10-bullseye-security: N/A "Fixed before branching point"
 4.19-buster-security: released (4.19.208-1)
-4.9-stretch-security: needed
+4.9-stretch-security: pending (4.9.290-1) [bugfix/all/bpf-fix-32-bit-src-register-truncation-on-div-mod.patch]
-- 
cgit v1.2.3