Re: New CVE entries this week
** Traking CVEsThis is basically missing memset. Does not look evil to backport.
CVE-2021-3655: v4.4 is not fixed as of 2021/07/29This may need more careful look. There are 4 patches fixing this in
mainline, but only two in
5.10. c7da1d1ed43a6c2bece0d287e2415adf2868697e should be easy to
backport to 4.4.
CVE-2021-31829: Linux kernel protection of stack pointer againstStrange, this talks about CVE-2021-22543 in the changelog.
CVE-2021-31615: Unencrypted Bluetooth Low Energy baseband links in
CVE-2021-3655: missing size validations on inbound SCTP packetsI guess this should be listed in stable/4.4: ... then?
DENX Software Engineering GmbH, Managing Director: Wolfgang Denk
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany