Accepted linux-signed-arm64 5.10.46+5 (source) into proposed-updates->stable-new, proposed-updates
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 23 Sep 2021 22:35:21 +0200
Source: linux-signed-arm64
Architecture: source
Version: 5.10.46+5
Distribution: bullseye-security
Urgency: high
Maintainer: Debian Kernel Team <debian-kernel@lists.debian.org>
Changed-By: Salvatore Bonaccorso <carnil@debian.org>
Changes:
linux-signed-arm64 (5.10.46+5) bullseye-security; urgency=high
.
* Sign kernel from linux 5.10.46-5
.
* virtio_console: Assure used length from device is limited (CVE-2021-38160)
* NFSv4: Initialise connection to the server in nfs4_alloc_client()
(CVE-2021-38199)
* tracing: Fix bug in rb_per_cpu_empty() that might cause deadloop.
(CVE-2021-3679)
* [poewrpc*] KVM: PPC: Book3S: Fix H_RTAS rets buffer overflow
(CVE-2021-37576)
* ovl: prevent private clone if bind mount is not allowed (CVE-2021-3732)
* [x86] KVM: nSVM: avoid picking up unsupported bits from L2 in int_ctl
(CVE-2021-3653)
* [x86] KVM: nSVM: always intercept VMLOAD/VMSAVE when nested (CVE-2021-3656)
* bpf: Fix integer overflow involving bucket_size (CVE-2021-38166)
* ath: Use safer key clearing with key cache entries (CVE-2020-3702)
* ath9k: Clear key cache explicitly on disabling hardware (CVE-2020-3702)
* ath: Export ath_hw_keysetmac() (CVE-2020-3702)
* ath: Modify ath_key_delete() to not need full key entry (CVE-2020-3702)
* ath9k: Postpone key cache entry deletion for TXQ frames reference it
(CVE-2020-3702)
* btrfs: fix NULL pointer dereference when deleting device by invalid id
(CVE-2021-3739)
* net: qrtr: fix another OOB Read in qrtr_endpoint_post (CVE-2021-3743)
* vt_kdsetmode: extend console locking (CVE-2021-3753)
* ext4: fix race writing to an inline_data file while its xattrs are changing
(CVE-2021-40490)
* dccp: don't duplicate ccid when cloning dccp sock (CVE-2020-16119)
* io_uring: ensure symmetry in handling iter types in loop_rw_iter()
(CVE-2021-41073)
* netfilter: nftables: avoid potential overflows on 32bit arches
* netfilter: nf_tables: initialize set before expression setup
(Closes: #993978)
* netfilter: nftables: clone set element expression template
* bnx2x: Fix enabling network interfaces without VFs (Closes: #993948)
Checksums-Sha1:
536f1c270de64fee58359724fa35395a965f61ea 7240 linux-signed-arm64_5.10.46+5.dsc
486eb9e7cd32b94260b389c699a90b7e50839553 2412472 linux-signed-arm64_5.10.46+5.tar.xz
Checksums-Sha256:
47800c6a704e1ca1b3ef216ed3f472ba4e01779288ea39b562412367e63c4474 7240 linux-signed-arm64_5.10.46+5.dsc
c8100e8a68ff995faa2a9d47a006d88b8f14d908063f7426afce69225c2d3149 2412472 linux-signed-arm64_5.10.46+5.tar.xz
Files:
6844fd033c105d91cd0fcd8ac823c1c1 7240 kernel optional linux-signed-arm64_5.10.46+5.dsc
e7bc45ce6cbb2143cf375b7d9506ae26 2412472 kernel optional linux-signed-arm64_5.10.46+5.tar.xz
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEfKFfvHEI+gkU+E+di0FRiLdONzYFAmFNsa4ACgkQi0FRiLdO
NzbdTxAAqncCz98WijcEVj7C2QR8e0Lyaa/BfD0jyPORzVflNEhFxP0NUsctqtvb
Y7amGxRybGdaz9VhuNLgRZDrJEp45XvonEj12PTuO82Pcx2bb5SnG5/Vf99+InHz
HcrENGIlfkzUpKegJiQIRYdzf8dnhQ4LIy784d9lOyAYu+BkGRLrjvkjDOq7c9N2
989lQeJAZayvSdLXVbKLi9eB3AsvgwPcg/qa0oVoGWDf4TXQOAByIbD2p5pp7GQz
wXBj4ZSa8Jsyv/tWF1rVORfifygqmLTt09/fjIjV3vl9oq2Ssn9z4AyLpU53pe0W
ijqCyV9ryEwG1n7DhNRfg/poJMuhyaG76Hoq6wwphG6Ci8t2WJtzNQlPtepqvdT3
/q1F4S0Cl5WCiTh6mXchlUUT3LB+LGaQM/pvy9Ak+k2ulkH80Df58PJaJCCLlNdn
MU92wAo2XWogvtJDz//bUgwtkg8fZyw2crue9PLBT/v/kDh9lmLritGe2hVXH+qb
3PNVzX0qAVD0B/T4T9oimyDOCe0BMLbBDe6IYpJrwbnmdqUt08CpY3VjNz3WnF/2
ukvI2cy85VR338p7IqU0omJyxZkmXO04aScKIP30MFwvxDap0LItb+gPjPP6sj1Q
Zw1ygqzbhbdm1KrvXZmlSP7VSSc0gcTyAAhd16Sbil5VfIIX4j4=
=jOp4
-----END PGP SIGNATURE-----
Reply to: