Hi!

> CVE-2021-45469: f2fs: fix to do sanity check on last xattr entry in
> __f2fs_setxattr()
> 
> CVSS v3 score is not provided
> 
> OOB access bug in  __f2fs_setxattr().
> 
> Although it is fixed in stable trees, the patch isn't merged in the
> mainline yet at 2021/12/30. The commit 5598b24 ("f2fs: fix to do
> sanity check on last xattr entry in __f2fs_setxattr()") is in
> https://git.kernel.org/pub/scm/linux/kernel/git/chao/linux.git/commit/?h=dev&id=5598b24efaf4892741c798b425d543e4bed357a1
> but not in the mainline.
> 

Interesting. That's wrong and unusual for stable tree.

> CVE-2021-45480: rds: memory leak in __rds_conn_create()
> 
> CVSS v3 score is not provided
> 
> This bug was introdued by commit aced3ce57cd3 ("RDS tcp loopback
> connection can hang") which was merged at 5.13-rc4.

It was also merged in 4.19-stable as 0a3158ac5999fe. That's why we see
4.19 tree needing the fix. 4.4 is not affected. Good.

> mainline: [5f9562ebe710c307adc5f666bf1a2162ee7977c0]
> stable/4.19: [1ed173726c1a0082e9d77c7d5a85411e85bdd983]

Best regards,
								Pavel
-- 
DENX Software Engineering GmbH,      Managing Director: Wolfgang Denk
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany