docs/news.md: Updates for 9.4

docs/issues/CVE-2024-1086.md

@@ -16,7 +16,7 @@ Public disclosure date: March 26, 2024 for the above blog post, which made the i
 
 ## EL9
 
-Affected. We will of course rebuild upstream's fix as soon as it arrives. Meanwhile, please refer to the mitigations below.
+- Fixed in version: `kernel-5.14.0-427.16.1.el9_4` available May 8, 2024
 
 ## EL8
 
@@ -25,7 +25,7 @@ Affected. We will of course rebuild upstream's fix as soon as it arrives. Meanwh
 
 ## Mitigation
 
-Meanwhile, we recommend two mitigations:
+We also recommend two mitigations:
 
 - If you don't use containers, we recommend that you disable user namespaces e.g. by running the below commands as root:
 

docs/news.md

@@ -2,9 +2,20 @@
 
 These are what we consider significant SIG/Security news items, not an exhaustive list of package updates and wiki edits.
 
+## May 20, 2024
+
+[glibc](packages/glibc.md) `2.34-100.el9_4.security.0.8` contains all of our changes so far rebased on top of 9.4's `2.34-100`,
+which was still missing the iconv and nscd security fixes, so our addition of those is still relevant.
+
+[openssh](packages/openssh.md) rebased on 9.4's `8.7p1-38`.
+
+The status page on [CVE-2024-1086](issues/CVE-2024-1086.md) has been updated to refer to EL9 fix.
+
 ## April 30, 2024
 
-[glibc](packages/glibc.md) `2.34-83.12.el9_3.security.0.6` includes nscd CVE-2024-33599, CVE-2024-33600, CVE-2024-33601, CVE-2024-33602 fixes from upstream glibc 2.34 branch.
+Unreleased [glibc](packages/glibc.md) `2.34-83.12.el9_3.security.0.6` includes nscd CVE-2024-33599, CVE-2024-33600, CVE-2024-33601, CVE-2024-33602 fixes from upstream glibc 2.34 branch.
+
+This update ended up unreleased because we refocused on 9.4.
 
 ## April 18-23, 2024
 

docs/packages/glibc.md

@@ -2,8 +2,8 @@
 
 ## EL9
 
-- Version `2.34-83.12.el9_3.security.0.6`
-- Based on `2.34-83.el9.12`
+- Version `2.34-100.el9_4.security.0.8`
+- Based on `2.34-100.el9`
 
 ### Changes summary
 
@@ -28,6 +28,12 @@ In general, inclusion of additional security fixes will be "reverted" if and whe
 ### Change log
 
 ```
+* Mon May 20 2024 Solar Designer <solar@openwall.com> - 2.34-100.el9.security.0.8
+- Rebase on 2.34-100
+
+* Tue May 07 2024 Solar Designer <solar@openwall.com> - 2.34-83.12.el9.security.0.7
+- Upstream glibc 2.34 fix "nscd: Use time_t for return type of addgetnetgrentX"
+
 * Tue Apr 30 2024 Solar Designer <solar@openwall.com> - 2.34-83.12.el9.security.0.6
 - Add nscd CVE-2024-33599, CVE-2024-33600, CVE-2024-33601, CVE-2024-33602 fixes
   from upstream glibc 2.34 branch
@@ -52,11 +58,6 @@ In general, inclusion of additional security fixes will be "reverted" if and whe
 
 [... upstream changes ...]
 
-* Fri Oct  6 2023 Solar Designer <solar@openwall.com> - 2.34-60.7.el9.security.0.3
-- Rebase on 2.34-60.7, drop "our" CVE-2023-4527 patch in favor of RH's
-
-[... upstream changes ...]
-
 * Mon Oct  2 2023 Solar Designer <solar@openwall.com> - 2.34-60.el9.security.0.2
 - Add glibc-owl-alt-sanitize-env.patch stitched from several ALT Linux commits
   as none of their revisions matched this package's set of backports as-is

docs/packages/openssh.md

@@ -2,8 +2,8 @@
 
 ## EL9
 
-- Version `8.7p1-34.3.el9_3.security.0.3`
-- Based on `8.7p1-34.el9_3.3`
+- Version `8.7p1-38.el9_4.security.0.4`
+- Based on `8.7p1-38.el9`
 
 ### Changes summary
 
@@ -13,6 +13,9 @@
 ### Change log
 
 ```
+* Mon May 20 2024 Solar Designer <solar@openwall.com> 8.7p1-38.el9_4.security.0.4
+- Rebase on 8.7p1-38
+
 * Sat Mar 16 2024 Solar Designer <solar@openwall.com> 8.7p1-34.3.el9_3.security.0.3
 - Comment out GSSAPI* lines in /etc/ssh/ssh*_config.d/50-redhat.conf and patch
   the code to silently ignore GSSAPIKexAlgorithms when unsupported (like it is