Well, there's 91b80969ba466ba4b915a4a1d03add8c297add3f and
27df6f25ff218072e0e879a96beeb398a79cdbc8 from the current stable tree. Now
neither actually say the Magic Word 'security', but anyone who's using an
upstream kernel who doesn't recognise that a buffer overrun is a security
concern *deserves* to be broken into for utter stupidity, IMNSHO.
They don't have CVE numbers and perhaps the authors didn't even bother to
isolate the commit that introduced the problem. How terrifying, I'm sure
the fix is much worse as a consequence.
Naturally some bugs have nothing mentioned in the changelogs: not everyone
cares to mention them, not everyone who fixes such a bug knows it is
security fixes at the time they're fixed, and so on.
Haven't we done this whole tiresome argument before? :/