--- zzzz-none-000/linux-2.6.28.10/net/ipv4/tcp_output.c	2009-05-02 18:54:43.000000000 +0000
+++ fusiv-7390-686/linux-2.6.28.10/net/ipv4/tcp_output.c	2019-07-09 13:48:20.000000000 +0000
@@ -944,6 +944,9 @@
 	/* Now subtract TCP options size, not including SACKs */
 	mss_now -= tp->tcp_header_len - sizeof(struct tcphdr);
 
+	/* CVE-2019-11479: set mss to 536 minimum */
+	mss_now = max(mss_now, 536);
+
 	return mss_now;
 }