Overview

File _patchinfo of Package patchinfo.36728

<patchinfo incident="36728">
  <issue tracker="bnc" id="1233297">VUL-0: CVE-2024-47535: netty,netty3: unsafe reading of large environment files when Netty is loaded by a java application can lead to a crash due to the JVM memory limit being exceeded</issue>
  <issue tracker="bnc" id="1047218">trackerbug: packages do not build reproducibly from including build time</issue>
  <issue tracker="cve" id="2024-47535"/>
  <packager>fstrba</packager>
  <rating>moderate</rating>
  <category>security</category>
  <summary>Security update for aalto-xml, flatten-maven-plugin, jctools, moditect, netty, netty-tcnative</summary>
  <description>This update for aalto-xml, flatten-maven-plugin, jctools, moditect, netty, netty-tcnative fixes the following issues:

- CVE-2024-47535: Fixed unsafe reading of large environment files when Netty is loaded by a java application can 
lead to a crash due to the JVM memory limit being exceeded in netty (bsc#1233297)

Other fixes:
- Upgraded netty to upstream version 4.1.115
- Upgraded netty-tcnative to version 2.0.69 Final
- Updated jctools to version 4.0.5
- Updated aalto-xml to version 1.3.3
- Updated moditect to version 1.2.2
- Updated flatten-maven-plugin to version 1.6.0</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places