File _patchinfo of Package patchinfo.23695

<patchinfo incident="23695">
  <issue tracker="bnc" id="1193672">VUL-0: CVE-2021-43797: netty3, netty: possible HTTP request smuggling due to insufficient validation against control characters</issue>
  <issue tracker="bnc" id="1190613">VUL-0: CVE-2021-37137: netty: netty-codec: SnappyFrameDecoder doesn't restrict chunk length any may buffer skippable chunks in an unnecessary way</issue>
  <issue tracker="bnc" id="1182103">VUL-1: CVE-2021-21290: netty: Information disclosure via the local system temporary directory</issue>
  <issue tracker="bnc" id="1190610">VUL-0: CVE-2021-37136: netty: netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data</issue>
  <issue tracker="cve" id="2021-43797"/>
  <issue tracker="cve" id="2021-37137"/>
  <issue tracker="cve" id="2021-37136"/>
  <issue tracker="cve" id="2021-21290"/>
  <issue tracker="bnc" id="1183262"/>
  <issue tracker="cve" id="2021-21295"/>
  <packager>fstrba</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for netty</summary>
  <description>This update for netty fixes the following issues:

- Updated to version 4.1.75:
  - CVE-2021-37136: Fixed an unrestricted decompressed data size in Bzip2Decoder
    (bsc#1190610).
  - CVE-2021-37137: Fixed an unrestricted chunk length in SnappyFrameDecoder,
    which might lead to excessive memory usage (#bsc#1190613).
  - CVE-2021-43797: Fixed a potential HTTP request smuggling issue due to
    insufficient validation against control characters (bsc#1193672).
  - CVE-2021-21290: Fixed an information disclosure via the local system
    temporary directory (bsc#1182103).
</description>
</patchinfo>