Description: netfilter: nf_queue: do not allow packet truncation below transport header offset
References:
 https://marc.info/?l=netfilter-devel&m=165883202007292&w=2
Notes:
 carnil> Introduced by 7af4cc3fa158 ("[NETFILTER]: Add "nfnetlink_queue"
 carnil> netfilter queue handler over nfnetlink")
 carnil> For 5.18.y fixed as well in 5.18.16.
Bugs:
upstream: released (5.19) [99a63d36cb3ed5ca3aa6fcb64cffbeaf3b0fb164]
5.10-upstream-stable: released (5.10.135) [440dccd80f627e0e11ceb0429e4cdab61857d17e]
4.19-upstream-stable: released (4.19.255) [f295d365b30626f82423a923695274024016380e]
sid: released (5.18.16-1)
5.10-bullseye-security: released (5.10.136-1)
4.19-buster-security: released (4.19.260-1)