File _patchinfo of Package patchinfo.29142

<patchinfo incident="29142">
  <issue tracker="bnc" id="1198038">VUL-1: CVE-2022-0216: kvm,qemu: use-after-free in lsi_do_msgout function in hw/scsi/lsi53c895a.c</issue>
  <issue tracker="bnc" id="1198035">VUL-0: CVE-2021-4206: qemu,kvm: integer overflow in cursor_alloc() can lead to heap buffer overflow</issue>
  <issue tracker="bnc" id="1187529">VUL-0: qemu: integer overflow in object_property_try_add</issue>
  <issue tracker="bnc" id="1192463">binutils update: qemu maint-updates won't build as is in sle-15 and sle-12</issue>
  <issue tracker="bnc" id="1193621">binutils update: qemu (seabios) doesn't build, ld rejects to use executable file to link</issue>
  <issue tracker="bnc" id="1198037">VUL-0: CVE-2021-4207: qemu,kvm: double fetch in qxl_cursor() can lead to heap buffer overflow</issue>
  <issue tracker="bnc" id="1193880">VUL-0: CVE-2021-3929: kvm, qemu: DMA reentrancy issue leads to use-after-free in nvme</issue>
  <issue tracker="cve" id="2022-0216"/>
  <issue tracker="cve" id="2021-3929"/>
  <issue tracker="cve" id="2021-4206"/>
  <issue tracker="cve" id="2021-4207"/>
  <packager>dfaggioli</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for qemu</summary>
  <description>This update for qemu fixes the following issues:

- CVE-2022-0216: Fixed a use-after-free in lsi_do_msgout() in hw/scsi/lsi53c895a.c (bsc#1198038).
- CVE-2021-3929: Fixed use-after-free in nvme, caused by DMA reentrancy issue (bsc#1193880).
- CVE-2021-4207: Fixed heap buffer overflow caused by double fetch in qxl_cursor() (bsc#1198037).
- CVE-2021-4206: Fixed integer overflow in cursor_alloc() (bsc#1198035).
- Amend .changes file: avoid declaring a still unfixed CVE, as fixed (bsc#1187529) 
- Fix the build breaks caused by binutils update (bsc#1192463, bsc#1193621)
</description>
</patchinfo>