File _patchinfo of Package patchinfo.26278

<patchinfo incident="26278">
  <issue tracker="bnc" id="1198037">VUL-0: CVE-2021-4207: qemu,kvm: double fetch in qxl_cursor() can lead to heap buffer overflow</issue>
  <issue tracker="bnc" id="1182282">VUL-0: CVE-2021-3409: qemu: incomplete fix for CVE-2020-17380 and CVE-2020-25085 in sdhi controller</issue>
  <issue tracker="bnc" id="1192115">qemu-seabios 1.14 breaks booting from usb storage</issue>
  <issue tracker="bnc" id="1198035">VUL-0: CVE-2021-4206: qemu,kvm: integer overflow in cursor_alloc() can lead to heap buffer overflow</issue>
  <issue tracker="bnc" id="1175144">VUL-0: CVE-2020-17380: kvm,qemu: heap buffer overflow in sdhci_sdma_transfer_multi_blocks() in hw/sd/sdhci.c</issue>
  <issue tracker="bnc" id="1198038">VUL-1: CVE-2022-0216: kvm,qemu: use-after-free in lsi_do_msgout function in hw/scsi/lsi53c895a.c</issue>
  <issue tracker="cve" id="2021-4206"/>
  <issue tracker="cve" id="2022-35414"/>
  <issue tracker="cve" id="2021-3409"/>
  <issue tracker="cve" id="2022-0216"/>
  <issue tracker="cve" id="2021-4207"/>
  <packager>dfaggioli</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for qemu</summary>
  <description>This update for qemu fixes the following issues:

- CVE-2021-3409: Fixed an incomplete fix for CVE-2020-17380 and CVE-2020-25085 in sdhi controller. (bsc#1182282)
- CVE-2021-4206: Fixed an integer overflow in cursor_alloc which can lead to heap buffer overflow. (bsc#1198035)
- CVE-2021-4207: Fixed a double fetch in qxl_cursor ehich can lead to heap buffer overflow. (bsc#1198037)
- CVE-2022-0216: Fixed a use after free issue found in hw/scsi/lsi53c895a.c. (bsc#1198038)
- CVE-2022-35414: Fixed an uninitialized read during address translation that leads to a crash. (bsc#1201367)
</description>
</patchinfo>