File _patchinfo of Package patchinfo.40366

<patchinfo incident="40366">
  <issue tracker="bnc" id="1241772">VUL-0: CVE-2025-22872: kubevirt: golang.org/x/net/html: incorrectly interpreted tags can cause content to be placed wrong scope during DOM construction</issue>
  <issue tracker="bnc" id="1234537">VUL-0: CVE-2024-45337: kubevirt: golang.org/x/crypto/ssh: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto</issue>
  <issue tracker="bnc" id="1235303">VUL-0: CVE-2024-45338: kubevirt: golang.org/x/net/html: denial of service due to non-linear parsing of case-insensitive content</issue>
  <issue tracker="cve" id="2025-22872"></issue>
  <issue tracker="cve" id="2024-45337"></issue>
  <issue tracker="cve" id="2024-45338"></issue>
  <packager>ccrane</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for kubevirt, virt-api-container, virt-controller-container, virt-exportproxy-container, virt-exportserver-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools-container, virt-operator-container, virt-pr-helper-container</summary>
  <description>This update for kubevirt, virt-api-container, virt-controller-container, virt-exportproxy-container, virt-exportserver-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools-container, virt-operator-container, virt-pr-helper-container fixes the following issues:

This update for kubevirt updates golang.org/x/net to 0.38.0, fixing security issues (CVE-2025-22872, CVE-2024-45337, CVE-2024-45338, bsc#1234537, bsc#1235303, bsc#1241772)
and also rebuilds it against current GO.
</description>
</patchinfo>