Adding patchinfo patchinfo.20240830091202805976.269002615871826

patchinfo.20240830091202805976.269002615871826/_patchinfo

@@ -0,0 +1,58 @@
+<patchinfo>
+  <!-- generated from request(s) 343333 -->
+  <issue tracker="bnc" id="1221812">qemu coredump when virsh migrate postcopy + virsh migrate-postcopy on sle15sp6 kvm host</issue>
+  <issue tracker="bnc" id="1227322">VUL-0: CVE-2024-4467: qemu: 'qemu-img info' leads to host file read/write</issue>
+  <issue tracker="bnc" id="1229007">VUL-0: CVE-2024-7409: qemu: denial of service via improper synchronization in QEMU NBD Server during socket closure</issue>
+  <issue tracker="cve" id="2024-4467"/>
+  <issue tracker="cve" id="2024-7409"/>
+  <packager>dfaggioli</packager>
+  <rating>important</rating>
+  <category>security</category>
+  <summary>Security update for qemu</summary>
+  <description>This update for qemu fixes the following issues:
+
+- Fix bsc#1221812:
+  * block: Reschedule query-block during qcow2 invalidation (bsc#1221812)
+
+- Fix bsc#1229007, CVE-2024-7409:
+  * nbd/server: CVE-2024-7409: Close stray clients at server-stop (bsc#1229007)
+  * nbd/server: CVE-2024-7409: Drop non-negotiating clients (bsc#1229007)
+  * nbd/server: CVE-2024-7409: Cap default max-connections to 100 (bsc#1229007)
+  * nbd/server: Plumb in new args to nbd_client_add() (bsc#1229007, CVE-2024-7409)
+  * nbd: Minor style and typo fixes (bsc#1229007, CVE-2024-7409)
+
+- Update to version 8.2.6:
+
+  Full backport lists (from the various releases) here:
+   https://lore.kernel.org/qemu-devel/1721203806.547734.831464.nullmailer@tls.msk.ru/
+
+  Some of the upstream backports are:
+   hw/nvme: fix number of PIDs for FDP RUH update
+   sphinx/qapidoc: Fix to generate doc for explicit, unboxed arguments
+   char-stdio: Restore blocking mode of stdout on exit
+   virtio: remove virtio_tswap16s() call in vring_packed_event_read()
+   virtio-pci: Fix the failure process in kvm_virtio_pci_vector_use_one()
+   block: Parse filenames only when explicitly requested
+   iotests/270: Don't store data-file with json: prefix in image
+   iotests/244: Don't store data-file with protocol in image
+   qcow2: Don't open data_file with BDRV_O_NO_IO (bsc#1227322, CVE-2024-4467)
+   target/arm: Fix FJCVTZS vs flush-to-zero
+   target/arm: Fix VCMLA Dd, Dn, Dm[idx]
+   i386/cpu: fixup number of addressable IDs for processor cores in the physical package
+   tests: Update our CI to use CentOS Stream 9 instead of 8
+   migration: Fix file migration with fdset
+   tcg/loongarch64: Fix tcg_out_movi vs some pcrel pointers
+   target/sparc: use signed denominator in sdiv helper
+   linux-user: Make TARGET_NR_setgroups affect only the current thread
+   accel/tcg: Fix typo causing tb-&gt;page_addr[1] to not be recorded
+   stdvga: fix screen blanking
+   hw/audio/virtio-snd: Always use little endian audio format
+   ui/gtk: Draw guest frame at refresh cycle
+   virtio-net: drop too short packets early
+   target/i386: fix size of EBP writeback in gen_enter()
+
+</description>
+  <package>qemu</package>
+  <package>qemu:qemu-linux-user</package>
+  <seperate_build_arch/>
+</patchinfo>