- kvm-ide-atapi-check-logical-block-address-and-read-size-.patch [bz#1917449]
- Resolves: bz#1917449
  (CVE-2020-29443 qemu-kvm: QEMU: ide: atapi: OOB access while processing read commands [rhel-7.9.z])

- kvm-Suppress-prototype-warning-for-nss-headers.patch [bz#1884997]
- Resolves: bz#1884997
  (qemu-kvm FTBFS on rhel7.9)

- Fixing release number for z-stream

- kvm-vnc-fix-memory-leak-when-vnc-disconnect.patch [bz#1810408]
- Resolves: bz#1810408
  (CVE-2019-20382 qemu-kvm: QEMU: vnc: memory leakage upon disconnect [rhel-7])

- kvm-util-add-slirp_fmt-helpers.patch [bz#1798970]
- kvm-tcp_emu-fix-unsafe-snprintf-usages.patch [bz#1798970]
- Resolves: bz#1798970
  (CVE-2020-8608 qemu-kvm: QEMU: Slirp: potential OOB access due to unsafe snprintf() usages [rhel-7.8.z])

- kvm-tcp_emu-Fix-oob-access.patch [bz#1791560]
- kvm-slirp-use-correct-size-while-emulating-IRC-commands.patch [bz#1791560]
- kvm-slirp-use-correct-size-while-emulating-commands.patch [bz#1791560]
- Resolves: bz#1791560
  (CVE-2020-7039 qemu-kvm: QEMU: slirp: OOB buffer access while emulating tcp protocols in tcp_emu() [rhel-7.8])

- kvm-target-i386-add-MDS-NO-feature.patch [bz#1755333]
- Resolves: bz#1755333
  ([Intel 7.8 FEAT] MDS_NO exposure to guest - qemu-kvm [rhel-7.7.z])

- kvm-qxl-check-release-info-object.patch [bz#1732337]
- kvm-Fix-heap-overflow-in-ip_reass-on-big-packet-input.patch [bz#1734748]
- Resolves: bz#1732337
  (CVE-2019-12155 qemu-kvm: QEMU: qxl: null pointer dereference while releasing spice resources [rhel-7] [rhel-7.7.z])
- Resolves: bz#1734748
  (CVE-2019-14378 qemu-kvm: QEMU: slirp: heap buffer overflow during packet reassembly [rhel-7.7.z])

- Reverting kvm-seccomp-set-the-seccomp-filter-to-all-threads.patch [bz#1618503]
- Resolves: bz#1618503
  (qemu-kvm: Qemu: seccomp: blacklist is not applied to all threads [rhel-7])

- kvm-slirp-check-sscanf-result-when-emulating-ident.patch [bz#1669067]
- kvm-slirp-fix-big-little-endian-conversion-in-ident-prot.patch [bz#1669067]
- kvm-slirp-ensure-there-is-enough-space-in-mbuf-to-null-t.patch [bz#1669067]
- kvm-slirp-don-t-manipulate-so_rcv-in-tcp_emu.patch [bz#1669067]
- Resolves: bz#1669067
  (CVE-2019-6778 qemu-kvm: QEMU: slirp: heap buffer overflow in tcp_emu() [rhel-7.6.z])

- kvm-target-i386-define-md-clear-bit-rhel.patch
- Resolves: bz#1693216
  (qemu-kvm: hardware: Microarchitectural Store Buffer Data Sampling)

- kvm-multiboot-bss_end_addr-can-be-zero.patch [bz#1549824]
- kvm-multiboot-Remove-unused-variables-from-multiboot.c.patch [bz#1549824]
- kvm-multiboot-Use-header-names-when-displaying-fields.patch [bz#1549824]
- kvm-multiboot-fprintf-stderr.-error_report.patch [bz#1549824]
- kvm-multiboot-Reject-kernels-exceeding-the-address-space.patch [bz#1549824]
- kvm-multiboot-Check-validity-of-mh_header_addr.patch [bz#1549824]
- kvm-slirp-remove-mbuf-m_hdr-m_dat-indirection.patch [bz#1586248]
- kvm-slirp-correct-size-computation-while-concatenating-m.patch [bz#1586248]
- Resolves: bz#1549824
  (CVE-2018-7550 qemu-kvm: Qemu: i386:  multiboot OOB access while loading kernel image [rhel-7.5.z])
- Resolves: bz#1586248
  (CVE-2018-11806 qemu-kvm: QEMU: slirp: heap buffer overflow while reassembling fragmented datagrams [rhel-7.5.z])

- kvm-i386-Define-the-Virt-SSBD-MSR-and-handling-of-it-CVE.patch [bz#1584363]
- kvm-i386-define-the-AMD-virt-ssbd-CPUID-feature-bit-CVE-.patch [bz#1584363]
- Resolves: bz#1584363
  (CVE-2018-3639 qemu-kvm: hw: cpu: AMD: speculative store bypass [rhel-7.5.z])

- kvm-i386-define-the-ssbd-CPUID-feature-bit-CVE-2018-3639.patch [bz#1574075]
- Resolves: bz#1574075
  (EMBARGOED CVE-2018-3639 qemu-kvm: Kernel: omega-4 [rhel-7.5.z])

- kvm-vga-add-ram_addr_t-cast.patch [bz#1567913]
- kvm-vga-fix-region-calculation.patch [bz#1567913]
- Resolves: bz#1567913
  (CVE-2018-7858 qemu-kvm: Qemu: cirrus: OOB access when updating vga display [rhel-7] [rhel-7.5.z])

- kvm-vnc-Fix-qemu-crashed-when-vnc-client-disconnect-sudd.patch [bz#1527405]
- kvm-fix-full-frame-updates-for-VNC-clients.patch [bz#1527405]
- kvm-vnc-update-fix.patch [bz#1527405]
- kvm-vnc-return-directly-if-no-vnc-client-connected.patch [bz#1527405]
- kvm-buffer-add-buffer_move_empty.patch [bz#1527405]
- kvm-buffer-add-buffer_move.patch [bz#1527405]
- kvm-vnc-kill-jobs-queue-buffer.patch [bz#1527405]
- kvm-vnc-jobs-move-buffer-reset-use-new-buffer-move.patch [bz#1527405]
- kvm-vnc-zap-dead-code.patch [bz#1527405]
- kvm-vnc-add-vnc_width-vnc_height-helpers.patch [bz#1527405]
- kvm-vnc-factor-out-vnc_update_server_surface.patch [bz#1527405]
- kvm-vnc-use-vnc_-width-height-in-vnc_set_area_dirty.patch [bz#1527405]
- kvm-vnc-only-alloc-server-surface-with-clients-connected.patch [bz#1527405]
- kvm-ui-fix-refresh-of-VNC-server-surface.patch [bz#1527405]
- kvm-ui-move-disconnecting-check-to-start-of-vnc_update_c.patch [bz#1527405]
- kvm-ui-remove-redundant-indentation-in-vnc_client_update.patch [bz#1527405]
- kvm-ui-avoid-pointless-VNC-updates-if-framebuffer-isn-t-.patch [bz#1527405]
- kvm-ui-track-how-much-decoded-data-we-consumed-when-doin.patch [bz#1527405]
- kvm-ui-introduce-enum-to-track-VNC-client-framebuffer-up.patch [bz#1527405]
- kvm-ui-correctly-reset-framebuffer-update-state-after-pr.patch [bz#1527405]
- kvm-ui-refactor-code-for-determining-if-an-update-should.patch [bz#1527405]
- kvm-ui-fix-VNC-client-throttling-when-audio-capture-is-a.patch [bz#1527405]
- kvm-ui-fix-VNC-client-throttling-when-forced-update-is-r.patch [bz#1527405]
- kvm-ui-place-a-hard-cap-on-VNC-server-output-buffer-size.patch [bz#1527405]
- kvm-ui-avoid-sign-extension-using-client-width-height.patch [bz#1527405]
- kvm-ui-correctly-advance-output-buffer-when-writing-SASL.patch [bz#1527405]
- kvm-io-skip-updates-to-client-if-websocket-output-buffer.patch [bz#1518711]
- Resolves: bz#1518711
  (CVE-2017-15268 qemu-kvm: Qemu: I/O: potential memory exhaustion via websock connection to VNC [rhel-7.5])
- Resolves: bz#1527405
  (CVE-2017-15124 qemu-kvm: Qemu: memory exhaustion through framebuffer update request message in VNC server [rhel-7.5])

- Fix CVE-2017-5715

- kvm-multiboot-validate-multiboot-header-address-values.patch [bz#1501120]
- Resolves: bz#1501120
  (CVE-2017-14167 qemu-kvm: Qemu: i386: multiboot OOB access while loading kernel image [rhel-7.4.z])

- kvm-qemu-nbd-Ignore-SIGPIPE.patch [bz#1468107]
- Resolves: bz#1468107
  (CVE-2017-10664 qemu-kvm: Qemu: qemu-nbd: server breaks with SIGPIPE upon client abort [rhel-7.4.z])

- kvm-Fix-memory-slot-page-alignment-logic-bug-1455745.patch [bz#1455745]
- kvm-Do-not-hang-on-full-PTY.patch [bz#1452067]
- kvm-serial-fixing-vmstate-for-save-restore.patch [bz#1452067]
- kvm-serial-reinstate-watch-after-migration.patch [bz#1452067]
- kvm-nbd-Fully-initialize-client-in-case-of-failed-negoti.patch [bz#1451614]
- kvm-nbd-Fix-regression-on-resiliency-to-port-scan.patch [bz#1451614]
- Resolves: bz#1451614
  (CVE-2017-9524 qemu-kvm: segment fault when private user nmap qemu-nbd server [rhel-7.4])
- Resolves: bz#1452067
  (migration can confuse serial port user)
- Resolves: bz#1455745
  (Backport fix for broken logic that's supposed to ensure memory slots are page aligned)

- kvm-nbd-Fully-initialize-client-in-case-of-failed-negoti.patch [bz#1460179]
- kvm-nbd-Fix-regression-on-resiliency-to-port-scan.patch [bz#1460179]
- Resolves: bz#1460179
  (CVE-2017-9524 qemu-kvm: Qemu: nbd: segmentation fault due to client non-negotiation [rhel-7.3.z])

- kvm-spice-fix-spice_chr_add_watch-pre-condition.patch [bz#1452332]
- Resolves: bz#1452332
  (RHEL 7.2 based VM (Virtual Machine) hung for several hours apparently waiting for lock held by main_loop)

- kvm-fix-cirrus_vga-fix-OOB-read-case-qemu-Segmentation-f.patch [bz#1430059]
- kvm-cirrus-vnc-zap-bitblit-support-from-console-code.patch [bz#1430059]
- kvm-cirrus-add-option-to-disable-blitter.patch [bz#1430059]
- kvm-cirrus-fix-cirrus_invalidate_region.patch [bz#1430059]
- kvm-cirrus-stop-passing-around-dst-pointers-in-the-blitt.patch [bz#1430059]
- kvm-cirrus-stop-passing-around-src-pointers-in-the-blitt.patch [bz#1430059]
- kvm-cirrus-fix-off-by-one-in-cirrus_bitblt_rop_bkwd_tran.patch [bz#1430059]
- Resolves: bz#1430059
  (CVE-2016-9603 qemu-kvm: Qemu: cirrus: heap buffer overflow via vnc connection [rhel-7.3.z])

- kvm-cirrus-fix-patterncopy-checks.patch [bz#1420490]
- kvm-Revert-cirrus-allow-zero-source-pitch-in-pattern-fil.patch [bz#1420490]
- kvm-cirrus-add-blit_is_unsafe-call-to-cirrus_bitblt_cput.patch [bz#1420490]
- Resolves: bz#1420490
  (EMBARGOED CVE-2017-2620 qemu-kvm: Qemu: display: cirrus: potential arbitrary code execution via cirrus_bitblt_cputovideo [rhel-7.3.z])

- kvm-net-check-packet-payload-length.patch [bz#1398217]
- Resolves: bz#1398217
  (CVE-2016-2857 qemu-kvm: Qemu: net: out of bounds read in net_checksum_calculate() [rhel-7.3.z])

- kvm-virtio-recalculate-vq-inuse-after-migration.patch [bz#1376542]
- Resolves: bz#1376542
  (RHSA-2016-1756 breaks migration of instances)

- kvm-block-iscsi-avoid-potential-overflow-of-acb-task-cdb.patch [bz#1358996]
- Resolves: bz#1358996
  (CVE-2016-5126 qemu-kvm: Qemu: block: iscsi: buffer overflow in iscsi_aio_ioctl [rhel-7.2.z])

- kvm-vga-Remove-some-should-be-done-in-BIOS-comments.patch [bz#1331412]
- kvm-vga-fix-banked-access-bounds-checking-CVE-2016-3710.patch [bz#1331412]
- kvm-vga-add-vbe_enabled-helper.patch [bz#1331412]
- kvm-vga-factor-out-vga-register-setup.patch [bz#1331412]
- kvm-vga-update-vga-register-setup-on-vbe-changes.patch [bz#1331412]
- kvm-vga-make-sure-vga-register-setup-for-vbe-stays-intac.patch [bz#1331412]
- Resolves: bz#1331412
  (EMBARGOED CVE-2016-3710 qemu-kvm: qemu: incorrect banked access bounds checking in vga module [rhel-7.2.z])

- kvm-fw_cfg-add-check-to-validate-current-entry-value-CVE.patch [bz#1298047]
- Resolves: bz#1298047
  (CVE-2016-1714 qemu-kvm: Qemu: nvram: OOB r/w access in processing firmware configurations [rhel-7.2.z])

- Eliminated rpmbuild "bogus date" error due to inconsistent weekday,
  by assuming the date is correct and changing the weekday.

- Eliminated rpmbuild "bogus date" error due to inconsistent weekday,
  by assuming the date is correct and changing the weekday.

- Eliminated rpmbuild "bogus date" error due to inconsistent weekday,
  by assuming the date is correct and changing the weekday.

- kvm-fdc-force-the-fifo-access-to-be-in-bounds-of-the-all.patch [bz#1219269]
- Resolves: bz#1219269
  (EMBARGOED CVE-2015-3456 qemu-kvm: qemu: floppy disk controller flaw [rhel-7.1.z])