- kvm-ide-atapi-check-logical-block-address-and-read-size-.patch [bz#1917449]
- Resolves: bz#1917449
  (CVE-2020-29443 qemu-kvm: QEMU: ide: atapi: OOB access while processing read commands [rhel-7.9.z])

- kvm-Suppress-prototype-warning-for-nss-headers.patch [bz#1884997]
- Resolves: bz#1884997
  (qemu-kvm FTBFS on rhel7.9)

- Fixing release number for z-stream

- kvm-vnc-fix-memory-leak-when-vnc-disconnect.patch [bz#1810408]
- Resolves: bz#1810408
  (CVE-2019-20382 qemu-kvm: QEMU: vnc: memory leakage upon disconnect [rhel-7])

- kvm-util-add-slirp_fmt-helpers.patch [bz#1798970]
- kvm-tcp_emu-fix-unsafe-snprintf-usages.patch [bz#1798970]
- Resolves: bz#1798970
  (CVE-2020-8608 qemu-kvm: QEMU: Slirp: potential OOB access due to unsafe snprintf() usages [rhel-7.8.z])

- kvm-tcp_emu-Fix-oob-access.patch [bz#1791560]
- kvm-slirp-use-correct-size-while-emulating-IRC-commands.patch [bz#1791560]
- kvm-slirp-use-correct-size-while-emulating-commands.patch [bz#1791560]
- Resolves: bz#1791560
  (CVE-2020-7039 qemu-kvm: QEMU: slirp: OOB buffer access while emulating tcp protocols in tcp_emu() [rhel-7.8])

- kvm-target-i386-add-MDS-NO-feature.patch [bz#1755333]
- Resolves: bz#1755333
  ([Intel 7.8 FEAT] MDS_NO exposure to guest - qemu-kvm [rhel-7.7.z])

- kvm-qxl-check-release-info-object.patch [bz#1732337]
- kvm-Fix-heap-overflow-in-ip_reass-on-big-packet-input.patch [bz#1734748]
- Resolves: bz#1732337
  (CVE-2019-12155 qemu-kvm: QEMU: qxl: null pointer dereference while releasing spice resources [rhel-7] [rhel-7.7.z])
- Resolves: bz#1734748
  (CVE-2019-14378 qemu-kvm: QEMU: slirp: heap buffer overflow during packet reassembly [rhel-7.7.z])

- Reverting kvm-seccomp-set-the-seccomp-filter-to-all-threads.patch [bz#1618503]
- Resolves: bz#1618503
  (qemu-kvm: Qemu: seccomp: blacklist is not applied to all threads [rhel-7])

- kvm-slirp-check-sscanf-result-when-emulating-ident.patch [bz#1669067]
- kvm-slirp-fix-big-little-endian-conversion-in-ident-prot.patch [bz#1669067]
- kvm-slirp-ensure-there-is-enough-space-in-mbuf-to-null-t.patch [bz#1669067]
- kvm-slirp-don-t-manipulate-so_rcv-in-tcp_emu.patch [bz#1669067]
- Resolves: bz#1669067
  (CVE-2019-6778 qemu-kvm: QEMU: slirp: heap buffer overflow in tcp_emu() [rhel-7.6.z])

- kvm-target-i386-define-md-clear-bit-rhel.patch
- Resolves: bz#1693216
  (qemu-kvm: hardware: Microarchitectural Store Buffer Data Sampling)

- kvm-multiboot-bss_end_addr-can-be-zero.patch [bz#1549824]
- kvm-multiboot-Remove-unused-variables-from-multiboot.c.patch [bz#1549824]
- kvm-multiboot-Use-header-names-when-displaying-fields.patch [bz#1549824]
- kvm-multiboot-fprintf-stderr.-error_report.patch [bz#1549824]
- kvm-multiboot-Reject-kernels-exceeding-the-address-space.patch [bz#1549824]
- kvm-multiboot-Check-validity-of-mh_header_addr.patch [bz#1549824]
- kvm-slirp-remove-mbuf-m_hdr-m_dat-indirection.patch [bz#1586248]
- kvm-slirp-correct-size-computation-while-concatenating-m.patch [bz#1586248]
- Resolves: bz#1549824
  (CVE-2018-7550 qemu-kvm: Qemu: i386:  multiboot OOB access while loading kernel image [rhel-7.5.z])
- Resolves: bz#1586248
  (CVE-2018-11806 qemu-kvm: QEMU: slirp: heap buffer overflow while reassembling fragmented datagrams [rhel-7.5.z])

- kvm-i386-Define-the-Virt-SSBD-MSR-and-handling-of-it-CVE.patch [bz#1584363]
- kvm-i386-define-the-AMD-virt-ssbd-CPUID-feature-bit-CVE-.patch [bz#1584363]
- Resolves: bz#1584363
  (CVE-2018-3639 qemu-kvm: hw: cpu: AMD: speculative store bypass [rhel-7.5.z])

- kvm-i386-define-the-ssbd-CPUID-feature-bit-CVE-2018-3639.patch [bz#1574075]
- Resolves: bz#1574075
  (EMBARGOED CVE-2018-3639 qemu-kvm: Kernel: omega-4 [rhel-7.5.z])

- kvm-vga-add-ram_addr_t-cast.patch [bz#1567913]
- kvm-vga-fix-region-calculation.patch [bz#1567913]
- Resolves: bz#1567913
  (CVE-2018-7858 qemu-kvm: Qemu: cirrus: OOB access when updating vga display [rhel-7] [rhel-7.5.z])

- kvm-vnc-Fix-qemu-crashed-when-vnc-client-disconnect-sudd.patch [bz#1527405]
- kvm-fix-full-frame-updates-for-VNC-clients.patch [bz#1527405]
- kvm-vnc-update-fix.patch [bz#1527405]
- kvm-vnc-return-directly-if-no-vnc-client-connected.patch [bz#1527405]
- kvm-buffer-add-buffer_move_empty.patch [bz#1527405]
- kvm-buffer-add-buffer_move.patch [bz#1527405]
- kvm-vnc-kill-jobs-queue-buffer.patch [bz#1527405]
- kvm-vnc-jobs-move-buffer-reset-use-new-buffer-move.patch [bz#1527405]
- kvm-vnc-zap-dead-code.patch [bz#1527405]
- kvm-vnc-add-vnc_width-vnc_height-helpers.patch [bz#1527405]
- kvm-vnc-factor-out-vnc_update_server_surface.patch [bz#1527405]
- kvm-vnc-use-vnc_-width-height-in-vnc_set_area_dirty.patch [bz#1527405]
- kvm-vnc-only-alloc-server-surface-with-clients-connected.patch [bz#1527405]
- kvm-ui-fix-refresh-of-VNC-server-surface.patch [bz#1527405]
- kvm-ui-move-disconnecting-check-to-start-of-vnc_update_c.patch [bz#1527405]
- kvm-ui-remove-redundant-indentation-in-vnc_client_update.patch [bz#1527405]
- kvm-ui-avoid-pointless-VNC-updates-if-framebuffer-isn-t-.patch [bz#1527405]
- kvm-ui-track-how-much-decoded-data-we-consumed-when-doin.patch [bz#1527405]
- kvm-ui-introduce-enum-to-track-VNC-client-framebuffer-up.patch [bz#1527405]
- kvm-ui-correctly-reset-framebuffer-update-state-after-pr.patch [bz#1527405]
- kvm-ui-refactor-code-for-determining-if-an-update-should.patch [bz#1527405]
- kvm-ui-fix-VNC-client-throttling-when-audio-capture-is-a.patch [bz#1527405]
- kvm-ui-fix-VNC-client-throttling-when-forced-update-is-r.patch [bz#1527405]
- kvm-ui-place-a-hard-cap-on-VNC-server-output-buffer-size.patch [bz#1527405]
- kvm-ui-avoid-sign-extension-using-client-width-height.patch [bz#1527405]
- kvm-ui-correctly-advance-output-buffer-when-writing-SASL.patch [bz#1527405]
- kvm-io-skip-updates-to-client-if-websocket-output-buffer.patch [bz#1518711]
- Resolves: bz#1518711
  (CVE-2017-15268 qemu-kvm: Qemu: I/O: potential memory exhaustion via websock connection to VNC [rhel-7.5])
- Resolves: bz#1527405
  (CVE-2017-15124 qemu-kvm: Qemu: memory exhaustion through framebuffer update request message in VNC server [rhel-7.5])

- Fix CVE-2017-5715

- kvm-multiboot-validate-multiboot-header-address-values.patch [bz#1501120]
- Resolves: bz#1501120
  (CVE-2017-14167 qemu-kvm: Qemu: i386: multiboot OOB access while loading kernel image [rhel-7.4.z])

- kvm-qemu-nbd-Ignore-SIGPIPE.patch [bz#1468107]
- Resolves: bz#1468107
  (CVE-2017-10664 qemu-kvm: Qemu: qemu-nbd: server breaks with SIGPIPE upon client abort [rhel-7.4.z])