See $URL.
fixed in *xen-tools-4.3.1-r5 (13 Feb 2014) *xen-tools-4.2.2-r7 (13 Feb 2014) see bug #500530
Fixed as part of Bug 500530. Adding to existing GLSA.
This issue was resolved and addressed in GLSA 201407-03 at http://security.gentoo.org/glsa/glsa-201407-03.xml by GLSA coordinator Mikle Kolyada (Zlogene).
CVE-2014-1950 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1950): Use-after-free vulnerability in the xc_cpupool_getinfo function in Xen 4.1.x through 4.3.x, when using a multithreaded toolstack, does not properly handle a failure by the xc_cpumap_alloc function, which allows local users with access to management functions to cause a denial of service (heap corruption) and possibly gain privileges via unspecified vectors.