From ${URL} : Qemu emulator built with the PCI MSI-X support is vulnerable to null pointer dereference issue. It occurs when the controller attempts to write to the pending bit array(PBA) memory region. Because the MSI-X MMIO support did not define the .write method. A privileges used inside guest could use this flaw to crash the Qemu process resulting in DoS issue. Upstream fix: ------------- -> http://git.qemu.org/?p=qemu.git;a=commit;h=43b11a91dd861a946b231b89b754285 CVE-2015-7549 has been assigned to this issue by Red Hat Inc. This issue was reported by Qinghao Tang of QIHU 360 Marvel Team. @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
fixed with 2.4.1-r2. fine for stable. http://gitweb.gentoo.org/repo/gentoo.git/commit/?id=75d0202d68b81bc06d451b574670d8374751789f
amd64/x86 stable Maintainer please cleanup
cleanup done by vapier
Arches and Maintainer(s), Thank you for your work. Added to an existing GLSA Request.
This issue was resolved and addressed in GLSA 201602-01 at https://security.gentoo.org/glsa/201602-01 by GLSA coordinator Kristian Fiskerstrand (K_F).