Comment 1 Robin Johnson 2015-05-13 19:00:09 UTC

Cardoe:
as maintainer, can you please decide which of the ebuilds you want to go stable, and call for arches as needed for that.

*** Bug 549402 has been marked as a duplicate of this bug. ***

Comment 3 Mike Gilbert 2015-05-13 19:12:21 UTC

vapier seems to be making most of the commits recently as a maintainer of the qemu herd.

Comment 4 Agostino Sarubbo 2015-05-13 20:12:41 UTC

I'd go for 2.2.1-r2

Comment 5 Robin Johnson 2015-05-13 20:54:11 UTC

vapier:
which versions do you want to go stable?
My vote is 2.1.3-r1 AND 2.2.1-r2

Comment 6 SpanKY 2015-05-13 23:11:21 UTC

(In reply to Robin Johnson from comment #5)

just 2.2.1-r2.  the 2.1.x series is going away bug 544328 already.

Comment 7 Agostino Sarubbo 2015-05-14 07:11:21 UTC

+  14 May 2015; Agostino Sarubbo <ago@gentoo.org>
+  -files/qemu-2.1.1-readlink-self.patch,
+  -files/qemu-2.1.2-vnc-sanitize-bits.patch, -qemu-2.1.2-r2.ebuild,
+  -qemu-2.1.3-r1.ebuild, -qemu-2.1.3.ebuild, -qemu-2.2.0.ebuild,
+  -qemu-2.2.1-r1.ebuild, -qemu-2.2.1.ebuild, -qemu-2.3.0.ebuild,
+  qemu-2.2.1-r2.ebuild:
+  Stable for amd64/x86 - remove old.


Security please file the glsa request.

Comment 8 GLSAMaker/CVETool Bot 2015-06-14 20:14:48 UTC

CVE-2015-3456 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3456):
  The Floppy Disk Controller (FDC) in QEMU, as used in Xen 4.5.x and earlier
  and KVM, allows local guest users to cause a denial of service
  (out-of-bounds write and guest crash) or possibly execute arbitrary code via
  the (1) FD_CMD_READ_ID, (2) FD_CMD_DRIVE_SPECIFICATION_COMMAND, or other
  unspecified commands, aka VENOM.

Comment 9 Yury German 2015-12-31 03:45:11 UTC

Arches and Maintainer(s), Thank you for your work.

Added to an existing GLSA Request.

Comment 10 GLSAMaker/CVETool Bot 2016-02-04 09:33:22 UTC

This issue was resolved and addressed in
 GLSA 201602-01 at https://security.gentoo.org/glsa/201602-01
by GLSA coordinator Kristian Fiskerstrand (K_F).