From ${URL} : Qemu emulator built with the SCSI device emulation support is vulnerable to a stack buffer overflow issue. It could occur while parsing SCSI command descriptor block with an invalid operation code. A privileged(CAP_SYS_RAWIO) user inside guest could use this flaw to crash the Qemu instance resulting in DoS. Upstream fix: --------------- -> https://lists.nongnu.org/archive/html/qemu-devel/2015-07/msg04558.html @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
*qemu-2.3.0-r3 (25 Jul 2015) 25 Jul 2015; Doug Goldstein <cardoe@gentoo.org> +files/qemu-2.3.0-CVE-2015-5158.patch, +qemu-2.3.0-r3.ebuild: Add fix from upstream for CVE-2015-5158 #555680 by Agostino Sarubbo.
Arches, please test and mark stable: =app-emulation/qemu-2.3.0-r3 Target keywords : "amd64 x86"
let's use bug 556052 for stabilization since it's a newer rev
This issue was resolved and addressed in GLSA 201510-02 at https://security.gentoo.org/glsa/201510-02 by GLSA coordinator Kristian Fiskerstrand (K_F).
