From ${URL} : Quick emulator(Qemu) built with the virtio framework is vulnerable to a null pointer dereference flaw. It could occur if the guest was to set the I/O descriptor buffer length to a large value. A privileged user inside guest could use this flaw to crash the Qemu instance on the host resulting in DoS. Upstream fix: ------------- -> https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg03546.html @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
commit b50850bf14489740441b408a2d45f6e64d724f7d Author: Matthias Maier <tamiko@gentoo.org> Date: Sat Sep 17 23:02:53 2016 -0500 app-emulation/qemu: security fixes, ebuild maintenance bug 593956: CVE-2016-7422 bug 593950: CVE-2016-7421 bug 590230: missing use depend opengl? ( media-libs/mesa[...,gbm] ) bug 575326: update to readme.gentoo-r1 eclass Package-Manager: portage-2.2.28
Arches and Maintainer(s), Thank you for your work. Added to an existing GLSA Request. Maintainer(s), please drop the vulnerable version(s) - Cleanup Bug #593038
This issue was resolved and addressed in GLSA 201609-01 at https://security.gentoo.org/glsa/201609-01 by GLSA coordinator Yury German (BlueKnight).