From ${URL} : Virgil 3d project, used by Quick Emulator(Qemu) to implement 3D GPU support for the virtio GPU, is vulnerable to an OOB array access issue. It could occur when creating vertex elements array in vrend_create_vertex_elements_state(). A guest user/process could use this flaw to crash the Qemu process instance resulting DoS. Upstream patch: --------------- -> https://cgit.freedesktop.org/virglrenderer/commit/?id=114688c526fe45f341d75ccd1d85473c3b08f7a7 Reference: ---------- -> http://www.openwall.com/lists/oss-security/2017/02/15/8 @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
commit 07f72dae992b1dd9a13489da0238edd6bd5f6337 Author: Matthias Maier <tamiko@gentoo.org> Date: Wed May 3 00:55:44 2017 -0500 media-libs/virglrenderer: version bump to 0.6.0 This is a hand-packaged version of upstream commit 737c3350850ca4dbc5633b3bdb4118176ce59920 (version 0.6.0 with two additional security patches) containing fixes for the following security issues: CVE-2016-10163, bug #606996 CVE-2017-5580, bug #607022 CVE-2016-10214, bug #608734 CVE-2017-5957, bug #609400 CVE-2017-5956, bug #609402 CVE-2017-5993, bug #609492 CVE-2017-5994, bug #609494 CVE-2017-6210, bug #610678 CVE-2017-6209, bug #610680 CVE-2017-6386, bug #611378 CVE-2017-6355, bug #611380 CVE-2017-6317, bug #611382 Package-Manager: Portage-2.3.5, Repoman-2.3.2
This issue was resolved and addressed in GLSA 201707-06 at https://security.gentoo.org/glsa/201707-06 by GLSA coordinator Thomas Deutschmann (whissi).