From ${URL} : Quick Emulator(Qemu) built with the VMWARE VMXNET3 NIC device support is vulnerable to an out-of-bounds access issue. It could occur while stripping VLAN header from 'eth_buf' buffer in receiving packets. A remote user/process could use this issue to crash Qemu process instance resulting in DoS. Note:- It requires 'VLANSTRIP' feature is enabled on the vmxnet3 device. Upstream patch: --------------- -> https://lists.nongnu.org/archive/html/qemu-devel/2017-02/msg03527.html Reference: ---------- -> http://www.openwall.com/lists/oss-security/2017/02/17/2 @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
Arches and Maintainer(s), Thank you for your work. Added to an existing GLSA Request.
This issue was resolved and addressed in GLSA 201704-01 at https://security.gentoo.org/glsa/201704-01 by GLSA coordinator Kristian Fiskerstrand (K_F).