Bug 223649

Summary:	<app-emulation/qemu-softmmu-0.9.1-r3: vulnerable to CVE-2007-1320 (heap based overflows in the Cirrus VGA extension)
Product:	Gentoo Security	Reporter:	Carlo Marcelo Arenas Belon <carenas>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	RESOLVED OBSOLETE
Severity:	normal	CC:	lu_zero
Priority:	High
Version:	unspecified
Hardware:	All
OS:	All
URL:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1320
Whiteboard:	B2 [glsa]
Package list:		Runtime testing required:	---

Description Carlo Marcelo Arenas Belon 2008-05-26 06:58:53 UTC

reported originally for qemu 0.8.2 (in xen) but never patched in upstream qemu until :

  http://svn.savannah.gnu.org/viewvc/?view=rev&root=qemu&revision=4340

Comment 1 Robert Buchholz (RETIRED) gentoo-dev

2008-07-01 08:38:14 UTC

Lu, does our qemu already contain this patch?

Comment 2 Luca Barbato gentoo-dev

2008-07-02 12:03:24 UTC

no, it doesn't let me some days to fetch the related patch (and/or decide if is worth providing a fresh snapshot)

Comment 3 Robert Buchholz (RETIRED) gentoo-dev

2008-07-02 23:19:27 UTC

sure, ping back when you have it.

Comment 4 Doug Goldstein (RETIRED) gentoo-dev

2012-03-08 16:27:47 UTC

Removed from tree.

Comment 5 Sean Amoss (RETIRED) gentoo-dev

2012-03-10 00:36:25 UTC

Added to existing GLSA request

Comment 6 Doug Goldstein (RETIRED) gentoo-dev

2013-08-28 01:21:53 UTC

@security: 15 month follow up ping.