CVE-2010-0297 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0297): Buffer overflow in the usb_host_handle_control function in the USB passthrough handling implementation in usb-linux.c in QEMU before 0.11.1 allows guest OS users to cause a denial of service (guest OS crash or hang) or possibly execute arbitrary code on the host OS via a crafted USB packet.
app-emulation/qemu-kvm-0.12.3 already has this fix. CVE-2010-0297 http://git.savannah.gnu.org/cgit/qemu.git/commit/?id=babd03fde68093482528010a5435c14ce9128e3f
Well qemu-kvm just takes qemu releases and patches their KVM support. So if the issue was present before 0.11.1, then qemu-kvm versions 0.11.0 and kvm-88 and older would be affected.
qemu and qemu-kvm got the patches. app-emulation/qemu-softmmu still has the vulnerable version of usb-linux.c. Could we bump to a newer version?