CVE-2011-2527 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2527): The change_process_uid function in os-posix.c in Qemu 0.14.0 and earlier does not properly drop group privileges when the -runas option is used, which allows local guest users to access restricted files on the host. Upstream bug report: https://bugs.launchpad.net/qemu/+bug/807893
This affects current app-emulation/qemu-user ebuilds in the tree (but not app-emulation/qemu).
qemu-user has been removed from the tree as its functionality has been superseded by the combined app-emulation/qemu package. if you find the qemu package does not support something that the qemu-user package did, please file a new bug explicitly detailing things so we can get it added.