The bdrv_open function in Qemu 1.0 does not properly handle the failure of
the mkstemp function, when in snapshot node, which allows local users to
overwrite or read arbitrary files via a symlink attack on an unspecified
Since is marked as [ebuild] would be great if you mention the fixed version next time
The referenced commit that fixes this appears in the 1.1 release. 1.1.1-r1 is stable on amd64. We're waiting on x86 for bug #428476.
Already on existing GLSA draft.
This issue was resolved and addressed in
GLSA 201210-04 at http://security.gentoo.org/glsa/glsa-201210-04.xml
by GLSA coordinator Stefan Behte (craig).