See #549200 for more details.
I have already put in revbump ebuilds with the patch:
as maintainer, can you please decide which of the ebuilds you want to go stable, and call for arches as needed for that.
*** Bug 549402 has been marked as a duplicate of this bug. ***
vapier seems to be making most of the commits recently as a maintainer of the qemu herd.
I'd go for 2.2.1-r2
which versions do you want to go stable?
My vote is 2.1.3-r1 AND 2.2.1-r2
(In reply to Robin Johnson from comment #5)
just 2.2.1-r2. the 2.1.x series is going away bug 544328 already.
+ 14 May 2015; Agostino Sarubbo <email@example.com>
+ -files/qemu-2.1.2-vnc-sanitize-bits.patch, -qemu-2.1.2-r2.ebuild,
+ -qemu-2.1.3-r1.ebuild, -qemu-2.1.3.ebuild, -qemu-2.2.0.ebuild,
+ -qemu-2.2.1-r1.ebuild, -qemu-2.2.1.ebuild, -qemu-2.3.0.ebuild,
+ Stable for amd64/x86 - remove old.
Security please file the glsa request.
The Floppy Disk Controller (FDC) in QEMU, as used in Xen 4.5.x and earlier
and KVM, allows local guest users to cause a denial of service
(out-of-bounds write and guest crash) or possibly execute arbitrary code via
the (1) FD_CMD_READ_ID, (2) FD_CMD_DRIVE_SPECIFICATION_COMMAND, or other
unspecified commands, aka VENOM.
Arches and Maintainer(s), Thank you for your work.
Added to an existing GLSA Request.
This issue was resolved and addressed in
GLSA 201602-01 at https://security.gentoo.org/glsa/201602-01
by GLSA coordinator Kristian Fiskerstrand (K_F).