From ${URL} : Quick Emulator(Qemu) built with the MegaRAID SAS 8708EM2 Host Bus Adapter emulation support is vulnerable to an information leakage issue. It could occur while processing MegaRAID Firmware Interface(MFI) command to read device control information in 'megasas_ctrl_get_info'. A privileged user inside guest could use this flaw to leak host memory bytes. Upstream patch: --------------- -> https://lists.gnu.org/archive/html/qemu-devel/2016-06/msg01969.html Reference: ---------- -> http://www.openwall.com/lists/oss-security/2016/06/08/3 @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
This same issue was addressed in CVE-2016-5337. *** This bug has been marked as a duplicate of bug 584094 ***