From ${URL} : Quick Emulator(Qemu) built with the VirtFS, host directory sharing via Plan 9 File System(9pfs) support, is vulnerable to a memory leakage issue. It could occur when calling v9fs_write call. A privileged user inside guest could use this flaw to leak the host memory bytes resulting in DoS for other services. Upstream patches: ----------------- -> https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg02623.html Reference: ---------- -> http://wiki.qemu.org/Documentation/9psetup @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
Arches, please stabilize =app-emulation/qemu-2.7.0-r6 Target keywords: "amd64 x86" commit cad0a6324b5d4a5954893dfd29b5b97ee7a361d3 Author: Matthias Maier <tamiko@gentoo.org> Date: Sat Nov 12 11:26:09 2016 -0600 app-emulation/qemu: security fixes, bug #598772 CVE-2016-9102, bug #598328 CVE-2016-9103, bug #598328 CVE-2016-9104, bug #598328 CVE-2016-9105, bug #598328 CVE-2016-9106, bug #598772 Package-Manager: portage-2.3.0
amd64 stable
x86 stable. Maintainer(s), please cleanup. Security, please vote.
Commit e374c1ca4ae657866957ab34d42306ad61b29825 Author: Matthias Maier <tamiko@gentoo.org> Date: Sun Nov 13 11:17:38 2016 -0600 app-emulation/qemu: drop vulnerable 2.7.0-r5, bug #598772 Package-Manager: portage-2.3.0
GLSA Vote: No