From ${URL} : Quick Emulator(Qemu) built with the Virtio GPU Device emulator support is vulnerable to a memory leakage issue. It could occur while processing 'VIRTIO_GPU_CMD_RESOURCE_ATTACH_BACKING' command. A guest user/process could use this flaw to leak host memory resulting in DoS. Upstream patch: --------------- -> https://lists.nongnu.org/archive/html/qemu-devel/2017-01/msg00154.html Reference: ---------- -> https://bugzilla.redhat.com/show_bug.cgi?id=1415281 Commit: http://git.qemu.org/?p=qemu.git;a=commit;h=33243031dad02d161225ba99d782616da133f689 @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
Added to an existing GLSA request.
This issue was resolved and addressed in GLSA 201702-28 at https://security.gentoo.org/glsa/201702-28 by GLSA coordinator Thomas Deutschmann (whissi).