From ${URL} : Quick Emulator(Qemu) built with the CCID Card device emulator support is vulnerable to an integer overflow flaw. It could occur while passing message via command/responses packets to and from the host. A privileged user inside guest could use this flaw to crash the Qemu process on host resulting in DoS. Upstream patch: --------------- -> https://lists.nongnu.org/archive/html/qemu-devel/2017-02/msg01075.html Reference: ---------- -> http://www.openwall.com/lists/oss-security/2017/02/07/3 Commit fix: http://git.qemu-project.org/?p=qemu.git;a=commit;h=c7dfbf322595ded4e70b626bf83158a9f3807c6a @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
Added to an existing GLSA request.
This issue was resolved and addressed in GLSA 201702-28 at https://security.gentoo.org/glsa/201702-28 by GLSA coordinator Thomas Deutschmann (whissi).