From ${URL} : Quick Emulator(Qemu) built with the MegaRAID SAS 8708EM2 Host Bus Adapter emulation support is vulnerable to a null pointer dereference issue. It could occur while processing megasas commands via megasas_command_complete(). A privileged user inside guest could use this flaw to crash the Qemu process on the host resulting in DoS. Upstream patches: ----------------- -> https://lists.gnu.org/archive/html/qemu-devel/2017-06/msg01313.html -> https://lists.gnu.org/archive/html/qemu-devel/2017-06/msg01309.html Reference: ---------- -> https://bugzilla.redhat.com/show_bug.cgi?id=1459477 @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
commit e67f10960bca69fdede54d77eb54c4ab72b98d08 Author: Matthias Maier <tamiko@gentoo.org> Date: Wed Jul 26 12:10:46 2017 -0500 app-emulation/qemu: security fixes CVE-2017-11334, bug #621292 CVE-2017-11434, bug #625614 CVE-2017-9503, bug #621184 CVE-2017-9524, bug #621292 Package-Manager: Portage-2.3.6, Repoman-2.3.3
