From URL: Quick Emulator(Qemu) built with the Network Block Device(NBD) Server support is vulnerable to a crash via assertion failure. It could occur if a client sent undue data during initial connection negotiation. A remote user/process could use this flaw to crash the qemu-nbd server resulting in DoS. Upstream patch: --------------- -> http://git.qemu.org/?p=qemu.git;a=commitdiff;h=2b0bbc4f8809c972bad134bc1a2570dbb01dea0b Introduced by: -------------- -> http://git.qemu.org/?p=qemu.git;a=commitdiff;h=ff82911cd3f69f028f2537825c9720ff78bc3f19 Reference: ---------- -> http://www.openwall.com/lists/oss-security/2017/07/21/4
This CVE does not apply to any version currently in tree. Version 2.9.0 does not contain [1] [1] http://git.qemu.org/?p=qemu.git;a=commitdiff;h=ff82911cd3f69f028f2537825c9720ff78bc3f19
Please disregard my last comment.
commit 606c4d5b81243fb243bd38a21326e60c3318138c (HEAD -> master, origin/master, origin/HEAD) Author: Matthias Maier <tamiko@gentoo.org> Date: Wed Jul 26 13:53:25 2017 -0500 app-emulation/qemu: security patches CVE-2017-7539, bug #625850 CVE-2017-10664, bug #623016 CVE-2017-10806, bug #624088 Package-Manager: Portage-2.3.6, Repoman-2.3.3
I am sorry, the last patch for this issue was not functional - I reverted the change. At the moment it is not feasible to backport this upstream commit.
No vulnerable versions left in tree. Security please proceed.