QEMU 0.9.0 allows local users of a Windows XP SP2 guest operating system to
overwrite the TranslationBlock (code_gen_buffer) buffer, and probably have
unspecified other impacts related to an "overflow," via certain Windows
executable programs, as demonstrated by qemu-dos.com.
resolution for this issue is still in discussion upstream.
Any news here? 0.9.1 doesn't mention the fix in the changelog, otoh the last reply in the thread in $URL seems to contain a patch... maintainer, please advise.
(In reply to comment #2)
> Any news here? 0.9.1 doesn't mention the fix in the changelog, otoh the last
> reply in the thread in $URL seems to contain a patch... maintainer, please
0.10 in portage already
Yes, but did it fix this?
According to upstream's commit, 0.9.1 fixed this. That was 7 MAJOR versions ago so I have no idea when it was fixed in the tree.
6 years old and fixed in the tree 4 years ago. Can we get this wrapped up?
This issue was resolved and addressed in
GLSA 201408-17 at http://security.gentoo.org/glsa/glsa-201408-17.xml
by GLSA coordinator Kristian Fiskerstrand (K_F).