Heap-based buffer overflow in the Cirrus VGA implementation in (1)
KVM before kvm-82 and (2) QEMU on Debian GNU/Linux and Ubuntu might
allow local users to gain privileges by using the VNC console for a
connection, aka the LGD-54XX "bitblt" heap overflow. NOTE: this
issue exists because of an incorrect fix for CVE-2007-1320.
82 is added. This supposedly also fixes CVE-2007-5729 and CVE-2008-2382.
Changing whiteboard to noglsa as it's not a stable package.