From secunia security advisor at $URL: Description: The weakness is caused due to a boundary error within the "scsi_disk_emulate_command()" function (hw/scsi-disk.c) of the SCSI subsystem and can be exploited to cause a buffer overflow and crash a guest by e.g. sending a specially crafted "READ CAPACITY" command.
Looks like this never affected a qemu 1.0 or newer release which we've had stable for some time.
This does affect current app-emulation/qemu-user ebuilds that are available in the tree however.
(In reply to comment #2) > This does affect current app-emulation/qemu-user ebuilds that are available > in the tree however. Does this issue still affect current ebuilds?
app-emulation/qemu-user does not build any of system emulators target, thus this bug is not related to it.
GLSA vote: no (ancient version of qemu and doesn't affect qemu-user)
GLSA vote: no Closing as noglsa