From ${URL} : Description A vulnerability has been reported in Qemu, which can be exploited by malicious, local users in a guest virtual machine to disclose certain sensitive information. The vulnerability is caused due to an error within the qemu-nbd tool, which does not properly check the format specification when parsing a disk image and can be exploited to read arbitrary files from the host. The vulnerability is reported in versions prior to 1.4.1. Solution Update to version 1.4.1. Provided and/or discovered by Daniel Berrange, Red Hat in a GIT commit. Original Advisory http://git.qemu.org/?p=qemu.git;a=log;h=refs/tags/v1.4.1 https://bugzilla.redhat.com/show_bug.cgi?id=923219 @maintainer(s): after the bump, please say explicitly if the package is ready for the stabilization or not
This has been in the tree and ready for stabilization. This bug slipped through the cracks when my sons were born unfortunately. TARGET KEYWORDS: amd64 x86
*** Bug 471116 has been marked as a duplicate of this bug. ***
amd64: ok (build+run tested fine, repoman -d complains about dependencies btw)
amd64 stable
x86 stable
GLSA vote: no.
GLSA vote: no Closing as noglsa
