Qemu PCIe bus support is vulnerable to a use-after-free flaw. It could occur via guest, when it tries to hotplug/hotunplug devices on the guest. A user able to add & delete Virtio block devices on a guest could use this flaw to crash the Qemu instance resulting in DoS. Upstream fix in ${URL}
qemu-2.1.0 is in the tree now. i think we should wait the normal 30 day period.
Stabilized in Bug # 520688
Arches and Mainter(s), Thank you for your work. Added to an existing GLSA request.
This issue was resolved and addressed in GLSA 201412-01 at http://security.gentoo.org/glsa/glsa-201412-01.xml by GLSA coordinator Kristian Fiskerstrand (K_F).