From ${URL} : Quick Emulator(Qemu) built with the VMWARE VMXNET3 NIC device support is vulnerable to an information leakage issue. It could occur while processing transmit(tx) queue, when it reaches the end of packet. A privileged user inside guest could use this leak host memory bytes to a guest. Upstream patch: --------------- -> https://lists.gnu.org/archive/html/qemu-devel/2016-08/msg02108.html @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
Fix applied to 2.7.0. Stabilization of 2.7.0 in #592430 commit ceb67390ecbe843f184b5bde6428cb9e2f3dcd81 Author: Matthias Maier <tamiko@gentoo.org> Date: Mon Sep 5 00:18:46 2016 -0500 app-emulation/qemu: apply patch for CVE-2016-6836, bug #591242 Package-Manager: portage-2.2.28
Added to an existing GLSA Request.
This issue was resolved and addressed in GLSA 201609-01 at https://security.gentoo.org/glsa/201609-01 by GLSA coordinator Yury German (BlueKnight).