From ${URL} : Quick Emulator(Qemu) built with the VMware-SVGA "chipset" emulation support is vulnerable to an OOB stack memory write issue. It could occur while processing VGA commands in 'vmsvga_fifo_run' routine. A privileged user inside guest could use this flaw to crash the Qemu process resulting in DoS. Upstream fix: ------------- -> https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg01764.html @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
Stabilization on bug #593038 commit eaeffb27d67769a089170dcc45ea3e8a4efb645b Author: Matthias Maier <tamiko@gentoo.org> Date: Fri Sep 9 21:23:22 2016 -0500 app-emulation/qemu: apply fix for CVE-2016-7170, bug #593284 Package-Manager: portage-2.2.28
Added to an existing GLSA Request. Maintainer(s), please drop the vulnerable version(s). - Cleanup in bug # 593038
This issue was resolved and addressed in GLSA 201609-01 at https://security.gentoo.org/glsa/201609-01 by GLSA coordinator Yury German (BlueKnight).