Details inbound...
dlan has all patches staged and ready to push once the embargo is lifted. Bug contains highest severity rating.
fixed at version: app-emulation/xen-tools-4.6.4-r1 app-emulation/xen-tools-4.7.1-r1 app-emulation/xen-4.6.4-r1 app-emulation/xen-4.7.1-r1 https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=82b8b15c1a208e5ddf328b45379485ce05a8a42a https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=26d6129e0ba6eb72b12ec47528c8bcf5a108707a
Arches, please test and mark stable: =app-emulation/xen-4.6.4-r1 Target keyword only: "amd64" =app-emulation/xen-pvgrub-4.6.4 =app-emulation/xen-tools-4.6.4-r1 Target keywords: "amd64 x86"
amd64 stable
x86 stable. Maintainer(s), please cleanup. Security, please add it to the existing request, or file a new one.
old vulnerable versions has been already dropped. https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d2afbcada16e07467ab83d2881a4c05050e67784 https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7aaad79ffa0d1edf2a49e0d8e05426c9395e827e
This issue was resolved and addressed in GLSA 201612-56 at https://security.gentoo.org/glsa/201612-56 by GLSA coordinator Thomas Deutschmann (whissi).