From ${URL} : Quick Emulator(Qemu) built with the VirtFS, host directory sharing via Plan 9 File System(9pfs) support, is vulnerable to memory leakage issue. It could occur via its '9p-handle' or '9p-proxy' backend drivers as they do not free their respective allocated data objects. A privileged user inside guest could use this flaw to leak host memory, thus affecting other services on the host and/or potentially crash the Qemu process on the host. Upstream patches: ----------------- -> https://lists.gnu.org/archive/html/qemu-devel/2016-11/msg03278.html @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
this is in the 2.8.0 release
Stabilization will be happen as part of bug 601824.
Added to an existing GLSA request.
This issue was resolved and addressed in GLSA 201701-49 at https://security.gentoo.org/glsa/201701-49 by GLSA coordinator Aaron Bauman (b-man).
