From ${URL} : Quick Emulator(Qemu) built with the Network Block Device(NBD) client support is vulnerable to a stack buffer overflow issue. It could occur while processing server's response to a 'NBD_OPT_LIST' request. A malicious NBD server could use this issue to crash remote NBD client resulting in DoS or potentially execute arbitrary code on client host with privileges of the Qemu process. Upstream patch: --------------- -> https://lists.gnu.org/archive/html/qemu-devel/2017-02/msg01246.html Reference: ---------- -> http://www.openwall.com/lists/oss-security/2017/02/15/2 @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
Arches and Maintainer(s), Thank you for your work. Added to an existing GLSA Request.
This issue was resolved and addressed in GLSA 201704-01 at https://security.gentoo.org/glsa/201704-01 by GLSA coordinator Kristian Fiskerstrand (K_F).