From ${URL} : Quick Emulator(Qemu) built with the VNC display driver support is vulnerable to an out-of-bounds memory access issue. It could occur while refreshing the vnc display surface area in 'vnc_refresh_server_surface'. A user/process inside guest could use this flaw to crash the Qemu process resulting in DoS. Older versions of Qemu are affected, latest upstream releases are not. Upstream patch: --------------- -> http://git.qemu-project.org/?p=qemu.git;a=commitdiff;h=bea60dd7679364493a0d7f5b54316c767cf894ef -> http://git.qemu-project.org/?p=qemu.git;a=commitdiff;h=9f64916da20eea67121d544698676295bbb105a7 Reference: ---------- -> http://www.openwall.com/lists/oss-security/2017/02/23/1 @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
Older versions of Qemu are affected, latest upstream releases are not. [...] These are patches from 2012 and 2014 respectively. No ebuild since mid 2015 is affected.
thank you tamiko. Closing!