From ${URL} : Quick Emulator(Qemu) built with the Virtio GPU Device emulator support is vulnerable to a memory leakage issue. It could occur while processing 'VIRTIO_GPU_CMD_SET_SCANOUT:' command. A guest user/process could use this flaw to leak host memory resulting in Dos. Upstream patch: --------------- -> http://git.qemu.org/?p=qemu.git;a=commitdiff;h=dd248ed7e204ee8a1873914e02b8b526e8f1b80d Reference: ---------- -> http://www.openwall.com/lists/oss-security/2017/05/19/1 @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
The fix is in upstream commit dd248ed7e204ee8a1873914e02b8b526e8f1b80d which was already applied to the 2.9.0 release. Security, please add to existing GLSA (bug #616874 and others).
Added to an existing GLSA.
This issue was resolved and addressed in GLSA 201706-03 at https://security.gentoo.org/glsa/201706-03 by GLSA coordinator Yury German (BlueKnight).