From ${URL} : Quick Emulator(Qemu) built with the Network Block Device(NBD) Server support is vulnerable to a null pointer dereference issue. It could occur while releasing a client, which was not initialised due to failed negotiation. A remote user/process could use this flaw to crash the qemu-nbd server resulting in DoS. Upstream patch: --------------- -> https://lists.gnu.org/archive/html/qemu-devel/2017-05/msg06240.html -> https://lists.gnu.org/archive/html/qemu-devel/2017-06/msg02321.html @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
CVE number is CVE-2017-9524
commit e67f10960bca69fdede54d77eb54c4ab72b98d08 Author: Matthias Maier <tamiko@gentoo.org> Date: Wed Jul 26 12:10:46 2017 -0500 app-emulation/qemu: security fixes CVE-2017-11334, bug #621292 CVE-2017-11434, bug #625614 CVE-2017-9503, bug #621184 CVE-2017-9524, bug #621292 Package-Manager: Portage-2.3.6, Repoman-2.3.3