CVE-2020-7039 (https://nvd.nist.gov/vuln/detail/CVE-2020-7039): tcp_emu in tcp_subr.c in libslirp 4.1.0, as used in QEMU 4.2.0, mismanages memory, as demonstrated by IRC DCC commands in EMU_IRC. This can cause a heap-based buffer overflow or other out-of-bounds access which can lead to a DoS or potential execute arbitrary code.
This is probably already fixed, but wanted to file to make sure that we put a fix in place. Maintainers please confirm.
commit 91b9bba62a5dd73e32bd43434bdaebf8914579ff Author: Matthias Maier <tamiko@gentoo.org> Date: Fri Mar 13 13:21:03 2020 -0500 app-emulation/qemu: update slirp to current master Bug: https://bugs.gentoo.org/709490 Package-Manager: Portage-2.3.93, Repoman-2.3.20 Signed-off-by: Matthias Maier <tamiko@gentoo.org>
@maintainer(s), please advise if ready for stabilisation, or call yourself.
(In reply to Sam James (sec padawan) from comment #3) > @maintainer(s), please advise if ready for stabilisation, or call yourself. Ignore this!
This issue was resolved and addressed in GLSA 202005-02 at https://security.gentoo.org/glsa/202005-02 by GLSA coordinator Thomas Deutschmann (whissi).