Hi, I have an updated package at: https://www.beuc.net/tmp/debian-lts/qemu/ The packages appears globally stable with KVM and Xen. I found 1 regression: connecting to qemu's VNC server crashes the process. This means there's probably an issue among CVE-2017-15124's 10 patches :/ (on a positive note the memory exhaustion issue is definitely fixed ;)) I'm interested in backport details about this? Cheers! Sylvain