diff --git a/app-emulation/qemu/Manifest b/app-emulation/qemu/Manifest
index 55e23ad..5e3e9b5 100644
--- a/app-emulation/qemu/Manifest
+++ b/app-emulation/qemu/Manifest
@@ -1 +1 @@
-DIST qemu-2.6.0.tar.bz2 25755267 SHA256 c9ac4a651b273233d21b8bec32e30507cb9cce7900841febc330956a1a8434ec SHA512 0d17075e52f7688cc05776ad7a76509d1f22ae8eda896fddb06c1fd6dea6da485422c8efb3ba118b054d9a413b7b02baba656a9131658dabdb71def50c92b215 WHIRLPOOL f9373bf66f67301787e7510ac161b0072ba7c7bc067e10215fb97a52524adaba0fcbc79a4c0cefac9c6e2b4e07380eb9d10f65ed6ce6867e43843043684231ed
+DIST qemu-2.7.0.tar.bz2 26867760 SHA256 326e739506ba690daf69fc17bd3913a6c313d9928d743bd8eddb82f403f81e53 SHA512 654acaa7b3724a288e5d7e2a26ab780d9c9ed9f647fba00a906cbaffbe9d58fd666f2d962514aa2c5b391b4c53811ac3170d2eb51727f090bd19dfe45ca9a9db WHIRLPOOL dcb3e5f7da89dd8e14d636d7ebd476e076e0043880bb9ea3fb1c03cb4bcd4e5c7d3c4719da26c3ce521e3a3db5ae671e86f198ac1bc3474e774d75504fef8b8d
diff --git a/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-6836.patch b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-6836.patch
new file mode 100644
index 0000000..56f7435
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-6836.patch
@@ -0,0 +1,27 @@
+From: Li Qiang <address@hidden>
+
+In Vmxnet3 device emulator while processing transmit(tx) queue,
+when it reaches end of packet, it calls vmxnet3_complete_packet.
+In that local 'txcq_descr' object is not initialised, which could
+leak host memory bytes a guest.
+
+Reported-by: Li Qiang <address@hidden>
+Signed-off-by: Prasad J Pandit <address@hidden>
+---
+ hw/net/vmxnet3.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/hw/net/vmxnet3.c b/hw/net/vmxnet3.c
+index 90f6943..92f6af9 100644
+--- a/hw/net/vmxnet3.c
++++ b/hw/net/vmxnet3.c
+@@ -531,6 +531,7 @@ static void vmxnet3_complete_packet(VMXNET3State *s, int qidx, uint32_t tx_ridx)
+ 
+     VMXNET3_RING_DUMP(VMW_RIPRN, "TXC", qidx, &s->txq_descr[qidx].comp_ring);
+ 
++    memset(&txcq_descr, 0, sizeof(txcq_descr));
+     txcq_descr.txdIdx = tx_ridx;
+     txcq_descr.gen = vmxnet3_ring_curr_gen(&s->txq_descr[qidx].comp_ring);
+ 
+-- 
+2.5.5
diff --git a/app-emulation/qemu/qemu-2.6.0.ebuild b/app-emulation/qemu/qemu-2.7.0.ebuild
similarity index 97%
rename from app-emulation/qemu/qemu-2.6.0.ebuild
rename to app-emulation/qemu/qemu-2.7.0.ebuild
index fc7f831..3d4d31f 100644
--- a/app-emulation/qemu/qemu-2.6.0.ebuild
+++ b/app-emulation/qemu/qemu-2.7.0.ebuild
@@ -1,5 +1,6 @@
 # Copyright 1999-2016 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
+# $Id$
 
 EAPI="5"
 
@@ -8,7 +9,7 @@ EAPI="5"
 PYTHON_COMPAT=( python2_7 )
 PYTHON_REQ_USE="ncurses,readline"
 
-PLOCALES="de_DE fr_FR hu it tr zh_CN"
+PLOCALES="bg de_DE fr_FR hu it tr zh_CN"
 
 inherit eutils flag-o-matic linux-info toolchain-funcs multilib python-r1 \
 	user udev fcaps readme.gentoo pax-utils l10n
@@ -27,7 +28,7 @@ HOMEPAGE="http://www.qemu.org http://www.linux-kvm.org"
 
 LICENSE="GPL-2 LGPL-2 BSD-2"
 SLOT="0"
-IUSE="accessibility +aio alsa bluetooth +caps +curl debug +fdt glusterfs \
+IUSE="accessibility +aio alsa bluetooth bzip2 +caps +curl debug +fdt glusterfs \
 gnutls gtk gtk2 infiniband iscsi +jpeg \
 kernel_linux kernel_FreeBSD lzo ncurses nfs nls numa opengl +pin-upstream-blobs
 +png pulseaudio python \
@@ -67,8 +68,12 @@ REQUIRED_USE="${PYTHON_REQUIRED_USE}
 #
 # Older versions of gnutls are supported, but it's simpler to just require
 # the latest versions.  This is also why we require nettle.
+#
+# TODO: Split out tools deps into another var.  e.g. bzip2 is only used by
+# system binaries and tools, not user binaries.
 COMMON_LIB_DEPEND=">=dev-libs/glib-2.0[static-libs(+)]
 	sys-libs/zlib[static-libs(+)]
+	bzip2? ( app-arch/bzip2[static-libs(+)] )
 	xattr? ( sys-apps/attr[static-libs(+)] )"
 SOFTMMU_LIB_DEPEND="${COMMON_LIB_DEPEND}
 	>=x11-libs/pixman-0.28.0[static-libs(+)]
@@ -94,9 +99,9 @@ SOFTMMU_LIB_DEPEND="${COMMON_LIB_DEPEND}
 			vte? ( x11-libs/vte:2.90 )
 		)
 	)
-	infiniband? ( sys-infiniband/librdmacm:=[static-libs(+)] )
+	infiniband? ( sys-fabric/librdmacm:=[static-libs(+)] )
 	iscsi? ( net-libs/libiscsi )
-	jpeg? ( virtual/jpeg:=[static-libs(+)] )
+	jpeg? ( virtual/jpeg:0=[static-libs(+)] )
 	lzo? ( dev-libs/lzo:2[static-libs(+)] )
 	ncurses? ( sys-libs/ncurses:0=[static-libs(+)] )
 	nfs? ( >=net-fs/libnfs-1.9.3[static-libs(+)] )
@@ -330,9 +335,9 @@ src_prepare() {
 		-e 's/^(C|OP_C|HELPER_C)FLAGS=/\1FLAGS+=/' \
 		Makefile Makefile.target || die
 
-	epatch "${FILESDIR}"/qemu-2.5.0-cflags.patch
+	epatch "${FILESDIR}"/${PN}-2.5.0-cflags.patch
 	epatch "${FILESDIR}"/${PN}-2.5.0-sysmacros.patch
-
+	epatch "${FILESDIR}"/${P}-CVE-2016-6836.patch
 	# Fix ld and objcopy being called directly
 	tc-export AR LD OBJCOPY
 
@@ -395,6 +400,7 @@ qemu_src_configure() {
 	conf_opts+=(
 		$(conf_softmmu accessibility brlapi)
 		$(conf_softmmu aio linux-aio)
+		$(conf_softmmu bzip2)
 		$(conf_softmmu bluetooth bluez)
 		$(conf_softmmu caps cap-ng)
 		$(conf_softmmu curl)
@@ -465,6 +471,7 @@ qemu_src_configure() {
 			--disable-linux-user
 			--disable-system
 			--disable-blobs
+			$(use_enable bzip2)
 		)
 		static_flag="static"
 		;;
@@ -554,7 +561,6 @@ src_test() {
 qemu_python_install() {
 	python_domodule "${S}/scripts/qmp/qmp.py"
 
-	python_doscript "${S}/scripts/kvm/kvm_stat"
 	python_doscript "${S}/scripts/kvm/vmxcap"
 	python_doscript "${S}/scripts/qmp/qmp-shell"
 	python_doscript "${S}/scripts/qmp/qemu-ga-client"