diff --git a/app-emulation/qemu/files/CVE-2014-5388.patch b/app-emulation/qemu/files/CVE-2014-5388.patch
new file mode 100644
index 0000000..3481e9e
--- /dev/null
+++ b/app-emulation/qemu/files/CVE-2014-5388.patch
@@ -0,0 +1,12 @@
+https://lists.gnu.org/archive/html/qemu-devel/2014-08/msg03338.html
+--- hw/acpi/pcihp.c.orig	2014-08-27 12:53:38.200621592 +0000
++++ hw/acpi/pcihp.c	2014-08-27 12:53:58.390518561 +0000
+@@ -231,7 +231,7 @@
+     uint32_t val = 0;
+     int bsel = s->hotplug_select;
+ 
+-    if (bsel < 0 || bsel > ACPI_PCIHP_MAX_HOTPLUG_BUS) {
++    if (bsel < 0 || bsel >= ACPI_PCIHP_MAX_HOTPLUG_BUS) {
+         return 0;
+     }
+ 
diff --git a/app-emulation/qemu/qemu-2.1.0.ebuild b/app-emulation/qemu/qemu-2.1.0-r1.ebuild
similarity index 99%
rename from app-emulation/qemu/qemu-2.1.0.ebuild
rename to app-emulation/qemu/qemu-2.1.0-r1.ebuild
index 040cc2d..8b5c7ea 100644
--- a/app-emulation/qemu/qemu-2.1.0.ebuild
+++ b/app-emulation/qemu/qemu-2.1.0-r1.ebuild
@@ -77,7 +77,7 @@ SOFTMMU_LIB_DEPEND="${COMMON_LIB_DEPEND}
 	jpeg? ( virtual/jpeg[static-libs(+)] )
 	lzo? ( dev-libs/lzo:2[static-libs(+)] )
 	ncurses? ( sys-libs/ncurses[static-libs(+)] )
-	nfs? ( net-fs/libnfs[static-libs(+)] )
+	nfs? ( >=net-fs/libnfs-1.9.3[static-libs(+)] )
 	numa? ( sys-process/numactl[static-libs(+)] )
 	png? ( media-libs/libpng[static-libs(+)] )
 	rbd? ( sys-cluster/ceph[static-libs(+)] )
@@ -252,6 +252,7 @@ src_prepare() {
 	use nls || rm -f po/*.po
 
 	epatch "${FILESDIR}"/qemu-1.7.0-cflags.patch
+	epatch "${FILESDIR}"/CVE-2014-5388.patch
 	[[ -n ${BACKPORTS} ]] && \
 		EPATCH_FORCE=yes EPATCH_SUFFIX="patch" EPATCH_SOURCE="${S}/patches" \
 			epatch