From ${URL} : Quick Emulator built with the USB OHCI Emulation support is vulnerable to an infinite loop issue. It could occur while processing an endpoint list descriptor in ohci_service_ed_list(). A guest user/process could use this flaw to crash Qemu process resulting in DoS. Upstream patch: --------------- -> http://git.qemu.org/?p=qemu.git;a=commitdiff;h=26f670a244982335cc08943fb1ec099a2c81e42d Reference: ---------- -> http://www.openwall.com/lists/oss-security/2017/06/01/3 @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
The fix is in upstream commit 26f670a244982335cc08943fb1ec099a2c81e42d which was already applied to the 2.9.0 release. Security, please add to existing GLSA (bug #616874 and others).
Added to an existing GLSA.
This issue was resolved and addressed in GLSA 201706-03 at https://security.gentoo.org/glsa/201706-03 by GLSA coordinator Yury German (BlueKnight).
