From ${URL} : Quick Emulator(Qemu) built with the USB xHCI controller emulation support is vulnerable to a memory leakage issue. It could occur while doing a USB device unplug operation; Doing so repeatedly would result in leaking host memory, affecting other services on the host. A privileged user inside guest could use this flaw to cause a DoS on the host and/or potentially crash the Qemu process instance on the host. Upstream patch: --------------- -> https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg02773.html @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
Stabilization on #594368 commit 153ded7835ad0fbd8ec8a7552f90c973d1c2dd28 Author: Matthias Maier <tamiko@gentoo.org> Date: Mon Sep 26 21:01:29 2016 -0500 app-emulation/qemu: security fixes, bug #594520, bug #594368 CVE-2016-7466.patch # bug 594520 CVE-2016-7423.patch # bug 594368
This issue was resolved and addressed in GLSA 201611-11 at https://security.gentoo.org/glsa/201611-11 by GLSA coordinator Aaron Bauman (b-man).