CVE-2012-2693 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2693): libvirt, possibly before 0.9.12, does not properly assign USB devices to virtual machines when multiple devices have the same vendor and product ID, which might cause the wrong device to be associated with a guest and might allow local users to access unintended USB devices.
I've added the original RedHat bugzilla entry where I believe we discussed this originally. Unfortunately its locked so I can't confirm.
Just looking at the patches I believe fix this, it appears they are in 0.9.11.4 and 0.9.12.
FWIW, 0.9.12 and 0.9.11.4 are both in the tree and can be stabilized.
Thanks, Doug. Arches, please test and mark stable: =app-emulation/libvirt-0.9.11.4 =app-emulation/libvirt-0.9.12 Target KEYWORDS: "amd64 x86"
amd64 stable
x86 stable
Thanks, everyone. Closing noglsa for C4 rating.