From ${URL} : Quick Emulator(Qemu) built with the VMWARE PVSCSI paravirtual SCSI bus emulation support is vulnerable to an infinite loop issue. It could occur while processing SCSI IO requests. A privileged user inside guest could use this flaw to crash the Qemu process resulting in DoS. Upstream patch: --------------- -> https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg03609.html Reference: ---------- -> https://bugzilla.redhat.com/show_bug.cgi?id=1376731 This issue was reported by Li Qiang of 360.cn Inc. @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
commit b50850bf14489740441b408a2d45f6e64d724f7d Author: Matthias Maier <tamiko@gentoo.org> Date: Sat Sep 17 23:02:53 2016 -0500 app-emulation/qemu: security fixes, ebuild maintenance bug 593956: CVE-2016-7422 bug 593950: CVE-2016-7421 bug 590230: missing use depend opengl? ( media-libs/mesa[...,gbm] ) bug 575326: update to readme.gentoo-r1 eclass Package-Manager: portage-2.2.28
This issue was resolved and addressed in GLSA 201609-01 at https://security.gentoo.org/glsa/201609-01 by GLSA coordinator Yury German (BlueKnight).
