From ${URL} : Quick Emulator(Qemu) built with the ColdFire Fast Ethernet Controller emulator support is vulnerable to an infinite loop issue. It could occur while receiving packets in 'mcf_fec_receive'. A privileged user/process inside guest could use this issue to crash the Qemu process on the host leading to DoS. Upstream patch -------------- -> https://lists.gnu.org/archive/html/qemu-devel/2016-11/msg05324.html Reference: ---------- -> https://bugzilla.redhat.com/show_bug.cgi?id=1400829 @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
this is in the 2.8.0 release
Stabilization will be happen as part of bug 601824.
Added to an existing GLSA request.
This issue was resolved and addressed in GLSA 201701-49 at https://security.gentoo.org/glsa/201701-49 by GLSA coordinator Aaron Bauman (b-man).