From ${URL} : Quick emulator(Qemu) built with the USB xHCI controller emulator support is vulnerable to an infinite loop issue. It could occur while processing control transfer descriptors' sequence in xhci_kick_epctx. A privileged user inside guest could use this flaw to crash the Qemu process resulting in DoS. Upstream patch: --------------- -> https://lists.gnu.org/archive/html/qemu-devel/2017-02/msg01101.html Reference: ---------- -> http://www.openwall.com/lists/oss-security/2017/02/13/11 @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
Arches and Maintainer(s), Thank you for your work. Added to an existing GLSA Request.
This issue was resolved and addressed in GLSA 201704-01 at https://security.gentoo.org/glsa/201704-01 by GLSA coordinator Kristian Fiskerstrand (K_F).
