rpms/qt
3
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

fixed bz#1409600, stack overflow in QXmlSimpleReader, CVE-2016-1004

Browse Source
This commit is contained in:
Than Ngo 2017-07-11 10:17:14 +02:00
parent ec0ac4149e
commit 37a2aba837
2 changed files with 5 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
qt-everywhere-opensource-src-4.8.5-QTBUG-35459.patch
View File

@ -6,7 +6,7 @@ diff -ur qt-everywhere-opensource-src-4.8.5-CVE-2013-4549/src/xml/sax/qxml.cpp q
static const int dtdRecursionLimit = 2;
// The maximum amount of characters an entity value may contain, after expansion.
- static const int entityCharacterLimit = 1024;
+ static const int entityCharacterLimit = 65536;
+ static const int entityCharacterLimit = 4096;
const QString &string();
void stringClear();

5
qt.spec
View File

@ -44,7 +44,7 @@ Summary: Qt toolkit
Name: qt
Epoch: 1
Version: 4.8.7
Release: 28%{?dist}
Release: 29%{?dist}
# See LGPL_EXCEPTIONS.txt, LICENSE.GPL3, respectively, for exception details
License: (LGPLv2 with exceptions or GPLv3 with exceptions) and ASL 2.0 and BSD and FTL and MIT
@ -1396,6 +1396,9 @@ fi
%changelog
* Tue Jul 11 2017 Than Ngo <than@redhat.com> - 1:4.8.7-29
- fixed bz#1409600, stack overflow in QXmlSimpleReader, CVE-2016-1004
* Mon May 15 2017 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1:4.8.7-28
- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_27_Mass_Rebuild