fixed bz#1409600, stack overflow in QXmlSimpleReader, CVE-2016-1004
This commit is contained in:
parent
0c24e255bb
commit
41dc0b76de
|
@ -6,7 +6,7 @@ diff -ur qt-everywhere-opensource-src-4.8.5-CVE-2013-4549/src/xml/sax/qxml.cpp q
|
||||||
static const int dtdRecursionLimit = 2;
|
static const int dtdRecursionLimit = 2;
|
||||||
// The maximum amount of characters an entity value may contain, after expansion.
|
// The maximum amount of characters an entity value may contain, after expansion.
|
||||||
- static const int entityCharacterLimit = 1024;
|
- static const int entityCharacterLimit = 1024;
|
||||||
+ static const int entityCharacterLimit = 65536;
|
+ static const int entityCharacterLimit = 4096;
|
||||||
|
|
||||||
const QString &string();
|
const QString &string();
|
||||||
void stringClear();
|
void stringClear();
|
||||||
|
|
5
qt.spec
5
qt.spec
|
@ -44,7 +44,7 @@ Summary: Qt toolkit
|
||||||
Name: qt
|
Name: qt
|
||||||
Epoch: 1
|
Epoch: 1
|
||||||
Version: 4.8.7
|
Version: 4.8.7
|
||||||
Release: 20%{?dist}
|
Release: 21%{?dist}
|
||||||
|
|
||||||
# See LGPL_EXCEPTIONS.txt, LICENSE.GPL3, respectively, for exception details
|
# See LGPL_EXCEPTIONS.txt, LICENSE.GPL3, respectively, for exception details
|
||||||
License: (LGPLv2 with exceptions or GPLv3 with exceptions) and ASL 2.0 and BSD and FTL and MIT
|
License: (LGPLv2 with exceptions or GPLv3 with exceptions) and ASL 2.0 and BSD and FTL and MIT
|
||||||
|
@ -1386,6 +1386,9 @@ fi
|
||||||
|
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Tue Jul 11 2017 Than Ngo <than@redhat.com> - 1:4.8.7-21
|
||||||
|
- fixed bz#1409600, stack overflow in QXmlSimpleReader, CVE-2016-1004
|
||||||
|
|
||||||
* Wed Nov 30 2016 Rex Dieter <rdieter@fedoraproject.org> - 4.8.7-20
|
* Wed Nov 30 2016 Rex Dieter <rdieter@fedoraproject.org> - 4.8.7-20
|
||||||
- FTBFS firebird
|
- FTBFS firebird
|
||||||
- FTBFS openssl-1.1, bootstrap using -no-openssl (#1400196)
|
- FTBFS openssl-1.1, bootstrap using -no-openssl (#1400196)
|
||||||
|
|
Loading…
Reference in New Issue