fixed bz#1409600, stack overflow in QXmlSimpleReader, CVE-2016-1004
This commit is contained in:
parent
0c24e255bb
commit
41dc0b76de
@ -6,7 +6,7 @@ diff -ur qt-everywhere-opensource-src-4.8.5-CVE-2013-4549/src/xml/sax/qxml.cpp q
|
||||
static const int dtdRecursionLimit = 2;
|
||||
// The maximum amount of characters an entity value may contain, after expansion.
|
||||
- static const int entityCharacterLimit = 1024;
|
||||
+ static const int entityCharacterLimit = 65536;
|
||||
+ static const int entityCharacterLimit = 4096;
|
||||
|
||||
const QString &string();
|
||||
void stringClear();
|
||||
|
5
qt.spec
5
qt.spec
@ -44,7 +44,7 @@ Summary: Qt toolkit
|
||||
Name: qt
|
||||
Epoch: 1
|
||||
Version: 4.8.7
|
||||
Release: 20%{?dist}
|
||||
Release: 21%{?dist}
|
||||
|
||||
# See LGPL_EXCEPTIONS.txt, LICENSE.GPL3, respectively, for exception details
|
||||
License: (LGPLv2 with exceptions or GPLv3 with exceptions) and ASL 2.0 and BSD and FTL and MIT
|
||||
@ -1386,6 +1386,9 @@ fi
|
||||
|
||||
|
||||
%changelog
|
||||
* Tue Jul 11 2017 Than Ngo <than@redhat.com> - 1:4.8.7-21
|
||||
- fixed bz#1409600, stack overflow in QXmlSimpleReader, CVE-2016-1004
|
||||
|
||||
* Wed Nov 30 2016 Rex Dieter <rdieter@fedoraproject.org> - 4.8.7-20
|
||||
- FTBFS firebird
|
||||
- FTBFS openssl-1.1, bootstrap using -no-openssl (#1400196)
|
||||
|
Loading…
Reference in New Issue
Block a user