rpms
/
qt5-qtbase
2
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

fixed bz#1409600, stack overflow in QXmlSimpleReader, CVE-2016-10040

This commit is contained in:
Than Ngo 2017-07-06 15:05:37 +02:00
parent 6162fbda3f
commit 241e6ae46d
2 changed files with 5 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
qt5-qtbase.spec
View File

@ -49,7 +49,7 @@ BuildRequires: pkgconfig(libsystemd)
Name: qt5-qtbase
Summary: Qt5 - QtBase components
Version: 5.9.0
Release: 3%{?dist}
Release: 4%{?dist}
# See LGPL_EXCEPTIONS.txt, for exception details
License: LGPLv2 with exceptions or GPLv3 with exceptions
@ -948,6 +948,9 @@ fi
%changelog
* Thu Jul 06 2017 Than Ngo <than@redhat.com> - 5.9.0-4
- fixed bz#1409600, stack overflow in QXmlSimpleReader, CVE-2016-10040
* Fri Jun 16 2017 Rex Dieter <rdieter@fedoraproject.org> - 5.9.0-3
- create_cmake.prf: adjust CMAKE_NO_PRIVATE_INCLUDES (#1456211,QTBUG-37417)

2
qtbase-opensource-src-5.3.2-QTBUG-35459.patch
View File

@ -7,7 +7,7 @@ diff -up qtbase-opensource-src-5.3.2/src/xml/sax/qxml_p.h.QTBUG-35459 qtbase-ope
static const int dtdRecursionLimit = 2;
// The maximum amount of characters an entity value may contain, after expansion.
- static const int entityCharacterLimit = 1024;
+ static const int entityCharacterLimit = 65536;
+ static const int entityCharacterLimit = 4096;
const QString &string();
void stringClear();