From 66a9352083f29737022d94a32a8edbc0db854aaa Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Sl=C3=A1vek=20Banko?= <slavek.banko@axis.cz>
Date: Thu, 26 Jul 2018 18:31:13 +0200
Subject: Fix security issue CVE-2016-10040 [taken from RedHat Qt3 patches]
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Slávek Banko <slavek.banko@axis.cz>
(cherry picked from commit 54809cd81b104eff743b46aa7fe8744cab46cf98)
---
 src/xml/qxml.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'src/xml')

diff --git a/src/xml/qxml.h b/src/xml/qxml.h
index 6d0bee8..dda718e 100644
--- a/src/xml/qxml.h
+++ b/src/xml/qxml.h
@@ -311,7 +311,7 @@ private:
     // for the DTD currently being parsed.
     static const uint dtdRecursionLimit = 2U;
     // The maximum amount of characters an entity value may contain, after expansion.
-    static const uint entityCharacterLimit = 65536U;
+    static const uint entityCharacterLimit = 4096U;
 
     const QString &string();
     void stringClear();
-- 
cgit v1.2.1