From 54809cd81b104eff743b46aa7fe8744cab46cf98 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Sl=C3=A1vek=20Banko?= <slavek.banko@axis.cz>
Date: Thu, 26 Jul 2018 18:31:13 +0200
Subject: Fix security issue CVE-2016-10040 [taken from RedHat Qt3 patches]
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Slávek Banko <slavek.banko@axis.cz>
---
 src/xml/qxml.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/xml/qxml.h b/src/xml/qxml.h
index 6d0bee8..dda718e 100644
--- a/src/xml/qxml.h
+++ b/src/xml/qxml.h
@@ -311,7 +311,7 @@ private:
     // for the DTD currently being parsed.
     static const uint dtdRecursionLimit = 2U;
     // The maximum amount of characters an entity value may contain, after expansion.
-    static const uint entityCharacterLimit = 65536U;
+    static const uint entityCharacterLimit = 4096U;
 
     const QString &string();
     void stringClear();
-- 
cgit v1.2.3