This update fixes CVE-2016-10040, a stack overflow in QXmlSimpleReader due to a too lenient entityCharacterLimit in our version of the patch for CVE-2013-4549. (The limit was increased from the upstream 1024 to 65536 to address QTBUG-35459, an issue where the security fix was breaking existing real-world XML files. Unfortunately, that is too much to actually fit on the CPU stack. This fix decreases the limit to 4096.)
It also fixes the QMySql driver to work with the version of MariaDB in Fedora 27.
Updates may require up to 24 hours to propagate to mirrors. If the following command doesn't work, please retry later:
sudo dnf upgrade --refresh --advisory=FEDORA-2018-0a0da2f3b7
Please log in to add feedback.
This update has been submitted for testing by kkofler.
This update has been pushed to testing.
This update has reached 7 days in testing and can be pushed to stable now if the maintainer wishes
This update has been submitted for batched by kkofler.
This update has been submitted for stable by kkofler.
This update has been pushed to stable.