A flaw was found in TinyXML2 6.2.0 has a heap-based buffer over-read in the XMLDocument::Parse function in libtinyxml2.so.
Created tinyxml2 tracking bugs for this issue:
Affects: epel-all [bug 1579560]
Affects: fedora-all [bug 1579559]
It looks like this bug was closed upstream citing the fact that this was an incorrect use of the API. Should we still try to look for ways to mitigate the issue, or defer to upstream and close these bugs out?