Project

General

Profile

Bug #9107

Bug #9105: xapian-core: Cross-site-scripting in queryparser/termgenerator_internal.cc (CVE-2018-0499)

[3.8] xapian-core: Cross-site-scripting in queryparser/termgenerator_internal.cc (CVE-2018-0499)

Added by Alicha CH 9 months ago. Updated 9 months ago.

Status:
Resolved
Priority:
Normal
Category:
Security
Target version:
Start date:
07/17/2018
Due date:
% Done:

100%

Estimated time:
Affected versions:
Security IDs:

Description

A cross-site scripting vulnerability was found in queryparser/termgenerator_internal.cc in Xapian xapian-core
before 1.4.6 due to incomplete HTML escaping by Xapian::MSet::snippet().

Fixed In Version:

xapian-core 1.4.6

References:

https://trac.xapian.org/wiki/SecurityFixes/2018-07-02
https://lists.xapian.org/pipermail/xapian-discuss/2018-July/009652.html


Related issues

Copied from Alpine Linux - Bug #9105: xapian-core: Cross-site-scripting in queryparser/termgenerator_internal.cc (CVE-2018-0499)Resolved07/17/2018

Associated revisions

Revision 48c580dc (diff)
Added by Natanael Copa 9 months ago

community/xapian-core: security upgrade to 1.4.7 (CVE-2018-0499)

fixes #9107

History

#1 Updated by Alicha CH 9 months ago

  • Copied from Bug #9105: xapian-core: Cross-site-scripting in queryparser/termgenerator_internal.cc (CVE-2018-0499) added

#2 Updated by Natanael Copa 9 months ago

  • Status changed from New to Resolved
  • % Done changed from 0 to 100

#3 Updated by Francesco Colista 9 months ago

  • Category set to Security

Also available in: Atom PDF