[3.8] xapian-core: Cross-site-scripting in queryparser/termgenerator_internal.cc (CVE-2018-0499)
A cross-site scripting vulnerability was found in
queryparser/termgenerator_internal.cc in Xapian xapian-core
before 1.4.6 due to incomplete HTML escaping by Xapian::MSet::snippet().
Fixed In Version:
xapian-core 1.4.6
References:
https://trac.xapian.org/wiki/SecurityFixes/2018-07-02
https://lists.xapian.org/pipermail/xapian-discuss/2018-July/009652.html
(from redmine: issue id 9107, created on 2018-07-17, closed on 2019-05-04)
- Relations:
- copied_to #9105 (closed)
- parent #9105 (closed)
- Changesets:
- Revision 48c580dc by Natanael Copa on 2018-07-30T11:43:48Z:
community/xapian-core: security upgrade to 1.4.7 (CVE-2018-0499)
fixes #9107