1099925 – (CVE-2018-0499) VUL-0: CVE-2018-0499: xapian-core: A cross-site scripting vulnerability in queryparser/termgenerator_internal.cc inXapian xapian-core before 1.4.6 exists due to incomplete HTML escaping byXapian::MSet::snippet().

Bug 1099925 (CVE-2018-0499) - VUL-0: CVE-2018-0499: xapian-core: A cross-site scripting vulnerability in queryparser/termgenerator_internal.cc inXapian xapian-core before 1.4.6 exists due to incomplete HTML escaping byXapian::MSet::snippet().

Summary: VUL-0: CVE-2018-0499: xapian-core: A cross-site scripting vulnerability in qu...

Status:	RESOLVED FIXED

Alias:	CVE-2018-0499

Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents (show other bugs)
Version:	unspecified
Hardware:	Other Other

Priority:	P3 - Medium Severity: Normal
Target Milestone:	---
Assignee:	Antonio Larrosa
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/209236/
Whiteboard:	CVSSv3:SUSE:CVE-2018-0499:8.8:(AV:N/A...
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2018-07-03 05:42 UTC by Marcus Meissner
Modified:	2024-06-11 19:01 UTC (History)
CC List:	5 users (show)

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Marcus Meissner 2018-07-03 05:42:36 UTC

CVE-2018-0499

A cross-site scripting vulnerability in queryparser/termgenerator_internal.cc in
Xapian xapian-core before 1.4.6 exists due to incomplete HTML escaping by
Xapian::MSet::snippet().

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0499
https://trac.xapian.org/wiki/SecurityFixes/2018-07-02
https://lists.xapian.org/pipermail/xapian-discuss/2018-July/009652.html

Comment 1 Antonio Larrosa 2018-07-03 09:50:58 UTC

I updated xapian-core/xapian-omega and xapian-bindings in server:search to 1.4.6 (which includes the fix for this issue) with sr 620422, 620423 and 620424 in order to submit them to Tumbleweed.

I submitted isr 168041 to SLE-15:Update to include the patch that fixes this issue.

SLE-12 is not affected since it has xapian-core 1.2.17 which isn't affected according to upstream (it doesn't even include the vulnerable method). The same happens to Leap 42.3 (which has xapian-core 1.2.21)

Comment 3 Alexander Bergmann 2019-07-19 10:17:28 UTC

@Antonio: Could you also submit version 1.4.6 to openSUSE Leap?