A cross-site scripting vulnerability was found in queryparser/termgenerator_internal.cc in Xapian xapian-core before 1.4.6 due to incomplete HTML escaping by Xapian::MSet::snippet(). References: https://lists.xapian.org/pipermail/xapian-discuss/2018-July/009652.html https://trac.xapian.org/wiki/SecurityFixes/2018-07-02
Created xapian-core tracking bugs for this issue: Affects: epel-all [bug 1597586] Affects: fedora-all [bug 1597585]