Errata overview
Errata ID 199
Date 2018-08-15
Source package xapian-core
Fixed in version 1.4.3-2+deb9u1
Description 
This update addresses the following issue:
* A cross-site scripting vulnerability exists due to incomplete HTML escaping
  by Xapian::MSet::snippet() (CVE-2018-0499)
Additional notes
CVE ID CVE-2018-0499
UCS Bug number #47489