CVE-2011-1425 in Ubuntu

CVE-2011-1425

Priority

Description

xslt.c in XML Security Library (aka xmlsec) before 1.2.17, as used in
WebKit and other products, when XSLT is enabled, allows remote attackers to
create or overwrite arbitrary files via vectors involving the libxslt
output extension and a ds:Transform element during signature verification.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1425

Notes

Package

Source: xmlsec1 (LP Ubuntu Debian)

Upstream:	released (1.2.14-1.1)
Ubuntu 22.04 LTS (Jammy Jellyfish):	not-affected (1.2.14-1.1)

Patches:

Upstream:	http://git.gnome.org/browse/xmlsec/commit/?id=2d5eddcc4163ea050cf3a3a1a25452bb5124f780
Vendor:	http://www.debian.org/security/2011/dsa-2219

More Information

Mitre
NVD
Launchpad
Debian

Updated: 2022-02-10 23:51:48 UTC (commit acb3d89ab51f1d5e5543fa993969c0eb13c71f04)