Candidate: CVE-2011-1425
PublicDate: 2011-04-04 12:27:00 UTC
References: 
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1425
Description:
 xslt.c in XML Security Library (aka xmlsec) before 1.2.17, as used in
 WebKit and other products, when XSLT is enabled, allows remote attackers to
 create or overwrite arbitrary files via vectors involving the libxslt
 output extension and a ds:Transform element during signature verification.
Ubuntu-Description: 
Notes: 
Bugs: 
Priority: medium
Discovered-by: Nicolas Gregoire
Assigned-to: 
CVSS: 

Patches_xmlsec1:
 upstream: http://git.gnome.org/browse/xmlsec/commit/?id=2d5eddcc4163ea050cf3a3a1a25452bb5124f780
 vendor: http://www.debian.org/security/2011/dsa-2219
upstream_xmlsec1: released (1.2.14-1.1)
dapper_xmlsec1: ignored (reached end-of-life)
hardy_xmlsec1: ignored (reached end-of-life)
karmic_xmlsec1: ignored (reached end-of-life)
lucid_xmlsec1: ignored (reached end-of-life)
maverick_xmlsec1: released (1.2.14-1+squeeze1build0.10.10.1)
natty_xmlsec1: released (1.2.14-1+squeeze1build0.11.04.1)
oneiric_xmlsec1: not-affected (1.2.14-1.1)
precise_xmlsec1: not-affected (1.2.14-1.1)
quantal_xmlsec1: not-affected (1.2.14-1.1)
raring_xmlsec1: not-affected (1.2.14-1.1)
saucy_xmlsec1: not-affected (1.2.14-1.1)
devel_xmlsec1: not-affected (1.2.14-1.1)