A vulnerability was discovered and corrected in xmlsec1: xslt.c in XML Security Library before 1.2.17, as used in WebKit and other products, when XSLT is enabled, allows remote attackers to create or overwrite arbitrary files via vectors involving the libxslt output extension and a ds:Transform element during signature verification . Packages for 2009.0 are provided as of the Extended Maintenance Program