Download
| Alert*
DSA-2219-1 xmlsec1 -- arbitrary file overwrite
Nicolas Gregoire discovered that the XML Security Library xmlsec allowed remote attackers to create or overwrite arbitrary files through specially crafted XML files using the libxslt output extension and a ds:Transform element during signature verification.
|