Nicolas Gregoire discovered that the XML Security Library xmlsec allowed remote attackers to create or overwrite arbitrary files through specially crafted XML files using the libxslt output extension and a ds:Transform element during signature verification. For the oldstable distribution (lenny), this problem has been fixed in version 1.2.9-5+lenny1. For the stable distribution (squeeze), this problem has been fixed in version 1.2.14-1+squeeze1. For the testing distribution (wheezy) and unstable distribution (sid), this problem has been fixed in version 1.2.14-1.1. We recommend that you upgrade your xmlsec1 packages.
Nicolas Gregoire discovered that the XML Security Library xmlsec allowed remote attackers to create or overwrite arbitrary files through specially crafted XML files using the libxslt output extension and a ds:Transform element during signature verification.
For the oldstable distribution (lenny), this problem has been fixed in version 1.2.9-5+lenny1.
For the stable distribution (squeeze), this problem has been fixed in version 1.2.14-1+squeeze1.
For the testing distribution (wheezy) and unstable distribution (sid), this problem has been fixed in version 1.2.14-1.1.
We recommend that you upgrade your xmlsec1 packages.