diff --git a/main/perl-http-body/APKBUILD b/main/perl-http-body/APKBUILD
index d78ff6b8e216aea54aa14308177a1878293b6599..7084cb82858e84197d1900b9a68ca7b504fe78e2 100644
--- a/main/perl-http-body/APKBUILD
+++ b/main/perl-http-body/APKBUILD
@@ -2,7 +2,7 @@
 # Maintainer: Natanael Copa <ncopa@alpinelinux.org>
 pkgname=perl-http-body
 pkgver=1.22
-pkgrel=1
+pkgrel=2
 pkgdesc="HTTP::Body perl module"
 url="https://search.cpan.org/dist/HTTP-Body/"
 arch="noarch"
@@ -10,9 +10,15 @@ license="GPL-2.0 or Artistic"
 depends="perl perl-http-message perl-uri"
 makedepends="perl-test-deep"
 subpackages="$pkgname-doc"
-source="https://search.cpan.org/CPAN/authors/id/G/GE/GETTY/HTTP-Body-$pkgver.tar.gz"
+source="
+	https://search.cpan.org/CPAN/authors/id/G/GE/GETTY/HTTP-Body-$pkgver.tar.gz
+	HTTP-Body-1.190.0-CVE-2013-4407.patch"
 builddir="$srcdir"/HTTP-Body-$pkgver
 
+# secfixes:
+#   1.22-r2:
+#     - CVE-2013-4407
+
 build() {
 	PERL_MM_USE_DEFAULT=1 perl Makefile.PL INSTALLDIRS=vendor
 	make
@@ -27,4 +33,7 @@ package() {
 	find "$pkgdir" \( -name perllocal.pod -o -name .packlist \) -delete
 }
 
-sha512sums="62665989d76699a3c3747d8f4e23d2009488bc229220bcf6fc07fc425e6ac5118f6ea48c75af681c2f29e9ed644d7a7979368cc36df77aca0544786b523c9cfe  HTTP-Body-1.22.tar.gz"
+sha512sums="
+62665989d76699a3c3747d8f4e23d2009488bc229220bcf6fc07fc425e6ac5118f6ea48c75af681c2f29e9ed644d7a7979368cc36df77aca0544786b523c9cfe  HTTP-Body-1.22.tar.gz
+9e2988eb26b54588d314c9ea7511dfcb1c4d91cac60fda7db5f3c41ebf72d6b16cb1e3983817d63ea28b413f82489c3e69f332daab0ff049349ec97b4498bfae  HTTP-Body-1.190.0-CVE-2013-4407.patch
+"
diff --git a/main/perl-http-body/HTTP-Body-1.190.0-CVE-2013-4407.patch b/main/perl-http-body/HTTP-Body-1.190.0-CVE-2013-4407.patch
new file mode 100644
index 0000000000000000000000000000000000000000..292cac3aa6f46c0a22b0f8148b96f2b3c9a6f8b1
--- /dev/null
+++ b/main/perl-http-body/HTTP-Body-1.190.0-CVE-2013-4407.patch
@@ -0,0 +1,31 @@
+Description: Allow only word characters in filename suffixes
+ CVE-2013-4407: Allow only word characters in filename suffixes. An
+ attacker able to upload files to a service that uses
+ HTTP::Body::Multipart could use this issue to upload a file and create
+ a specifically-crafted temporary filename on the server, that when
+ processed without further validation, could allow execution of commands
+ on the server.
+Origin: vendor
+Bug: https://rt.cpan.org/Ticket/Display.html?id=88342
+Bug-Debian: http://bugs.debian.org/721634
+Bug-RedHat: https://bugzilla.redhat.com/show_bug.cgi?id=1005669
+Forwarded: no
+Author: Salvatore Bonaccorso <carnil@debian.org>
+Last-Update: 2013-10-21
+
+Updated by Andreas K. Huettel <dilfridge@gentoo.org> for HTTP-Body-1.19
+
+diff -ruN HTTP-Body-1.19.orig/lib/HTTP/Body/MultiPart.pm HTTP-Body-1.19/lib/HTTP/Body/MultiPart.pm
+--- HTTP-Body-1.19.orig/lib/HTTP/Body/MultiPart.pm	2013-12-06 16:07:25.000000000 +0100
++++ HTTP-Body-1.19/lib/HTTP/Body/MultiPart.pm	2014-11-30 23:17:19.652051615 +0100
+@@ -258,8 +258,8 @@
+ 
+ =cut
+ 
+-our $basename_regexp = qr/[^.]+(\.[^\\\/]+)$/;
+-#our $basename_regexp = qr/(\.\w+(?:\.\w+)*)$/;
++#our $basename_regexp = qr/[^.]+(\.[^\\\/]+)$/;
++our $basename_regexp = qr/(\.\w+(?:\.\w+)*)$/;
+ 
+ sub handler {
+     my ( $self, $part ) = @_;