CVE-2013-4407: perl-http-body
HTTP::Body::Multipart in the HTTP-Body 1.08, 1.17, and earlier module for Perl uses the part of the uploaded file’s name after the first “.” character as the suffix of a temporary file, which makes it easier for remote attackers to conduct attacks by leveraging subsequent behavior that may assume the suffix is well-formed.
•CONFIRM:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=721634
•DEBIAN:DSA-2801
•URL:http://www.debian.org/security/2013/dsa-2801
(from redmine: issue id 2456, created on 2013-12-03, closed on 2013-12-10)
- Relations:
- child #2457 (closed)
- child #2458 (closed)
- child #2459 (closed)
- child #2460 (closed)
- Changesets:
- Revision 213ebd00 by Natanael Copa on 2013-12-03T15:39:36Z:
main/perl-http-body: upgrade to 1.17 and fix CVE-2013-4407
ref #2456