CVE-2013-4407: perl-http-body

HTTP::Body::Multipart in the HTTP-Body 1.08, 1.17, and earlier module for Perl uses the part of the uploaded file’s name after the first “.” character as the suffix of a temporary file, which makes it easier for remote attackers to conduct attacks by leveraging subsequent behavior that may assume the suffix is well-formed.

•CONFIRM:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=721634
•DEBIAN:DSA-2801
•URL:http://www.debian.org/security/2013/dsa-2801

(from redmine: issue id 2456, created on 2013-12-03, closed on 2013-12-10)

Relations:
- child #2457 (closed)
- child #2458 (closed)
- child #2459 (closed)
- child #2460 (closed)
Changesets:
- Revision 213ebd00 by Natanael Copa on 2013-12-03T15:39:36Z:

main/perl-http-body: upgrade to 1.17 and fix CVE-2013-4407

ref #2456

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information