[v2.5] CVE-2013-4407: perl-http-body
HTTP::Body::Multipart in the HTTP-Body 1.08, 1.17, and earlier module for Perl uses the part of the uploaded file’s name after the first “.” character as the suffix of a temporary file, which makes it easier for remote attackers to conduct attacks by leveraging subsequent behavior that may assume the suffix is well-formed.
(from redmine: issue id 2458, created on 2013-12-03, closed on 2013-12-10)
main/perl-http-body: security fix CVE-2013-4407. Fixes #2458