[v2.7] CVE-2013-4407: perl-http-body
HTTP::Body::Multipart in the HTTP-Body 1.08, 1.17, and earlier module for Perl uses the part of the uploaded file’s name after the first “.” character as the suffix of a temporary file, which makes it easier for remote attackers to conduct attacks by leveraging subsequent behavior that may assume the suffix is well-formed.
•CONFIRM:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=721634
•DEBIAN:DSA-2801
•URL:http://www.debian.org/security/2013/dsa-2801
(from redmine: issue id 2460, created on 2013-12-03, closed on 2013-12-10)
- Relations:
- parent #2456 (closed)
- Changesets:
- Revision fc63abb7 on 2013-12-03T15:55:07Z:
main/perl-http-body: security fix CVE-2013-4407. Fixes #2460