aboutsummaryrefslogtreecommitdiffstats
path: root/main/perl-http-body/CVE-2013-4407.patch
diff options
context:
space:
mode:
Diffstat (limited to 'main/perl-http-body/CVE-2013-4407.patch')
-rw-r--r--main/perl-http-body/CVE-2013-4407.patch26
1 files changed, 26 insertions, 0 deletions
diff --git a/main/perl-http-body/CVE-2013-4407.patch b/main/perl-http-body/CVE-2013-4407.patch
new file mode 100644
index 0000000000..5071bac31a
--- /dev/null
+++ b/main/perl-http-body/CVE-2013-4407.patch
@@ -0,0 +1,26 @@
+Description: Allow only word characters in filename suffixes
+ CVE-2013-4407: Allow only word characters in filename suffixes. An
+ attacker able to upload files to a service that uses
+ HTTP::Body::Multipart could use this issue to upload a file and create
+ a specifically-crafted temporary filename on the server, that when
+ processed without further validation, could allow execution of commands
+ on the server.
+Origin: vendor
+Bug: https://rt.cpan.org/Ticket/Display.html?id=88342
+Bug-Debian: http://bugs.debian.org/721634
+Bug-RedHat: https://bugzilla.redhat.com/show_bug.cgi?id=1005669
+Forwarded: no
+Author: Salvatore Bonaccorso <carnil@debian.org>
+Last-Update: 2013-10-21
+
+--- a/lib/HTTP/Body/MultiPart.pm
++++ b/lib/HTTP/Body/MultiPart.pm
+@@ -275,7 +275,7 @@
+
+ if ( $filename ne "" ) {
+ my $basename = (File::Spec->splitpath($filename))[2];
+- my $suffix = $basename =~ /[^.]+(\.[^\\\/]+)$/ ? $1 : q{};
++ my $suffix = $basename =~ /(\.\w+(?:\.\w+)*)$/ ? $1 : q{};
+
+ my $fh = File::Temp->new( UNLINK => 0, DIR => $self->tmpdir, SUFFIX => $suffix );
+