aboutsummaryrefslogtreecommitdiffstats
path: root/main/perl-http-body/CVE-2013-4407.patch
diff options
context:
space:
mode:
Diffstat (limited to 'main/perl-http-body/CVE-2013-4407.patch')
-rw-r--r--main/perl-http-body/CVE-2013-4407.patch26
1 files changed, 0 insertions, 26 deletions
diff --git a/main/perl-http-body/CVE-2013-4407.patch b/main/perl-http-body/CVE-2013-4407.patch
deleted file mode 100644
index 5071bac31a..0000000000
--- a/main/perl-http-body/CVE-2013-4407.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-Description: Allow only word characters in filename suffixes
- CVE-2013-4407: Allow only word characters in filename suffixes. An
- attacker able to upload files to a service that uses
- HTTP::Body::Multipart could use this issue to upload a file and create
- a specifically-crafted temporary filename on the server, that when
- processed without further validation, could allow execution of commands
- on the server.
-Origin: vendor
-Bug: https://rt.cpan.org/Ticket/Display.html?id=88342
-Bug-Debian: http://bugs.debian.org/721634
-Bug-RedHat: https://bugzilla.redhat.com/show_bug.cgi?id=1005669
-Forwarded: no
-Author: Salvatore Bonaccorso <carnil@debian.org>
-Last-Update: 2013-10-21
-
---- a/lib/HTTP/Body/MultiPart.pm
-+++ b/lib/HTTP/Body/MultiPart.pm
-@@ -275,7 +275,7 @@
-
- if ( $filename ne "" ) {
- my $basename = (File::Spec->splitpath($filename))[2];
-- my $suffix = $basename =~ /[^.]+(\.[^\\\/]+)$/ ? $1 : q{};
-+ my $suffix = $basename =~ /(\.\w+(?:\.\w+)*)$/ ? $1 : q{};
-
- my $fh = File::Temp->new( UNLINK => 0, DIR => $self->tmpdir, SUFFIX => $suffix );
-