diff options
author | V3n3RiX <venerix@redcorelinux.org> | 2018-07-14 20:57:42 +0100 |
---|---|---|
committer | V3n3RiX <venerix@redcorelinux.org> | 2018-07-14 20:57:42 +0100 |
commit | 1798c4aeca70ac8d0a243684d6a798fbc65735f8 (patch) | |
tree | e48e19cb6fa03de18e1c63e1a93371b7ebc4eb56 /dev-perl/HTTP-Body/files/HTTP-Body-1.190.0-CVE-2013-4407.patch | |
parent | d87262dd706fec50cd150aab3e93883b6337466d (diff) |
gentoo resync : 14.07.2018
Diffstat (limited to 'dev-perl/HTTP-Body/files/HTTP-Body-1.190.0-CVE-2013-4407.patch')
-rw-r--r-- | dev-perl/HTTP-Body/files/HTTP-Body-1.190.0-CVE-2013-4407.patch | 31 |
1 files changed, 0 insertions, 31 deletions
diff --git a/dev-perl/HTTP-Body/files/HTTP-Body-1.190.0-CVE-2013-4407.patch b/dev-perl/HTTP-Body/files/HTTP-Body-1.190.0-CVE-2013-4407.patch deleted file mode 100644 index 292cac3aa6f4..000000000000 --- a/dev-perl/HTTP-Body/files/HTTP-Body-1.190.0-CVE-2013-4407.patch +++ /dev/null @@ -1,31 +0,0 @@ -Description: Allow only word characters in filename suffixes - CVE-2013-4407: Allow only word characters in filename suffixes. An - attacker able to upload files to a service that uses - HTTP::Body::Multipart could use this issue to upload a file and create - a specifically-crafted temporary filename on the server, that when - processed without further validation, could allow execution of commands - on the server. -Origin: vendor -Bug: https://rt.cpan.org/Ticket/Display.html?id=88342 -Bug-Debian: http://bugs.debian.org/721634 -Bug-RedHat: https://bugzilla.redhat.com/show_bug.cgi?id=1005669 -Forwarded: no -Author: Salvatore Bonaccorso <carnil@debian.org> -Last-Update: 2013-10-21 - -Updated by Andreas K. Huettel <dilfridge@gentoo.org> for HTTP-Body-1.19 - -diff -ruN HTTP-Body-1.19.orig/lib/HTTP/Body/MultiPart.pm HTTP-Body-1.19/lib/HTTP/Body/MultiPart.pm ---- HTTP-Body-1.19.orig/lib/HTTP/Body/MultiPart.pm 2013-12-06 16:07:25.000000000 +0100 -+++ HTTP-Body-1.19/lib/HTTP/Body/MultiPart.pm 2014-11-30 23:17:19.652051615 +0100 -@@ -258,8 +258,8 @@ - - =cut - --our $basename_regexp = qr/[^.]+(\.[^\\\/]+)$/; --#our $basename_regexp = qr/(\.\w+(?:\.\w+)*)$/; -+#our $basename_regexp = qr/[^.]+(\.[^\\\/]+)$/; -+our $basename_regexp = qr/(\.\w+(?:\.\w+)*)$/; - - sub handler { - my ( $self, $part ) = @_; |