Archives
Archives
| From: | "Andreas HAttel (dilfridge)" <dilfridge@g.o> |
|---|---|
| To: | gentoo-commits@l.g.o |
| Subject: | [gentoo-commits] gentoo-x86 commit in dev-perl/HTTP-Body/files: HTTP-Body-1.190.0-CVE-2013-4407.patch |
| Date: | Sun, 30 Nov 2014 22:20:53 |
| Message-Id: | 20141130222045.DBB7EB3EC@oystercatcher.gentoo.org |
| 1 | dilfridge 14/11/30 22:20:45 |
| 2 | |
| 3 | Added: HTTP-Body-1.190.0-CVE-2013-4407.patch |
| 4 | Log: |
| 5 | Version bump; add patch for bug 484310; remove old |
| 6 | |
| 7 | (Portage version: 2.2.14/cvs/Linux x86_64, signed Manifest commit with key EBE6A336BE19039C!) |
| 8 | |
| 9 | Revision Changes Path |
| 10 | 1.1 dev-perl/HTTP-Body/files/HTTP-Body-1.190.0-CVE-2013-4407.patch |
| 11 | |
| 12 | file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/dev-perl/HTTP-Body/files/HTTP-Body-1.190.0-CVE-2013-4407.patch?rev=1.1&view=markup |
| 13 | plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/dev-perl/HTTP-Body/files/HTTP-Body-1.190.0-CVE-2013-4407.patch?rev=1.1&content-type=text/plain |
| 14 | |
| 15 | Index: HTTP-Body-1.190.0-CVE-2013-4407.patch |
| 16 | =================================================================== |
| 17 | Description: Allow only word characters in filename suffixes |
| 18 | CVE-2013-4407: Allow only word characters in filename suffixes. An |
| 19 | attacker able to upload files to a service that uses |
| 20 | HTTP::Body::Multipart could use this issue to upload a file and create |
| 21 | a specifically-crafted temporary filename on the server, that when |
| 22 | processed without further validation, could allow execution of commands |
| 23 | on the server. |
| 24 | Origin: vendor |
| 25 | Bug: https://rt.cpan.org/Ticket/Display.html?id=88342 |
| 26 | Bug-Debian: http://bugs.debian.org/721634 |
| 27 | Bug-RedHat: https://bugzilla.redhat.com/show_bug.cgi?id=1005669 |
| 28 | Forwarded: no |
| 29 | Author: Salvatore Bonaccorso <carnil@××××××.org> |
| 30 | Last-Update: 2013-10-21 |
| 31 | |
| 32 | Updated by Andreas K. Huettel <dilfridge@g.o> for HTTP-Body-1.19 |
| 33 | |
| 34 | diff -ruN HTTP-Body-1.19.orig/lib/HTTP/Body/MultiPart.pm HTTP-Body-1.19/lib/HTTP/Body/MultiPart.pm |
| 35 | --- HTTP-Body-1.19.orig/lib/HTTP/Body/MultiPart.pm 2013-12-06 16:07:25.000000000 +0100 |
| 36 | +++ HTTP-Body-1.19/lib/HTTP/Body/MultiPart.pm 2014-11-30 23:17:19.652051615 +0100 |
| 37 | @@ -258,8 +258,8 @@ |
| 38 | |
| 39 | =cut |
| 40 | |
| 41 | -our $basename_regexp = qr/[^.]+(\.[^\\\/]+)$/; |
| 42 | -#our $basename_regexp = qr/(\.\w+(?:\.\w+)*)$/; |
| 43 | +#our $basename_regexp = qr/[^.]+(\.[^\\\/]+)$/; |
| 44 | +our $basename_regexp = qr/(\.\w+(?:\.\w+)*)$/; |
| 45 | |
| 46 | sub handler { |
| 47 | my ( $self, $part ) = @_; |