oss-sec mailing list archives
Re: CVE Request: remote command-injection flaw in HTTP::Body::Multipart versions 1.08 and later
From: Kurt Seifried <kseifried () redhat com>
Date: Tue, 08 Oct 2013 01:24:19 -0600
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 10/07/2013 07:27 PM, Murray McAllister wrote:
Good morning, A remote command-injection flaw was reported in HTTP::Body::Multipart versions 1.08 and later: - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=721634 - https://rt.cpan.org/Public/Bug/Display.html?id=88342 - https://bugzilla.redhat.com/show_bug.cgi?id=1005669 The affected code is noted in the Debian bug report. Could a CVE please be assigned if one has not been already? Thanks, -- Murray McAllister / Red Hat Security Response Team
Please use CVE-2013-4407 for this issue. - -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (GNU/Linux) iQIcBAEBAgAGBQJSU7MjAAoJEBYNRVNeJnmTtnYQAMi9iBQ+KcfggCxGl5+XCUwv MCLwF2ULA+JvE/xttbEEEUs7aTyuH6eD59PDlZ6YQWZNFg1oEv93s1tDY9S8/DIL xGy0BD6NK5rEL+EdBWlltarB2EvKE3Ow+wtn7Gw4YDh0cv42jpIbJ/rf5bbqGYXz wZ4/Z5du+3GD9CxK1FUNlFrfy1bi+D57ZTmyw7DtVxoiHNppxXNsosHVd0ruuNVe pzg2ABjFWCAfZMShoU8r0egFtm+VSfGwcRMsYHZyqhiQmeKNu+dpLCLhJTPHJXgW hLUdrq0/m5K+BaF8SPsEdTiIKgd5e9gxffDKq0sSJgW0ZwBGtMKB/vNYLA23Chlg 0WAiaxg3rceAMZMERNIdFmawEBEPtrSRJDBrTrXcGgvvZVqSG2y4BKEyC+ebsK5J 6Ips8qOxFigTvyeoXATGefvs47/94arPH9e17ckOA3QhCLTgyxtZt4ZlfdPcK5Nx HjcAAhByp/5Zgs4Qk4XMhx8CvlIwBd9q99Jo3Qiqw4LkZ/mf1rO/MqIMp58bHCdf EjTsEBzasJswFba9/ZQ36qJZgeCUQMmuxjuaZ3n5Q6R+NWJJZixY/Pt0YWfUofSJ 1C1r81wpdQ68frh1LeFHdm3hCYLm2W8H5y1fuC+xTZVykkSjwj+ea6c6dQ8zCCKF g3UqUiz9gSK6g8MZLFJZ =pp0O -----END PGP SIGNATURE-----
Current thread:
- CVE Request: remote command-injection flaw in HTTP::Body::Multipart versions 1.08 and later Murray McAllister (Oct 07)
- Re: CVE Request: remote command-injection flaw in HTTP::Body::Multipart versions 1.08 and later Kurt Seifried (Oct 08)