oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: CVE Request: remote command-injection flaw in HTTP::Body::Multipart versions 1.08 and later

From: Kurt Seifried <kseifried () redhat com>
Date: Tue, 08 Oct 2013 01:24:19 -0600
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 10/07/2013 07:27 PM, Murray McAllister wrote:

Good morning,

A remote command-injection flaw was reported in
HTTP::Body::Multipart versions 1.08 and later:

- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=721634 -
https://rt.cpan.org/Public/Bug/Display.html?id=88342 -
https://bugzilla.redhat.com/show_bug.cgi?id=1005669

The affected code is noted in the Debian bug report.

Could a CVE please be assigned if one has not been already?

Thanks,

-- Murray McAllister / Red Hat Security Response Team


Please use CVE-2013-4407 for this issue.

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (GNU/Linux)

iQIcBAEBAgAGBQJSU7MjAAoJEBYNRVNeJnmTtnYQAMi9iBQ+KcfggCxGl5+XCUwv
MCLwF2ULA+JvE/xttbEEEUs7aTyuH6eD59PDlZ6YQWZNFg1oEv93s1tDY9S8/DIL
xGy0BD6NK5rEL+EdBWlltarB2EvKE3Ow+wtn7Gw4YDh0cv42jpIbJ/rf5bbqGYXz
wZ4/Z5du+3GD9CxK1FUNlFrfy1bi+D57ZTmyw7DtVxoiHNppxXNsosHVd0ruuNVe
pzg2ABjFWCAfZMShoU8r0egFtm+VSfGwcRMsYHZyqhiQmeKNu+dpLCLhJTPHJXgW
hLUdrq0/m5K+BaF8SPsEdTiIKgd5e9gxffDKq0sSJgW0ZwBGtMKB/vNYLA23Chlg
0WAiaxg3rceAMZMERNIdFmawEBEPtrSRJDBrTrXcGgvvZVqSG2y4BKEyC+ebsK5J
6Ips8qOxFigTvyeoXATGefvs47/94arPH9e17ckOA3QhCLTgyxtZt4ZlfdPcK5Nx
HjcAAhByp/5Zgs4Qk4XMhx8CvlIwBd9q99Jo3Qiqw4LkZ/mf1rO/MqIMp58bHCdf
EjTsEBzasJswFba9/ZQ36qJZgeCUQMmuxjuaZ3n5Q6R+NWJJZixY/Pt0YWfUofSJ
1C1r81wpdQ68frh1LeFHdm3hCYLm2W8H5y1fuC+xTZVykkSjwj+ea6c6dQ8zCCKF
g3UqUiz9gSK6g8MZLFJZ
=pp0O
-----END PGP SIGNATURE-----
Previous By Date Next
Previous By Thread Next

Current thread: