oss-sec mailing list archives

CVE Request: remote command-injection flaw in HTTP::Body::Multipart versions 1.08 and later

From: Murray McAllister <mmcallis () redhat com>
Date: Tue, 08 Oct 2013 12:27:44 +1100

Good morning,

A remote command-injection flaw was reported in HTTP::Body::Multipartversions 1.08 and later:


- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=721634
- https://rt.cpan.org/Public/Bug/Display.html?id=88342
- https://bugzilla.redhat.com/show_bug.cgi?id=1005669

The affected code is noted in the Debian bug report.

Could a CVE please be assigned if one has not been already?

Thanks,

--
Murray McAllister / Red Hat Security Response Team

Current thread:

CVE Request: remote command-injection flaw in HTTP::Body::Multipart versions 1.08 and later Murray McAllister (Oct 07)
- Re: CVE Request: remote command-injection flaw in HTTP::Body::Multipart versions 1.08 and later Kurt Seifried (Oct 08)