CVE-2013-4407

Publication date 23 November 2013

Last updated 24 July 2024

Ubuntu priority

HTTP::Body::Multipart in the HTTP-Body module for Perl (1.07 through 1.22, before 1.23) uses the part of the uploaded file's name after the first "." character as the suffix of a temporary file, which makes it easier for remote attackers to conduct attacks by leveraging subsequent behavior that may assume the suffix is well-formed.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
libhttp-body-perl	15.04 vivid	Not affected
	14.10 utopic	Not affected
	14.04 LTS trusty	Not in release
	12.04 LTS precise	Fixed 1.11-1+deb7u1build0.12.04.1
	10.04 LTS lucid	Ignored end of life

How can I get the fixes?
What do statuses mean?

References

MITRE
NVD
Launchpad
Debian

Other references

https://www.cve.org/CVERecord?id=CVE-2013-4407