| Patch | Description | Author | Forwarded | Bugs | Origin | Last update |
|---|---|---|---|---|---|---|
| CVE-2013-4407.patch | Allow only word characters in filename suffixes CVE-2013-4407: Allow only word characters in filename suffixes. An attacker able to upload files to a service that uses HTTP::Body::Multipart could use this issue to upload a file and create a specifically-crafted temporary filename on the server, that when processed without further validation, could allow execution of commands on the server. |
Salvatore Bonaccorso <carnil@debian.org> | no | debian upstream | vendor | 2015-05-22 |