* update for stale data for HTTP-Body (briandfoy/cpan-security-adviso…

…ry#150) (from Stig)
briandfoy · Apr 1, 2024 · c6a6f17 · c6a6f17
1 parent 74a2b93
commit c6a6f17
Show file tree

Hide file tree

Showing 4 changed files with 21 additions and 21 deletions.
diff --git a/cpan-security-advisory b/cpan-security-advisory
diff --git a/lib/CPAN/Audit.pm b/lib/CPAN/Audit.pm
@@ -14,7 +14,7 @@ use CPAN::Audit::Version;
 use CPAN::Audit::Query;
 use CPAN::Audit::DB;
 
-our $VERSION = '20240401.001';
+our $VERSION = '20240401.002';
 
 sub new {
 	my( $class, %params ) = @_;

diff --git a/lib/CPAN/Audit/DB.pm b/lib/CPAN/Audit/DB.pm
@@ -1,12 +1,12 @@
-# created by util/generate at Mon Apr  1 07:48:09 2024
-# cpan-security-advisory +33fa0ed5215d48e3d7af27d94ebaced574126750
+# created by util/generate at Mon Apr  1 08:24:24 2024
+# cpan-security-advisory +c05f02aba5a2211845ebf7e440dc20960cf54fea
 #
 package CPAN::Audit::DB;
 
 use strict;
 use warnings;
 
-our $VERSION = '20240401.001';
+our $VERSION = '20240401.002';
 
 sub db {
 	{
@@ -31882,14 +31882,14 @@ sub db {
                        'HTTP-Body' => {
                                         'advisories' => [
                                                           {
-                                                            'affected_versions' => '>=1.08,<1.19',
+                                                            'affected_versions' => '>=1.08,<1.23',
                                                             'cves' => [
                                                                         'CVE-2013-4407'
                                                                       ],
-                                                            'description' => 'HTTP::Body::Multipart in the HTTP-Body 1.08, 1.17, and earlier module for Perl uses the part of the uploaded file\'s name after the first "." character as the suffix of a temporary file, which makes it easier for remote attackers to conduct attacks by leveraging subsequent behavior that may assume the suffix is well-formed.
+                                                            'description' => 'HTTP::Body::Multipart in the HTTP-Body 1.08, 1.22, and earlier module for Perl uses the part of the uploaded file\'s name after the first "." character as the suffix of a temporary file, which makes it easier for remote attackers to conduct attacks by leveraging subsequent behavior that may assume the suffix is well-formed.
 ',
                                                             'distribution' => 'HTTP-Body',
-                                                            'fixed_versions' => undef,
+                                                            'fixed_versions' => '>=1.23',
                                                             'id' => 'CPANSA-HTTP-Body-2013-4407',
                                                             'references' => [
                                                                               'https://security-tracker.debian.org/tracker/CVE-2013-4407',

diff --git a/lib/CPAN/Audit/DB.pm.gpg b/lib/CPAN/Audit/DB.pm.gpg
@@ -1,16 +1,16 @@
 -----BEGIN PGP SIGNATURE-----
 
-iQIzBAABCAAdFiEEdaq0LLoNfzfw1oht+D+NXoeLYEEFAmYKnvkACgkQ+D+NXoeL
-YEH5Dg/+OMI2gcTrRTdY2bzcpCd4IOHBPERp9f7Et5G/BF/uYv3ThwvwpQr3xKdK
-Doxo6U+qpfsizqUBBYI0BRUUXMQm4r1A0wNPAaQnm2rrNN7Z23rxRYvI2lTTxoAg
-3WKFQtVeuki69A3JSx1/K60Z88VHlVSQQTuz3TC9ch9pUWhTRa2zOqEl727GmAoO
-UIPC7SoBTOzOiZ2nGoc1+VtCwSeKL9M7dF8ur6IF6PEEBGCE6z3dXuxADfvCU0Hr
-iPfrcJR9/pOF+C5jqd5PjOYOhuq2TEZhUCWA49es+aIsSH0uky268LYOkBadTZ2D
-u2z6cTDWtUCpMSK1VEOF72Z8v2x9rBuxCY9VrK3lCmgMW0IOEYeofb9vUaUGHZ1c
-DWxntx2srjRTRUbtQCoIrDW/fIBaSW6+kJLhZDKvcHGeULVaTgZm5Uqx6Td5po4c
-EJBSAySAI8St97IkGyQwxQf75dNkbdpRN8Iw8VM+l82UrQ2OZDPuRt0+6zIuXCoZ
-EyWHS2/W8W3LYGFoz8oBaJ+TnQYziGQVdj7oOscsJRT9I7FlQY816kF3llRFodq8
-mYqJ1CTIvQxND5XR06uDwoHQsFMPgh45t62U2tzim3EF7+arOqzoKwjmnElDdMRE
-rGmviWDpW9HxGmn6tfn6gocVvBMkj1S/QgJoS1cxHo8BpzG6K6k=
-=pWmh
+iQIzBAABCAAdFiEEdaq0LLoNfzfw1oht+D+NXoeLYEEFAmYKp3gACgkQ+D+NXoeL
+YEHgJw/+Is2E+/3PDWLaa8ICOpkKQYUr+cIGVpUElzx29+WBTmxG3Wo2Cwnjd1Is
+3fXXcwksfz4T4pTJD0wfkPZBYi9mUmLSpOK2iEZEzk9f7o/L7O9QrwN5cYudYqsu
+t3EMmR4ylKP2RsrarhQstgZgIp5EJqMCRRC5WhAXcFnUPHjLrNTT9Aheub/8z6JC
+zLbXzLIIu9GK533/4NW0S/4Zy1CZ4dKpVi8Ar6IpXOvu8gyWLAet54s8tFpe0zWN
+KzdOhTMagNWAQC8N2t8ArsXdzbv7ElPn8Rtk0uU05V272d06bdCzABWiOhmWsvQx
+6ts38SK/Rj+BjSipLtTigGIchwtImCN2F2xWbzmIUaDSFoqZPUqJsAwoENiU1SR+
+vlScH/xm/3Af935g2LCL0TAxe7fncmawFK5UZ9pW08aoYT59b2kQiA3F6QBJFMbP
+iC+HUpAUcAt0TfvLq9eFzbWiYPdl+48tR5Accazos8fX7xX0MbR3aENPoPuf0vTa
+F1NcPAL1pPDnauXSQKOYmqkwKUL2qQNNvaf/O8cfAh88VG3XRLO8shU91AsEJBPB
+pdcU2d5aFYzWvod20hH+vWAa2k46/J8kKUis6w7MkoxwcLK0356liHIzCeT+bfAj
+yKtBY6u5bm/CwHs2l94CQDr/NzBCfR1UPggTdXSpaRnJh0dj1Wc=
+=uXTA
 -----END PGP SIGNATURE-----