/ 
PAR-0.83
/ PAR::Packer
Security Advisories (2)
CVE-2011-4114 (2011-07-18)

PAR packed files are extracted to unsafe and predictable temporary directories (this bug was originally reported against PAR::Packer, but it applies to PAR as well).

CVE-2011-5060 (2012-01-13)

The par_mktmpdir function in the PAR module before 1.003 for Perl creates temporary files in a directory with a predictable name without verifying ownership and permissions of this directory, which allows local users to overwrite files when another user extracts a PAR packed program, a different vulnerability in a different package than CVE-2011-4114.

NAME

PAR::Packer - App::Packer backend for making PAR files

DESCRIPTION

This module implements the App::Packer::Backend interface, for generating stand-alone executables, perl scripts and PAR files.

Currently, this module is only used by the command line tool pp internally. Improvements on documenting the API are most welcome.

SEE ALSO

PAR, pp

App::Packer, App::Packer::Backend

ACKNOWLEDGMENTS

Mattia Barbon for taking the first step in refactoring pp into App::Packer::Backend::PAR, and Edward S. Peschko for continuing the work that eventually became this module.

AUTHORS

Autrijus Tang <autrijus@autrijus.org>

http://par.perl.org/ is the official PAR website. You can write to the mailing list at <par@perl.org>, or send an empty mail to <par-subscribe@perl.org> to participate in the discussion.

Please submit bug reports to <bug-par@rt.cpan.org>.

COPYRIGHT

Copyright 2004 by Autrijus Tang <autrijus@autrijus.org>.

This program is free software; you can redistribute it and/or modify it under the same terms as Perl itself.

See http://www.perl.com/perl/misc/Artistic.html