/ 
PAR-0.72
/ App::Packer::Backend::PAR
Security Advisories (2)
CVE-2011-4114 (2011-07-18)

PAR packed files are extracted to unsafe and predictable temporary directories (this bug was originally reported against PAR::Packer, but it applies to PAR as well).

CVE-2011-5060 (2012-01-13)

The par_mktmpdir function in the PAR module before 1.003 for Perl creates temporary files in a directory with a predictable name without verifying ownership and permissions of this directory, which allows local users to overwrite files when another user extracts a PAR packed program, a different vulnerability in a different package than CVE-2011-4114.

NAME

App::Packer::Backend::PAR - App::Packer backend for PAR

DESCRIPTION

This module implements an App::Packer backend based on PAR.

While it currently only have a minimal subset of features in pp, the authors anticipate this module to carry over pp's tasks eventually, in a programmable, modular fashion.

AUTHORS

Autrijus Tang <autrijus@autrijus.org>, Mattia Barbon <MBARBON@cpan.org>

PAR has a mailing list, <par@perl.org>, that you can write to; send an empty mail to <par-subscribe@perl.org> to join the list and participate in the discussion.

Please send bug reports to <bug-par@rt.cpan.org>.

COPYRIGHT

Copyright 2003 by Autrijus Tang <autrijus@autrijus.org>.

Copyright 2002 by Mattia Barbon <MBARBON@cpan.org>.

This program is free software; you can redistribute it and/or modify it under the same terms as Perl itself.

See http://www.perl.com/perl/misc/Artistic.html