/ 
PAR-0.85
/ PAR::Packer
Security Advisories (2)
CVE-2011-4114 (2011-07-18)

PAR packed files are extracted to unsafe and predictable temporary directories (this bug was originally reported against PAR::Packer, but it applies to PAR as well).

CVE-2011-5060 (2012-01-13)

The par_mktmpdir function in the PAR module before 1.003 for Perl creates temporary files in a directory with a predictable name without verifying ownership and permissions of this directory, which allows local users to overwrite files when another user extracts a PAR packed program, a different vulnerability in a different package than CVE-2011-4114.

NAME

PAR::Packer - App::Packer backend for making PAR files

DESCRIPTION

This module implements the App::Packer::Backend interface, for generating stand-alone executables, perl scripts and PAR files.

Currently, this module is used by the command line tool pp internally, as well as by the contributed contrib/gui_pp/gpp program. Improvements on documenting the API will be most appreciated.

SEE ALSO

PAR, pp

App::Packer, App::Packer::Backend

ACKNOWLEDGMENTS

Mattia Barbon for taking the first step in refactoring pp into App::Packer::Backend::PAR, and Edward S. Peschko for continuing the work that eventually became this module.

AUTHORS

Autrijus Tang <autrijus@autrijus.org>

http://par.perl.org/ is the official PAR website. You can write to the mailing list at <par@perl.org>, or send an empty mail to <par-subscribe@perl.org> to participate in the discussion.

Please submit bug reports to <bug-par@rt.cpan.org>.

COPYRIGHT

Copyright 2004 by Autrijus Tang <autrijus@autrijus.org>.

This program is free software; you can redistribute it and/or modify it under the same terms as Perl itself.

See http://www.perl.com/perl/misc/Artistic.html