Security Advisories (3)

CVE-2017-0373 (2017-05-10)

The gen_class_pod implementation in lib/Config/Model/Utils/GenClassPod.pm in Config-Model (aka libconfig-model-perl) before 2.102 has a dangerous "use lib" line, which allows remote attackers to have an unspecified impact via a crafted Debian package file.

CPANSA-Config-Model-2017-01 (2017-05-10)

YAML or YAML::XS can be loaded automatically making it possible to run arbitrary code loading a specially crafted YAML file.

CVE-2017-0374 (2017-05-10)

Loads models from a local directory, making it possible to substitute the model.

Installation

Debian or Ubuntu

cme and most Config::Model modules are provided as Debian package. The following command will install the framework and all available models and UIs:

sudo apt-get install --install-recommends --install-suggests cme

Mac OSX

Config::Model is provided as ppm package by ActiveState:

Install perl from ActiveState
Update your $PATH variable to run ActiveState's perl
Run ppm to install Config::Model package

Windows

You can also install Config::Model from ActiveState. See the instructions for Mac OSX for details.

Fedora

Config::Model rpm on Fedora is severely oudated. See below for installation.

Other systems

For other systems, you should install Config::Model from CPAN:

cpanp install App::Cme
cpanp install Config::Model

To install Config::Model, copy and paste the appropriate command in to your terminal.

cpanm

cpanm Config::Model

CPAN shell

perl -MCPAN -e shell
install Config::Model

For more information on module installation, please visit the detailed CPAN module installation guide.

	Global
`s`	Focus search bar
`?`	Bring up this help dialog

	GitHub
`g` `p`	Go to pull requests
`g` `i`	Go to GitHub issues (only if GitHub is preferred repository)

	POD
`g` `a`	Go to author
`g` `c`	Go to changes
`g` `i`	Go to issues
`g` `d`	Go to dist
`g` `r`	Go to repository/SCM
`g` `s`	Go to source
`g` `b`	Go to file browse

Search terms
module: (e.g. module:Plugin)
distribution: (e.g. distribution:Dancer auth)
author: (e.g. author:SONGMU Redis)
version: (e.g. version:1.00)