PAR 0.81
Security Advisories
CVE-2011-4114
PAR packed files are extracted to unsafe and predictable temporary directories (this bug was originally reported against PAR::Packer, but it applies to PAR as well).
Fixed version: >=1.003
Reported: 2011-07-18
CVE-2011-5060
The par_mktmpdir function in the PAR module before 1.003 for Perl creates temporary files in a directory with a predictable name without verifying ownership and permissions of this directory, which allows local users to overwrite files when another user extracts a PAR packed program, a different vulnerability in a different package than CVE-2011-4114.
- http://cpansearch.perl.org/src/RSCHUPP/PAR-1.003/ChangeLog
- https://bugzilla.redhat.com/show_bug.cgi?id=753955
- https://rt.cpan.org/Public/Bug/Display.html?id=69560
- https://exchange.xforce.ibmcloud.com/vulnerabilities/72435
Fixed version: >=1.003
Reported: 2012-01-13
Kwalitee Issues
- no_broken_module_install
-
Upgrade the bundled version of Module::Install to the most current release. Alternatively, you can switch to another build system / installer that does not suffer from this problem. (ExtUtils::MakeMaker, Module::Build both of which have their own set of problems.)
- no_broken_auto_install
-
Upgrade the bundled version of Module::Install to at least 0.89, but preferably to the most current release. Alternatively, you can switch to another build system / installer that does not suffer from this problem. (ExtUtils::MakeMaker, Module::Build both of which have their own set of problems.)
- use_strict
-
Add 'use strict' (or its equivalents) to all modules, or convince us that your favorite module is well-known enough and people can easily see the modules are strictly written.
Error: PAR::Filter, PAR::Heavy
- has_meta_json
-
Add a META.json to the distribution. Your buildtool should be able to autogenerate it.
- use_warnings
-
Add 'use warnings' (or its equivalents) to all modules, or convince us that your favorite module is well-known enough and people can easily see the modules warn when something bad happens.
Error: App::Packer::Temp, PAR::Filter, PAR::Filter::Bleach, PAR::Filter::Bytecode, PAR::Filter::Obfuscate, PAR::Filter::PatchContent, PAR::Filter::PodStrip, PAR::Heavy
- consistent_version
-
Split the distribution, or fix the version numbers to make them consistent (use the highest version number to avoid version downgrade).
Error: 0.02,0.06,0.08,0.12,0.81
- meta_yml_has_provides
-
Add all modules contained in this distribution to the META.yml field 'provides'. Module::Build or Dist::Zilla::Plugin::MetaProvides do this automatically for you.
- meta_yml_has_repository_resource
-
Add a 'repository' resource to the META.yml via 'meta_add' accessor (for Module::Build) or META_ADD parameter (for ExtUtils::MakeMaker).
- has_separate_license_file
-
This is not a critical issue. Currently mainly informative for the CPANTS authors. It might be removed later.
Modules
Name | Abstract | Version | View |
---|---|---|---|
App::Packer::Backend::PAR | 0.06 | metacpan | |
App::Packer::Temp | 0.12 | metacpan | |
PAR | Perl Archive Toolkit | 0.81 | metacpan |
PAR::Filter | Input filter for PAR | 0.02 | metacpan |
PAR::Filter::Bleach | Bleach filter | metacpan | |
PAR::Filter::Bytecode | Bytecode filter | metacpan | |
PAR::Filter::Obfuscate | Obfuscating filter | metacpan | |
PAR::Filter::PatchContent | Content patcher | metacpan | |
PAR::Filter::PodStrip | POD-stripping filter | metacpan | |
PAR::Heavy | PAR guts | 0.08 | metacpan |