Archive-Zip 1.51
Security Advisories
CVE-2018-10860
perl-archive-zip is vulnerable to a directory traversal in Archive::Zip. It was found that the Archive::Zip module did not properly sanitize paths while extracting zip files. An attacker able to provide a specially crafted archive for processing could use this flaw to write or overwrite arbitrary files in the context of the perl interpreter.
- https://security-tracker.debian.org/tracker/CVE-2018-10860
- https://github.com/redhotpenguin/perl-Archive-Zip/pull/33
Severity: medium
Reported: 2018-06-28
Kwalitee Issues
- no_pax_headers
-
If you use Mac OS X >= 10.6, use gnu tar (/usr/bin/gnutar) to avoid PAX headers. It's also important to rename (shorten) long file names (>= 100 characters) in the distribution.
Error: PaxHeader/Archive-Zip-1.51,PaxHeader/Archive-Zip-1.51,Archive-Zip-1.51/PaxHeader/Changes,Archive-Zip-1.51/PaxHeader/Changes,Archive-Zip-1.51/PaxHeader/examples,Archive-Zip-1.51/PaxHeader/examples,Archive-Zip-1.51/PaxHeader/lib,Archive-Zip-1.51/PaxHeader/lib,Archive-Zip-1.51/PaxHeader/Makefile.PL,Archive-Zip-1.51/PaxHeader/Makefile.PL,Archive-Zip-1.51/PaxHeader/MANIFEST,Archive-Zip-1.51/PaxHeader/MANIFEST,Archive-Zip-1.51/PaxHeader/META.json,Archive-Zip-1.51/PaxHeader/META.json,Archive-Zip-1.51/PaxHeader/META.yml,Archive-Zip-1.51/PaxHeader/META.yml,Archive-Zip-1.51/PaxHeader/script,Archive-Zip-1.51/PaxHeader/script,Archive-Zip-1.51/PaxHeader/t,Archive-Zip-1.51/PaxHeader/t,Archive-Zip-1.51/t/PaxHeader/01_compile.t,Archive-Zip-1.51/t/PaxHeader/01_compile.t,Archive-Zip-1.51/t/PaxHeader/02_main.t,Archive-Zip-1.51/t/PaxHeader/02_main.t,Archive-Zip-1.51/t/PaxHeader/03_ex.t,Archive-Zip-1.51/t/PaxHeader/03_ex.t,Archive-Zip-1.51/t/PaxHeader/04_readmember.t,Archive-Zip-1.51/t/PaxHeader/04_readmember.t,Archive-Zip-1.51/t/PaxHeader/05_tree.t,Archive-Zip-1.51/t/PaxHeader/05_tree.t,Archive-Zip-1.51/t/PaxHeader/06_update.t,Archive-Zip-1.51/t/PaxHeader/06_update.t,Archive-Zip-1.51/t/PaxHeader/07_filenames_of_0.t,Archive-Zip-1.51/t/PaxHeader/07_filenames_of_0.t,Archive-Zip-1.51/t/PaxHeader/08_readmember_record_sep.t,Archive-Zip-1.51/t/PaxHeader/08_readmember_record_sep.t,Archive-Zip-1.51/t/PaxHeader/09_output_record_sep.t,Archive-Zip-1.51/t/PaxHeader/09_output_record_sep.t,Archive-Zip-1.51/t/PaxHeader/10_chmod.t,Archive-Zip-1.51/t/PaxHeader/10_chmod.t,Archive-Zip-1.51/t/PaxHeader/11_explorer.t,Archive-Zip-1.51/t/PaxHeader/11_explorer.t,Archive-Zip-1.51/t/PaxHeader/12_bug_47223.t,Archive-Zip-1.51/t/PaxHeader/12_bug_47223.t,Archive-Zip-1.51/t/PaxHeader/13_bug_46303.t,Archive-Zip-1.51/t/PaxHeader/13_bug_46303.t,Archive-Zip-1.51/t/PaxHeader/14_leading_separator.t,Archive-Zip-1.51/t/PaxHeader/14_leading_separator.t,Archive-Zip-1.51/t/PaxHeader/15_decrypt.t,Archive-Zip-1.51/t/PaxHeader/15_decrypt.t,Archive-Zip-1.51/t/PaxHeader/16_decrypt.t,Archive-Zip-1.51/t/PaxHeader/16_decrypt.t,Archive-Zip-1.51/t/PaxHeader/17_101092.t,Archive-Zip-1.51/t/PaxHeader/17_101092.t,Archive-Zip-1.51/t/PaxHeader/18_bug_92205.t,Archive-Zip-1.51/t/PaxHeader/18_bug_92205.t,Archive-Zip-1.51/t/PaxHeader/19_bug_101240.t,Archive-Zip-1.51/t/PaxHeader/19_bug_101240.t,Archive-Zip-1.51/t/PaxHeader/20_bug_github11.t,Archive-Zip-1.51/t/PaxHeader/20_bug_github11.t,Archive-Zip-1.51/t/PaxHeader/21_zip64.t,Archive-Zip-1.51/t/PaxHeader/21_zip64.t,Archive-Zip-1.51/t/PaxHeader/22_deflated_dir.t,Archive-Zip-1.51/t/PaxHeader/22_deflated_dir.t,Archive-Zip-1.51/t/PaxHeader/badjpeg,Archive-Zip-1.51/t/PaxHeader/badjpeg,Archive-Zip-1.51/t/PaxHeader/common.pm,Archive-Zip-1.51/t/PaxHeader/common.pm,Archive-Zip-1.51/t/PaxHeader/data,Archive-Zip-1.51/t/PaxHeader/data,Archive-Zip-1.51/t/data/PaxHeader/bad_github11.zip,Archive-Zip-1.51/t/data/PaxHeader/bad_github11.zip,Archive-Zip-1.51/t/data/PaxHeader/chmod.zip,Archive-Zip-1.51/t/data/PaxHeader/chmod.zip,Archive-Zip-1.51/t/data/PaxHeader/crypcomp.zip,Archive-Zip-1.51/t/data/PaxHeader/crypcomp.zip,Archive-Zip-1.51/t/data/PaxHeader/crypt.zip,Archive-Zip-1.51/t/data/PaxHeader/crypt.zip,Archive-Zip-1.51/t/data/PaxHeader/def.zip,Archive-Zip-1.51/t/data/PaxHeader/def.zip,Archive-Zip-1.51/t/data/PaxHeader/defstr.zip,Archive-Zip-1.51/t/data/PaxHeader/defstr.zip,Archive-Zip-1.51/t/data/PaxHeader/emptydef.zip,Archive-Zip-1.51/t/data/PaxHeader/emptydef.zip,Archive-Zip-1.51/t/data/PaxHeader/emptydefstr.zip,Archive-Zip-1.51/t/data/PaxHeader/emptydefstr.zip,Archive-Zip-1.51/t/data/PaxHeader/emptystore.zip,Archive-Zip-1.51/t/data/PaxHeader/emptystore.zip,Archive-Zip-1.51/t/data/PaxHeader/emptystorestr.zip,Archive-Zip-1.51/t/data/PaxHeader/emptystorestr.zip,Archive-Zip-1.51/t/data/PaxHeader/good_github11.zip,Archive-Zip-1.51/t/data/PaxHeader/good_github11.zip,Archive-Zip-1.51/t/data/PaxHeader/jar.zip,Archive-Zip-1.51/t/data/PaxHeader/jar.zip,Archive-Zip-1.51/t/data/PaxHeader/linux.zip,Archive-Zip-1.51/t/data/PaxHeader/linux.zip,Archive-Zip-1.51/t/data/PaxHeader/mkzip.pl,Archive-Zip-1.51/t/data/PaxHeader/mkzip.pl,Archive-Zip-1.51/t/data/PaxHeader/perl.zip,Archive-Zip-1.51/t/data/PaxHeader/perl.zip,Archive-Zip-1.51/t/data/PaxHeader/store.zip,Archive-Zip-1.51/t/data/PaxHeader/store.zip,Archive-Zip-1.51/t/data/PaxHeader/storestr.zip,Archive-Zip-1.51/t/data/PaxHeader/storestr.zip,Archive-Zip-1.51/t/data/PaxHeader/streamed.zip,Archive-Zip-1.51/t/data/PaxHeader/streamed.zip,Archive-Zip-1.51/t/data/PaxHeader/winzip.zip,Archive-Zip-1.51/t/data/PaxHeader/winzip.zip,Archive-Zip-1.51/t/data/PaxHeader/zip64.zip,Archive-Zip-1.51/t/data/PaxHeader/zip64.zip,Archive-Zip-1.51/t/badjpeg/PaxHeader/expected.jpg,Archive-Zip-1.51/t/badjpeg/PaxHeader/expected.jpg,Archive-Zip-1.51/t/badjpeg/PaxHeader/source.zip,Archive-Zip-1.51/t/badjpeg/PaxHeader/source.zip,Archive-Zip-1.51/script/PaxHeader/crc32,Archive-Zip-1.51/script/PaxHeader/crc32,Archive-Zip-1.51/lib/PaxHeader/Archive,Archive-Zip-1.51/lib/PaxHeader/Archive,Archive-Zip-1.51/lib/Archive/PaxHeader/Zip,Archive-Zip-1.51/lib/Archive/PaxHeader/Zip,Archive-Zip-1.51/lib/Archive/PaxHeader/Zip.pm,Archive-Zip-1.51/lib/Archive/PaxHeader/Zip.pm,Archive-Zip-1.51/lib/Archive/Zip/PaxHeader/Archive.pm,Archive-Zip-1.51/lib/Archive/Zip/PaxHeader/Archive.pm,Archive-Zip-1.51/lib/Archive/Zip/PaxHeader/BufferedFileHandle.pm,Archive-Zip-1.51/lib/Archive/Zip/PaxHeader/BufferedFileHandle.pm,Archive-Zip-1.51/lib/Archive/Zip/PaxHeader/DirectoryMember.pm,Archive-Zip-1.51/lib/Archive/Zip/PaxHeader/DirectoryMember.pm,Archive-Zip-1.51/lib/Archive/Zip/PaxHeader/FAQ.pod,Archive-Zip-1.51/lib/Archive/Zip/PaxHeader/FAQ.pod,Archive-Zip-1.51/lib/Archive/Zip/PaxHeader/FileMember.pm,Archive-Zip-1.51/lib/Archive/Zip/PaxHeader/FileMember.pm,Archive-Zip-1.51/lib/Archive/Zip/PaxHeader/Member.pm,Archive-Zip-1.51/lib/Archive/Zip/PaxHeader/Member.pm,Archive-Zip-1.51/lib/Archive/Zip/PaxHeader/MemberRead.pm,Archive-Zip-1.51/lib/Archive/Zip/PaxHeader/MemberRead.pm,Archive-Zip-1.51/lib/Archive/Zip/PaxHeader/MockFileHandle.pm,Archive-Zip-1.51/lib/Archive/Zip/PaxHeader/MockFileHandle.pm,Archive-Zip-1.51/lib/Archive/Zip/PaxHeader/NewFileMember.pm,Archive-Zip-1.51/lib/Archive/Zip/PaxHeader/NewFileMember.pm,Archive-Zip-1.51/lib/Archive/Zip/PaxHeader/StringMember.pm,Archive-Zip-1.51/lib/Archive/Zip/PaxHeader/StringMember.pm,Archive-Zip-1.51/lib/Archive/Zip/PaxHeader/Tree.pm,Archive-Zip-1.51/lib/Archive/Zip/PaxHeader/Tree.pm,Archive-Zip-1.51/lib/Archive/Zip/PaxHeader/ZipFileMember.pm,Archive-Zip-1.51/lib/Archive/Zip/PaxHeader/ZipFileMember.pm,Archive-Zip-1.51/examples/PaxHeader/calcSizes.pl,Archive-Zip-1.51/examples/PaxHeader/calcSizes.pl,Archive-Zip-1.51/examples/PaxHeader/copy.pl,Archive-Zip-1.51/examples/PaxHeader/copy.pl,Archive-Zip-1.51/examples/PaxHeader/extract.pl,Archive-Zip-1.51/examples/PaxHeader/extract.pl,Archive-Zip-1.51/examples/PaxHeader/mailZip.pl,Archive-Zip-1.51/examples/PaxHeader/mailZip.pl,Archive-Zip-1.51/examples/PaxHeader/mfh.pl,Archive-Zip-1.51/examples/PaxHeader/mfh.pl,Archive-Zip-1.51/examples/PaxHeader/readScalar.pl,Archive-Zip-1.51/examples/PaxHeader/readScalar.pl,Archive-Zip-1.51/examples/PaxHeader/selfex.pl,Archive-Zip-1.51/examples/PaxHeader/selfex.pl,Archive-Zip-1.51/examples/PaxHeader/unzipAll.pl,Archive-Zip-1.51/examples/PaxHeader/unzipAll.pl,Archive-Zip-1.51/examples/PaxHeader/updateTree.pl,Archive-Zip-1.51/examples/PaxHeader/updateTree.pl,Archive-Zip-1.51/examples/PaxHeader/updateZip.pl,Archive-Zip-1.51/examples/PaxHeader/updateZip.pl,Archive-Zip-1.51/examples/PaxHeader/writeScalar.pl,Archive-Zip-1.51/examples/PaxHeader/writeScalar.pl,Archive-Zip-1.51/examples/PaxHeader/writeScalar2.pl,Archive-Zip-1.51/examples/PaxHeader/writeScalar2.pl,Archive-Zip-1.51/examples/PaxHeader/zip.pl,Archive-Zip-1.51/examples/PaxHeader/zip.pl,Archive-Zip-1.51/examples/PaxHeader/zipcheck.pl,Archive-Zip-1.51/examples/PaxHeader/zipcheck.pl,Archive-Zip-1.51/examples/PaxHeader/zipGrep.pl,Archive-Zip-1.51/examples/PaxHeader/zipGrep.pl,Archive-Zip-1.51/examples/PaxHeader/zipinfo.pl,Archive-Zip-1.51/examples/PaxHeader/zipinfo.pl,Archive-Zip-1.51/examples/PaxHeader/ziprecent.pl,Archive-Zip-1.51/examples/PaxHeader/ziprecent.pl,Archive-Zip-1.51/examples/PaxHeader/ziptest.pl,Archive-Zip-1.51/examples/PaxHeader/ziptest.pl
- has_readme
-
Add a README to the distribution. It should contain a quick description of your module and how to install it.
- use_warnings
-
Add 'use warnings' (or its equivalents) to all modules, or convince us that your favorite module is well-known enough and people can easily see the modules warn when something bad happens.
Error: Archive::Zip, Archive::Zip::Archive, Archive::Zip::BufferedFileHandle, Archive::Zip::DirectoryMember, Archive::Zip::FileMember, Archive::Zip::Member, Archive::Zip::MemberRead, Archive::Zip::MockFileHandle, Archive::Zip::NewFileMember, Archive::Zip::StringMember, Archive::Zip::Tree, Archive::Zip::ZipFileMember
- meta_yml_has_provides
-
Add all modules contained in this distribution to the META.yml field 'provides'. Module::Build or Dist::Zilla::Plugin::MetaProvides do this automatically for you.
- has_separate_license_file
-
This is not a critical issue. Currently mainly informative for the CPANTS authors. It might be removed later.
Modules
Name | Abstract | Version | View |
---|---|---|---|
Archive::Zip | Provide an interface to ZIP archive files. | 1.51 | metacpan |
Archive::Zip::Archive | 1.51 | metacpan | |
Archive::Zip::BufferedFileHandle | 1.51 | metacpan | |
Archive::Zip::DirectoryMember | 1.51 | metacpan | |
Archive::Zip::FileMember | 1.51 | metacpan | |
Archive::Zip::Member | 1.51 | metacpan | |
Archive::Zip::MemberRead | A wrapper that lets you read Zip archive members as if they were files. | 1.51 | metacpan |
Archive::Zip::MockFileHandle | 1.51 | metacpan | |
Archive::Zip::NewFileMember | 1.51 | metacpan | |
Archive::Zip::StringMember | 1.51 | metacpan | |
Archive::Zip::Tree | (DEPRECATED) methods for adding/extracting trees using Archive::Zip | 1.51 | metacpan |
Archive::Zip::ZipFileMember | 1.51 | metacpan |