PAR 1.002
Security Advisories
CVE-2011-4114
PAR packed files are extracted to unsafe and predictable temporary directories (this bug was originally reported against PAR::Packer, but it applies to PAR as well).
Fixed version: >=1.003
Reported: 2011-07-18
CVE-2011-5060
The par_mktmpdir function in the PAR module before 1.003 for Perl creates temporary files in a directory with a predictable name without verifying ownership and permissions of this directory, which allows local users to overwrite files when another user extracts a PAR packed program, a different vulnerability in a different package than CVE-2011-4114.
- http://cpansearch.perl.org/src/RSCHUPP/PAR-1.003/ChangeLog
- https://bugzilla.redhat.com/show_bug.cgi?id=753955
- https://rt.cpan.org/Public/Bug/Display.html?id=69560
- https://exchange.xforce.ibmcloud.com/vulnerabilities/72435
Fixed version: >=1.003
Reported: 2012-01-13
Kwalitee Issues
- meta_yml_conforms_to_known_spec
-
Take a look at the META.yml Spec at https://metacpan.org/pod/CPAN::Meta::History::Meta_1_4 (for version 1.4) or https://metacpan.org/pod/CPAN::Meta::Spec (for version 2), and change your META.yml accordingly.
Error: 'Module::Signature' for 'Digest' is not a valid version. (recommends -> Digest) [Validation: 1.4]
- use_strict
-
Add 'use strict' (or its equivalents) to all modules, or convince us that your favorite module is well-known enough and people can easily see the modules are strictly written.
Error: PAR::Heavy
- no_pod_errors
-
Remove the POD errors. You can check for POD errors automatically by including Test::Pod to your test suite.
Error: PAR-1.002/lib/PAR/FAQ.pod -- Around line 215: Non-ASCII character seen before =encoding in 'âicon'. Assuming UTF-8
- has_meta_json
-
Add a META.json to the distribution. Your buildtool should be able to autogenerate it.
- use_warnings
-
Add 'use warnings' (or its equivalents) to all modules, or convince us that your favorite module is well-known enough and people can easily see the modules warn when something bad happens.
Error: PAR::Heavy
- consistent_version
-
Split the distribution, or fix the version numbers to make them consistent (use the highest version number to avoid version downgrade).
Error: 0.12,1.002
- meta_yml_has_repository_resource
-
Add a 'repository' resource to the META.yml via 'meta_add' accessor (for Module::Build) or META_ADD parameter (for ExtUtils::MakeMaker).
- has_separate_license_file
-
This is not a critical issue. Currently mainly informative for the CPANTS authors. It might be removed later.