[Bug 753955] CVE-2011-4114 perl-PAR-Packer: insecure temporary directory handling
bugzilla at redhat.com
bugzilla at redhat.com
Tue Dec 6 14:23:40 UTC 2011
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug.
https://bugzilla.redhat.com/show_bug.cgi?id=753955
--- Comment #9 from Petr Pisar <ppisar at redhat.com> 2011-12-06 09:23:39 EST ---
How to test:
Create /tmp/par-$(USER) directory with 0777 mode (or owned by different user,
or create an other user's symlink). Create a PAR archive from a perl script (pp
--par SCRIPT).
Test perl-PAR by running `perl -MPAR=./a.par SCRIPT'. Test perl-PAR-Packer by
running `parl ./a.par'.
For unknown reason, you might need perl-PAR-Packer to get running SCRIPT from
./a.par by -MPAR=.
For unknown reason, old parl might not work because of perl version mismatch.
(This becomes fixed after rebuilding old perl-PAR-Packer against current perl.)
--
Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
More information about the perl-devel
mailing list