Package: libpar-packer-perl Version: 1.010-1 Severity: important Tags: security
Hi Changelog for 1.011 contains: - RT #69560/CVE-2011-4114: PAR packed files are extracted to unsafe and predictable temporary directories - create parent of cache directory (i.e. /tmp/par-USER) with mode 0700 - if it already exists, make sure that (and bail out if not) - it's not a symlink - it's mode 0700 - it's owned by USER - depend on PAR 1.004 (which contains the other half of the fix for CVE-2011-4114) - bump Perl version requirement to 5.8.1 (Schwern: The End Of 5.6 Is Nigh!) - explicitly mark Perl 5.10.0 as an unsupported version libpar-packer-perl before 1.011 had the issue that PAR packed files are extracted to unsafe and predictable temporary directories according tho the bugtracker [1] and changelog. [1] https://rt.cpan.org/Public/Bug/Display.html?id=69560 This is CVE-2011-4114. Regards Salvatore -- System Information: Debian Release: wheezy/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 2.6.32-5-amd64 (SMP w/8 CPU cores) Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Shell: /bin/sh linked to /bin/dash _______________________________________________ Secure-testing-team mailing list Secure-testing-team@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-team