Wed Nov 30 06:26:36 2011: Request 72837 was acted upon.
Transaction: Correspondence added by RSCHUPP
Queue: PAR-Packer
Subject: PAR-Packer-1.010 can't work with PAR-1.003
Broken in: (no value)
Severity: (no value)
Owner: RSCHUPP
Requestors: [email protected]
Status: open
Ticket <URL: https://rt.cpan.org/Ticket/Display.html?id=72837 >
On 2011-11-30 05:51:35, [email protected] wrote:
> But the PAR-Packer-1.010 can't work with this version of PAR.
I know. Since both PAR and PAR::Packer have the bug described in
CVE-2011-4114, both need to be fixed. And since PAR::Packer depends
on PAR, PAR has to go first.
Breakage is expected when people have a pre-existing /tmp/par-USER
with unsafe permissions in either case. And no - there will be
no workaround. These permissions are unsafe and the contents
of this directory is expendable, just remove it and retry
your operation.
A new PAR::Packer with the same fix for CVE-2011-4114 will be
uploaded soon, hopefully tonite.
Cheers, Roderich
