Candidate: CVE-2011-5060
PublicDate: 2012-01-13 19:55:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-5060
Description:
 The par_mktmpdir function in the PAR module before 1.003 for Perl creates
 temporary files in a directory with a predictable name without verifying
 ownership and permissions of this directory, which allows local users to
 overwrite files when another user extracts a PAR packed program, a
 different vulnerability in a different package than CVE-2011-4114.
Ubuntu-Description:
Notes:
 sbeattie> upstream and debian fixed this issue in libpar-packer-perl
 sbeattie> and libpar-perl identifying it as CVE-2011-4114; libpar-perl
 sbeattie> subsequently got split off into this cve.
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=650707
Priority: low
Discovered-by:
Assigned-to:
CVSS: 

Patches_libpar-perl:
upstream_libpar-perl: released (1.005)
hardy_libpar-perl: ignored (reached end-of-life)
lucid_libpar-perl: ignored (reached end-of-life)
maverick_libpar-perl: ignored (reached end-of-life)
natty_libpar-perl: ignored (reached end-of-life)
oneiric_libpar-perl: ignored (reached end-of-life)
precise_libpar-perl: not-affected (1.005-1)
quantal_libpar-perl: not-affected (1.005-1)
raring_libpar-perl: not-affected (1.005-1)
saucy_libpar-perl: not-affected (1.005-1)
devel_libpar-perl: not-affected (1.005-1)