From the upstream changelog at $URL I believe this is fixed in 1.5. More information at https://rt.cpan.org/Public/Bug/Display.html?id=69560. @perl, can we go ahead and stabilize =dev-perl/PAR-1.5.0? Thanks.
(In reply to comment #0) > @perl, can we go ahead and stabilize =dev-perl/PAR-1.5.0? Thanks. Sure, no bug reports til now.
Great, thanks. Arches, please test and mark stable: =dev-perl/PAR-1.5.0 Target keywords : "amd64 x86"
amd64 stable
x86 stable, all arches done.
@security, please vote.
Thanks, everyone. GLSA vote: no.
CVE-2011-5060 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-5060): The par_mktmpdir function in the PAR module before 1.003 for Perl creates temporary files in a directory with a predictable name without verifying ownership and permissions of this directory, which allows local users to overwrite files when another user extracts a PAR packed program, a different vulnerability in a different package than CVE-2011-4114.
Vote: No. Closing noglsa.