[libmime-charset-perl] 01/04: Remove . from @INC when loading modules dynamically [CVE-2016-1238]
Salvatore Bonaccorso
carnil at debian.org
Mon Jul 25 17:28:56 UTC 2016
This is an automated email from the git hooks/post-receive script.
carnil pushed a commit to branch master
in repository libmime-charset-perl.
commit e1f8204626bb0002cab290b7953db1e236ca0bdf
Author: Dominic Hargreaves <dom at earth.li>
Date: Sun Jul 24 20:08:14 2016 +0100
Remove . from @INC when loading modules dynamically [CVE-2016-1238]
---
debian/changelog | 3 +++
debian/patches/CVE-2016-1238.patch | 26 ++++++++++++++++++++++++++
debian/patches/series | 1 +
3 files changed, 30 insertions(+)
diff --git a/debian/changelog b/debian/changelog
index c441009..3b30bba 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -6,6 +6,9 @@ libmime-charset-perl (1.012-2) UNRELEASED; urgency=medium
[ gregor herrmann ]
* debian/copyright: change Copyright-Format 1.0 URL to HTTPS.
+ [ Salvatore Bonaccorso ]
+ * Remove . from @INC when loading modules dynamically [CVE-2016-1238]
+
-- Salvatore Bonaccorso <carnil at debian.org> Sat, 30 Jan 2016 20:05:22 +0100
libmime-charset-perl (1.012-1) unstable; urgency=medium
diff --git a/debian/patches/CVE-2016-1238.patch b/debian/patches/CVE-2016-1238.patch
new file mode 100644
index 0000000..3cfa68b
--- /dev/null
+++ b/debian/patches/CVE-2016-1238.patch
@@ -0,0 +1,26 @@
+From 327106167f69bd629988f0926e5a3a56574ff40a Mon Sep 17 00:00:00 2001
+From: Dominic Hargreaves <dom at earth.li>
+Date: Sun, 24 Jul 2016 20:06:29 +0100
+Subject: [PATCH] Remove . from @INC when loading modules dynamically
+ [CVE-2016-1238]
+
+---
+ lib/MIME/Charset.pm | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/lib/MIME/Charset.pm b/lib/MIME/Charset.pm
+index 844bce6..948c2e3 100644
+--- a/lib/MIME/Charset.pm
++++ b/lib/MIME/Charset.pm
+@@ -345,6 +345,8 @@ $Config = {
+ Mapping => 'EXTENDED',
+ Replacement => 'DEFAULT',
+ };
++local @INC = @INC;
++pop @INC if $INC[-1] eq '.';
+ eval { require MIME::Charset::Defaults; };
+
+ ######## Private Constants ########
+--
+2.1.4
+
diff --git a/debian/patches/series b/debian/patches/series
new file mode 100644
index 0000000..34520df
--- /dev/null
+++ b/debian/patches/series
@@ -0,0 +1 @@
+CVE-2016-1238.patch
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-perl/packages/libmime-charset-perl.git
More information about the Pkg-perl-cvs-commits
mailing list