This is an automated email from the git hooks/post-receive script.

dom pushed a commit to branch jessie-security
in repository libmime-encwords-perl.

commit 106cd8168029a39cc088ffa8249fd7097d3dd336
Author: Dominic Hargreaves <d...@earth.li>
Date:   Mon Jul 25 09:51:13 2016 +0100

    Remove . from @INC when loading modules dynamically [CVE-2016-1238]
---
 debian/changelog                   |  7 +++++++
 debian/patches/CVE-2016-1238.patch | 30 ++++++++++++++++++++++++++++++
 debian/patches/series              |  1 +
 3 files changed, 38 insertions(+)

diff --git a/debian/changelog b/debian/changelog
index c4603e1..993ab79 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+libmime-encwords-perl (1.014.3-1+deb8u1) UNRELEASED; urgency=medium
+
+  * Team upload.
+  * Remove . from @INC when loading modules dynamically [CVE-2016-1238]
+
+ -- Dominic Hargreaves <d...@earth.li>  Mon, 25 Jul 2016 09:51:00 +0100
+
 libmime-encwords-perl (1.014.3-1) unstable; urgency=medium
 
   [ gregor herrmann ]
diff --git a/debian/patches/CVE-2016-1238.patch 
b/debian/patches/CVE-2016-1238.patch
new file mode 100644
index 0000000..db184e2
--- /dev/null
+++ b/debian/patches/CVE-2016-1238.patch
@@ -0,0 +1,30 @@
+From e8e8a785b987c78ddee19ed8cc18cb1c70252c87 Mon Sep 17 00:00:00 2001
+From: Dominic Hargreaves <d...@earth.li>
+Date: Mon, 25 Jul 2016 09:49:23 +0100
+Subject: [PATCH] Remove . from @INC when loading modules dynamically
+ [CVE-2016-1238]
+
+---
+ lib/MIME/EncWords.pm | 6 +++++-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
+
+diff --git a/lib/MIME/EncWords.pm b/lib/MIME/EncWords.pm
+index 0d84dd3..005c012 100644
+--- a/lib/MIME/EncWords.pm
++++ b/lib/MIME/EncWords.pm
+@@ -143,7 +143,11 @@ $Config = {
+     MaxLineLen => 76,
+     Minimal => 'YES',
+ };
+-eval { require MIME::EncWords::Defaults; };
++eval {
++    local @INC = @INC;
++    pop @INC if $INC[-1] eq '.';
++    require MIME::EncWords::Defaults;
++};
+ 
+ ### Private Constants
+ 
+-- 
+2.1.4
+
diff --git a/debian/patches/series b/debian/patches/series
new file mode 100644
index 0000000..34520df
--- /dev/null
+++ b/debian/patches/series
@@ -0,0 +1 @@
+CVE-2016-1238.patch

-- 
Alioth's /usr/local/bin/git-commit-notice on 
/srv/git.debian.org/git/pkg-perl/packages/libmime-encwords-perl.git

_______________________________________________
Pkg-perl-cvs-commits mailing list
Pkg-perl-cvs-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-perl-cvs-commits

Reply via email to