[libmime-charset-perl] 01/02: Remove . from @INC when loading modules dynamically [CVE-2016-1238]

Mon, 25 Jul 2016 06:40:32 -0700 

This is an automated email from the git hooks/post-receive script.

dom pushed a commit to branch jessie-security
in repository libmime-charset-perl.

commit 0f53f360448bfbaaef13221d1d083c5fc7a7c9c3
Author: Dominic Hargreaves <d...@earth.li>
Date:   Sun Jul 24 20:08:14 2016 +0100

    Remove . from @INC when loading modules dynamically [CVE-2016-1238]
---
 debian/changelog                   |  7 +++++++
 debian/patches/CVE-2016-1238.patch | 26 ++++++++++++++++++++++++++
 debian/patches/series              |  1 +
 3 files changed, 34 insertions(+)

diff --git a/debian/changelog b/debian/changelog
index 8561f48..9c287ba 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+libmime-charset-perl (1.011.1-1+deb8u1) UNRELEASED; urgency=medium
+
+  * Team upload.
+  * Remove . from @INC when loading modules dynamically [CVE-2016-1238]
+
+ -- Dominic Hargreaves <d...@earth.li>  Sun, 24 Jul 2016 20:07:51 +0100
+
 libmime-charset-perl (1.011.1-1) unstable; urgency=low
 
   * Import Upstream version 1.011.1
diff --git a/debian/patches/CVE-2016-1238.patch 
b/debian/patches/CVE-2016-1238.patch
new file mode 100644
index 0000000..3cfa68b
--- /dev/null
+++ b/debian/patches/CVE-2016-1238.patch
@@ -0,0 +1,26 @@
+From 327106167f69bd629988f0926e5a3a56574ff40a Mon Sep 17 00:00:00 2001
+From: Dominic Hargreaves <d...@earth.li>
+Date: Sun, 24 Jul 2016 20:06:29 +0100
+Subject: [PATCH] Remove . from @INC when loading modules dynamically
+ [CVE-2016-1238]
+
+---
+ lib/MIME/Charset.pm | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/lib/MIME/Charset.pm b/lib/MIME/Charset.pm
+index 844bce6..948c2e3 100644
+--- a/lib/MIME/Charset.pm
++++ b/lib/MIME/Charset.pm
+@@ -345,6 +345,8 @@ $Config = {
+     Mapping =>         'EXTENDED',
+     Replacement =>     'DEFAULT',
+ };
++local @INC = @INC;
++pop @INC if $INC[-1] eq '.';
+ eval { require MIME::Charset::Defaults; };
+ 
+ ######## Private Constants ########
+-- 
+2.1.4
+
diff --git a/debian/patches/series b/debian/patches/series
new file mode 100644
index 0000000..34520df
--- /dev/null
+++ b/debian/patches/series
@@ -0,0 +1 @@
+CVE-2016-1238.patch

-- 
Alioth's /usr/local/bin/git-commit-notice on 
/srv/git.debian.org/git/pkg-perl/packages/libmime-charset-perl.git

_______________________________________________
Pkg-perl-cvs-commits mailing list
Pkg-perl-cvs-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-perl-cvs-commits

Reply via email to