1 |
From 327106167f69bd629988f0926e5a3a56574ff40a Mon Sep 17 00:00:00 2001 |
2 |
From: Dominic Hargreaves <dom@earth.li> |
3 |
Date: Sun, 24 Jul 2016 20:06:29 +0100 |
4 |
Subject: [PATCH] Remove . from @INC when loading modules dynamically |
5 |
[CVE-2016-1238] |
6 |
|
7 |
--- |
8 |
lib/MIME/Charset.pm | 2 ++ |
9 |
1 file changed, 2 insertions(+) |
10 |
|
11 |
diff --git a/lib/MIME/Charset.pm b/lib/MIME/Charset.pm |
12 |
index 844bce6..948c2e3 100644 |
13 |
--- a/lib/MIME/Charset.pm |
14 |
+++ b/lib/MIME/Charset.pm |
15 |
@@ -345,6 +345,8 @@ $Config = { |
16 |
Mapping => 'EXTENDED', |
17 |
Replacement => 'DEFAULT', |
18 |
}; |
19 |
+local @INC = @INC; |
20 |
+pop @INC if $INC[-1] eq '.'; |
21 |
eval { require MIME::Charset::Defaults; }; |
22 |
|
23 |
######## Private Constants ######## |
24 |
-- |
25 |
2.1.4 |
26 |
|
27 |
|