diff options
Diffstat (limited to 'main/perl/CVE-2011-3597.patch')
-rw-r--r-- | main/perl/CVE-2011-3597.patch | 28 |
1 files changed, 28 insertions, 0 deletions
diff --git a/main/perl/CVE-2011-3597.patch b/main/perl/CVE-2011-3597.patch new file mode 100644 index 0000000000..dc7cc2d749 --- /dev/null +++ b/main/perl/CVE-2011-3597.patch @@ -0,0 +1,28 @@ +From dbcab24bb98b4a243c8330bc7017c2080832b3f9 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= <ppisar@redhat.com> +Date: Tue, 4 Oct 2011 13:46:39 +0200 +Subject: [PATCH] Fix code injection in Digest + +See <https://bugzilla.redhat.com/show_bug.cgi?id=743010> for more details. +--- + cpan/Digest/Digest.pm | 4 +++- + 1 files changed, 3 insertions(+), 1 deletions(-) + +diff --git a/cpan/Digest/Digest.pm b/cpan/Digest/Digest.pm +index 384dfc8..4b923ae 100644 +--- a/cpan/Digest/Digest.pm ++++ b/cpan/Digest/Digest.pm +@@ -35,7 +35,9 @@ sub new + ($class, @args) = @$class if ref($class); + no strict 'refs'; + unless (exists ${"$class\::"}{"VERSION"}) { +- eval "require $class"; ++ my $pm_file = $class . ".pm"; ++ $pm_file =~ s{::}{/}g; ++ eval { require $pm_file }; + if ($@) { + $err ||= $@; + next; +-- +1.7.6.4 + |