summaryrefslogtreecommitdiffstats
path: root/main/perl/CVE-2011-3597.patch
diff options
context:
space:
mode:
Diffstat (limited to 'main/perl/CVE-2011-3597.patch')
-rw-r--r--main/perl/CVE-2011-3597.patch28
1 files changed, 28 insertions, 0 deletions
diff --git a/main/perl/CVE-2011-3597.patch b/main/perl/CVE-2011-3597.patch
new file mode 100644
index 000000000..dc7cc2d74
--- /dev/null
+++ b/main/perl/CVE-2011-3597.patch
@@ -0,0 +1,28 @@
+From dbcab24bb98b4a243c8330bc7017c2080832b3f9 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= <ppisar@redhat.com>
+Date: Tue, 4 Oct 2011 13:46:39 +0200
+Subject: [PATCH] Fix code injection in Digest
+
+See <https://bugzilla.redhat.com/show_bug.cgi?id=743010> for more details.
+---
+ cpan/Digest/Digest.pm | 4 +++-
+ 1 files changed, 3 insertions(+), 1 deletions(-)
+
+diff --git a/cpan/Digest/Digest.pm b/cpan/Digest/Digest.pm
+index 384dfc8..4b923ae 100644
+--- a/cpan/Digest/Digest.pm
++++ b/cpan/Digest/Digest.pm
+@@ -35,7 +35,9 @@ sub new
+ ($class, @args) = @$class if ref($class);
+ no strict 'refs';
+ unless (exists ${"$class\::"}{"VERSION"}) {
+- eval "require $class";
++ my $pm_file = $class . ".pm";
++ $pm_file =~ s{::}{/}g;
++ eval { require $pm_file };
+ if ($@) {
+ $err ||= $@;
+ next;
+--
+1.7.6.4
+
generated by cgit v1.2.3 (git 2.25.1) at 2024-09-12 16:56:57 +0000