Description: Fix serious documentation bug aboute statement of execution of unsafe code
 Addresses CVE-2013-1437 as (serious) documentation bug:
 Module::Metadata executes code when gathering metadata about a module
 by design. In versions previous to (upstream) 1.000015 the
 documentation stated, however, that Module::Metadata provides a
 standard way to gather metadata about a .pm file without executing
 unsafe code.
Origin: upstream, http://git.shadowcat.co.uk/gitweb/gitweb.cgi?p=p5sagit/Module-Metadata.git;a=commitdiff;h=c0278e58ecbced5d852526c1c5d088c8df6ba618
Forwarded: not-needed
Author: Salvatore Bonaccorso <carnil@debian.org>
Last-Update: 2013-09-03
Applied-Upstream: 1.000015

--- a/lib/Module/Metadata.pm
+++ b/lib/Module/Metadata.pm
@@ -719,8 +719,10 @@
 
 =head1 DESCRIPTION
 
-This module provides a standard way to gather metadata about a .pm file
-without executing unsafe code.
+This module provides a standard way to gather metadata about a .pm file through
+(mostly) static analysis and (some) code execution.  When determining the
+version of a module, the C<$VERSION> assignment is C<eval>ed, as is traditional
+in the CPAN toolchain.
 
 =head1 USAGE
 
