Description: Fix CVE-2015-3409
 CVE-2015-3409: Module::Signature incorrectly handles module loading
 allowing to load modules from relative paths in @INC. A remote attacker
 providing a malicious module could use this issue to execute arbitrary
 code during signature verification.
Origin: upstream, https://github.com/audreyt/module-signature/commit/c41e8885b862b9fce2719449bc9336f0bea658ef
Bug-Debian: https://bugs.debian.org/783451
Forwarded: not-needed
Author: Audrey Tang <audreyt@audreyt.org>
Reviewed-by: Salvatore Bonaccorso <carnil@debian.org>
Last-Update: 2015-05-12
Applied-Upstream: 0.75

--- a/lib/Module/Signature.pm
+++ b/lib/Module/Signature.pm
@@ -104,6 +104,8 @@
     my $sigtext   = shift || '';
     my $plaintext = shift || '';
 
+    # Avoid loading modules from relative paths in @INC.
+    local @INC = grep { File::Spec->file_name_is_absolute($_) } @INC;
     local $SIGNATURE = $signature if $signature ne $SIGNATURE;
 
     if ($AutoKeyRetrieve and !$CanKeyRetrieve) {