From 64cdffee5a52d4b73a707584d4aac3df9b119a5c Mon Sep 17 00:00:00 2001
From: Dominic Hargreaves <dom@earth.li>
Date: Sun, 24 Jul 2016 19:43:50 +0100
Subject: [PATCH] Remove . from @INC when loading modules dynamically
 [CVE-2016-1238]

---
 Syslog.pm | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/Syslog.pm b/Syslog.pm
index 25164af..eed224a 100644
--- a/Syslog.pm
+++ b/Syslog.pm
@@ -888,6 +888,8 @@ sub silent_eval (&) {
 sub can_load {
     my ($module, $verbose) = @_;
     local($SIG{__DIE__}, $SIG{__WARN__}, $@);
+    local @INC = @INC;
+    pop @INC if $INC[-1] eq '.';
     my $loaded = eval "use $module; 1";
     warn $@ if not $loaded and $verbose;
     return $loaded
-- 
2.1.4