1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
|
Description: After the removal of cwd from @INC (CVE-2016-1238)
the various calls to require need to prefix the current path.
Origin: vendor
Bug-Debian: https://bugs.debian.org/837242
Forwarded: no
Author: gregor herrmann <gregoa@debian.org>
Last-Update: 2016-09-18
--- a/scripts/templateparser.pl
+++ b/scripts/templateparser.pl
@@ -32,7 +32,7 @@
my $TEMPLATEDIR = "src";
my $DEFAULTLANG = "en";
-require "scripts/JWCI18N.pm";
+require "./scripts/JWCI18N.pm";
use File::Find;
use File::Path;
use File::Basename;
--- a/scripts/JWCI18N.pm
+++ b/scripts/JWCI18N.pm
@@ -30,7 +30,7 @@
# Load language-specific functions
foreach my $language ( glob("po/*.pm")) {
if ($language =~ /^([-\w.\/\\~:]+)$/) {
- require $1;
+ require "./$1";
}
else {
warn("$language is tainted. not loading");
|
