File: fix_CVE-2016-1238

package info (click to toggle)

libunicode-linebreak-perl 0.0.20190101-1

links: PTS, VCS
area: main
in suites: bookworm, bullseye, buster, sid, trixie
size: 1,064 kB
sloc: perl: 782; makefile: 7

file content (21 lines) | stat: -rw-r--r-- 595 bytes

parent folder | download | duplicates (2)

Description: Fix CVE-2016-1238: prevent arbitrary code execution
Author: Dominic Hargreaves <dom@earth.li>
Bug-Debian: https://bugs.debian.org/832439
Last-Update: 2016-07-26
---
This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
--- a/lib/Unicode/LineBreak.pm
+++ b/lib/Unicode/LineBreak.pm
@@ -47,7 +47,11 @@
     ViramaAsJoiner => 'YES',
 );
 our $Config = {};
-eval { require Unicode::LineBreak::Defaults; };
+eval {
+    local @INC = @INC;
+    pop @INC if $INC[-1] eq '.';
+    require Unicode::LineBreak::Defaults;
+};
 push @Config, (%$Config);
 
 ### Exportable constants