Description: Fix CVE-2016-1238: prevent arbitrary code execution Author: Dominic Hargreaves <dom@earth.li> Bug-Debian: https://bugs.debian.org/832439 Last-Update: 2016-07-26 --- This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ --- a/lib/Unicode/LineBreak.pm +++ b/lib/Unicode/LineBreak.pm @@ -47,7 +47,11 @@ ViramaAsJoiner => 'YES', ); our $Config = {}; -eval { require Unicode::LineBreak::Defaults; }; +eval { + local @INC = @INC; + pop @INC if $INC[-1] eq '.'; + require Unicode::LineBreak::Defaults; +}; push @Config, (%$Config); ### Exportable constants