diff --git a/Encode-2.84-CVE-2016-1238-avoid-loading-optional-modules-from.patch b/Encode-2.84-CVE-2016-1238-avoid-loading-optional-modules-from.patch
new file mode 100644
index 0000000..fcf74de
--- /dev/null
+++ b/Encode-2.84-CVE-2016-1238-avoid-loading-optional-modules-from.patch
@@ -0,0 +1,97 @@
+From 12be15d64ce089154c4367dc1842cd0dc0993ec6 Mon Sep 17 00:00:00 2001
+From: Tony Cook <tony@develop-help.com>
+Date: Wed, 27 Jul 2016 14:52:40 +1000
+Subject: [PATCH] CVE-2016-1238: avoid loading optional modules from .
+
+The change to Encode.pm is the most critical part of this patch.
+
+Without this change, and process that uses Encode started with a
+current directory that's world writable (such as /tmp) and if there's
+no global Encode::ConfigLocal, can be attacked by another user
+by creating /tmp/Encode/ConfigLocal.pm
+
+It's possible most of the tools changed here do not need to be updated,
+but I chose a conservative path.
+---
+ Encode.pm    | 2 ++
+ bin/enc2xs   | 1 +
+ bin/encguess | 1 +
+ bin/piconv   | 1 +
+ bin/ucmlint  | 1 +
+ bin/unidump  | 1 +
+ 6 files changed, 7 insertions(+)
+
+diff --git a/Encode.pm b/Encode.pm
+index d88fe95..3923733 100644
+--- a/Encode.pm
++++ b/Encode.pm
+@@ -56,6 +56,8 @@ require Encode::Config;
+ eval {
+     local $SIG{__DIE__};
+     local $SIG{__WARN__};
++    local @INC = @INC;
++    pop @INC if $INC[-1] eq '.';
+     require Encode::ConfigLocal;
+ };
+ 
+diff --git a/bin/enc2xs b/bin/enc2xs
+index ec4732c..f8d9f52 100755
+--- a/bin/enc2xs
++++ b/bin/enc2xs
+@@ -4,6 +4,7 @@ BEGIN {
+     # with $ENV{PERL_CORE} set
+     # In case we need it in future...
+     require Config; import Config;
++    pop @INC if $INC[-1] eq '.';
+ }
+ use strict;
+ use warnings;
+diff --git a/bin/encguess b/bin/encguess
+index 5d7ac80..0be5c7c 100755
+--- a/bin/encguess
++++ b/bin/encguess
+@@ -1,5 +1,6 @@
+ #!./perl
+ use 5.008001;
++BEGIN { pop @INC if $INC[-1] eq '.' }
+ use strict;
+ use warnings;
+ use Encode;
+diff --git a/bin/piconv b/bin/piconv
+index c1dad9e..60b2a59 100755
+--- a/bin/piconv
++++ b/bin/piconv
+@@ -1,6 +1,7 @@
+ #!./perl
+ # $Id: piconv,v 2.7 2014/05/31 09:48:48 dankogai Exp $
+ #
++BEGIN { pop @INC if $INC[-1] eq '.' }
+ use 5.8.0;
+ use strict;
+ use Encode ;
+diff --git a/bin/ucmlint b/bin/ucmlint
+index 622376d..25e0d67 100644
+--- a/bin/ucmlint
++++ b/bin/ucmlint
+@@ -3,6 +3,7 @@
+ # $Id: ucmlint,v 2.2 2008/03/12 09:51:11 dankogai Exp $
+ #
+ 
++BEGIN { pop @INC if $INC[-1] eq '.' }
+ use strict;
+ our  $VERSION = do { my @r = (q$Revision: 2.2 $ =~ /\d+/g); sprintf "%d."."%02d" x $#r, @r };
+ 
+diff --git a/bin/unidump b/bin/unidump
+index ae0da30..f190827 100755
+--- a/bin/unidump
++++ b/bin/unidump
+@@ -1,5 +1,6 @@
+ #!./perl
+ 
++BEGIN { pop @INC if $INC[-1] eq '.' }
+ use strict;
+ use Encode;
+ use Getopt::Std;
+-- 
+2.1.4
+