Avoid loading optional modules from default . (CVE-2016-1238)

Module-CoreList-5.20160720-CVE-2016-1238-avoid-loading-optional-modules-from.patch

@@ -0,0 +1,11 @@
+diff -up Module-CoreList/corelist.cve Module-CoreList/corelist
+--- Module-CoreList/corelist.cve	2016-02-05 16:26:05.000000000 +0100
++++ Module-CoreList/corelist	2016-08-05 09:16:43.129306210 +0200
+@@ -130,6 +130,7 @@ requested perl versions.
+ 
+ =cut
+ 
++BEGIN { pop @INC if $INC[-1] eq '.' }
+ use Module::CoreList;
+ use Getopt::Long qw(:config no_ignore_case);
+ use Pod::Usage;

perl-Module-CoreList.spec

@@ -2,12 +2,14 @@ Name:           perl-Module-CoreList
 # Epoch to compete with perl.spec
 Epoch:          1
 Version:        5.20160720
-Release:        1%{?dist}
+Release:        2%{?dist}
 Summary:        What modules are shipped with versions of perl
 License:        GPL+ or Artistic
 Group:          Development/Libraries
 URL:            http://search.cpan.org/dist/Module-CoreList/
 Source0:        http://www.cpan.org/authors/id/B/BI/BINGOS/Module-CoreList-%{version}.tar.gz
+# Avoid loading optional modules from default . (CVE-2016-1238)
+Patch0:         Module-CoreList-5.20160720-CVE-2016-1238-avoid-loading-optional-modules-from.patch
 BuildArch:      noarch
 BuildRequires:  findutils
 BuildRequires:  make
@@ -59,6 +61,7 @@ modules were shipped with given perl version.
 
 %prep
 %setup -q -n Module-CoreList-%{version}
+%patch0 -p1
 
 %build
 perl Makefile.PL INSTALLDIRS=vendor
@@ -83,6 +86,9 @@ make test
 %{_mandir}/man1/corelist.*
 
 %changelog
+* Fri Aug 05 2016 Jitka Plesnikova <jplesnik@redhat.com> - 1:5.20160720-2
+- Avoid loading optional modules from default . (CVE-2016-1238)
+
 * Thu Jul 21 2016 Petr Pisar <ppisar@redhat.com> - 1:5.20160720-1
 - 5.20160720 bump