Submitted by: Matt Burgess <matthew at linuxfromscratch dot org>
Date: 2011-11-25
Inital Package Version: 5.14.2
Origin: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-3597
Upstream Status: From Upstream
Description: Fixed an arbitrary code execution vulnerability in Perl's Digest
             module

diff -Naur perl-5.14.2.orig/cpan/Digest/Digest.pm perl-5.14.2/cpan/Digest/Digest.pm
--- perl-5.14.2.orig/cpan/Digest/Digest.pm	2010-12-30 02:07:15.000000000 +0000
+++ perl-5.14.2/cpan/Digest/Digest.pm	2011-11-20 20:22:27.306414256 +0000
@@ -35,7 +35,9 @@
 	($class, @args) = @$class if ref($class);
 	no strict 'refs';
 	unless (exists ${"$class\::"}{"VERSION"}) {
-	    eval "require $class";
+	    my $pm_file = $class . ".pm";
+	    $pm_file =~ s{::}{/}g;
+	    eval { require $pm_file };
 	    if ($@) {
 		$err ||= $@;
 		next;