Version in base suite: 3.08-1
Version in overlay suite: 3.08-1+deb11u1

Base version: libencode-perl_3.08-1
Target version: libencode-perl_3.08-1+deb11u1
Base file: /srv/ftp-master.debian.org/ftp/pool/main/libe/libencode-perl/libencode-perl_3.08-1.dsc
Target file: /srv/ftp-master.debian.org/ftp/pool/main/libe/libencode-perl/libencode-perl_3.08-1+deb11u1.dsc

 changelog                                                          |    6 ++
 patches/0001-mitigate-INC-pollution-when-loading-ConfigLocal.patch |   27 ++++++++++
 patches/series                                                     |    1 
 3 files changed, 34 insertions(+)

diff -Nru libencode-perl-3.08/debian/changelog libencode-perl-3.08/debian/changelog
--- libencode-perl-3.08/debian/changelog	2020-12-02 18:05:16.000000000 +0000
+++ libencode-perl-3.08/debian/changelog	2021-08-06 18:49:32.000000000 +0000
@@ -1,3 +1,9 @@
+libencode-perl (3.08-1+deb11u1) bullseye-security; urgency=high
+
+  * [SECURITY] CVE-2021-36770: Encode loading code from working directory
+
+ -- Niko Tyni <ntyni@debian.org>  Fri, 06 Aug 2021 21:49:32 +0300
+
 libencode-perl (3.08-1) unstable; urgency=medium
 
   * Import upstream version 3.08.
diff -Nru libencode-perl-3.08/debian/patches/0001-mitigate-INC-pollution-when-loading-ConfigLocal.patch libencode-perl-3.08/debian/patches/0001-mitigate-INC-pollution-when-loading-ConfigLocal.patch
--- libencode-perl-3.08/debian/patches/0001-mitigate-INC-pollution-when-loading-ConfigLocal.patch	1970-01-01 00:00:00.000000000 +0000
+++ libencode-perl-3.08/debian/patches/0001-mitigate-INC-pollution-when-loading-ConfigLocal.patch	2021-08-06 18:49:32.000000000 +0000
@@ -0,0 +1,27 @@
+From 200652dec217550188bf7984021552bd4114fe34 Mon Sep 17 00:00:00 2001
+From: Ricardo Signes <rjbs@semiotic.systems>
+Date: Sat, 17 Jul 2021 14:46:10 -0400
+Subject: [PATCH] mitigate @INC pollution when loading ConfigLocal
+
+---
+ Encode.pm | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/Encode.pm b/Encode.pm
+index d3eb3c1..9fb5fc7 100644
+--- a/Encode.pm
++++ b/Encode.pm
+@@ -65,8 +65,8 @@ require Encode::Config;
+ eval {
+     local $SIG{__DIE__};
+     local $SIG{__WARN__};
+-    local @INC = @INC || ();
+-    pop @INC if $INC[-1] eq '.';
++    local @INC = @INC;
++    pop @INC if @INC && $INC[-1] eq '.';
+     require Encode::ConfigLocal;
+ };
+ 
+-- 
+2.29.2
+
diff -Nru libencode-perl-3.08/debian/patches/series libencode-perl-3.08/debian/patches/series
--- libencode-perl-3.08/debian/patches/series	1970-01-01 00:00:00.000000000 +0000
+++ libencode-perl-3.08/debian/patches/series	2021-08-06 18:49:32.000000000 +0000
@@ -0,0 +1 @@
+0001-mitigate-INC-pollution-when-loading-ConfigLocal.patch