* 0.73 with File::Spec->file_name_is_absolute.

  It's more correct, but ultimately equivalent, because we
  don't install on Win32 anyway.

  Also add CVE-2013-2145 reference to Changes.

Author: audreyt

Changes

@@ -1,17 +1,21 @@
+[Changes for 0.73 - Wed Jun  5 23:44:57 CST 2013]
+
+* Properly redo the previous fix using File::Spec->file_name_is_absolute.
+
 [Changes for 0.72 - Wed Jun  5 23:19:02 CST 2013]
 
 * Only allow loading Digest::* from absolute paths in @INC,
   by ensuring they begin with \ or / characters.
 
-  Contributed by: Florian Weimer
+  Contributed by: Florian Weimer (CVE-2013-2145)
 
 [Changes for 0.71 - Tue Jun  4 18:24:10 CST 2013]
 
 * Constrain the user-specified digest name to /^\w+\d+$/.
 
 * Avoid loading Digest::* from relative paths in @INC.
 
-  Contributed by: Florian Weimer
+  Contributed by: Florian Weimer (CVE-2013-2145)
 
 [Changes for 0.70 - Thu Nov 29 01:45:54 CST 2012]
 

META.yml

@@ -25,4 +25,4 @@ requires:
   perl: 5.005
 resources:
   repository: http://github.com/audreyt/module-signature
-version: 0.72
+version: 0.73

lib/Module/Signature.pm

@@ -1,5 +1,5 @@
 package Module::Signature;
-$Module::Signature::VERSION = '0.72';
+$Module::Signature::VERSION = '0.73';
 
 use 5.005;
 use strict;
@@ -18,6 +18,7 @@ use constant CIPHER_UNKNOWN      => -6;
 
 use ExtUtils::Manifest ();
 use Exporter;
+use File::Spec;
 
 @EXPORT_OK      = (
     qw(sign verify),
@@ -534,7 +535,7 @@ sub _digest_object {
     my($algorithm) = @_;
 
     # Avoid loading Digest::* from relative paths in @INC.
-    local @INC = grep { m{^[\\/]} } @INC;
+    local @INC = grep { File::Spec->file_name_is_absolute($_) } @INC;
 
     # Constrain algorithm name to be of form ABC123.
     my ($base, $variant) = ($algorithm =~ /^([_a-zA-Z]+)([0-9]+)$/g)