[Pkg-nagios-changes] [SCM] Debian packaging for nagios nrpe branch, master, updated. debian/2.13-2-5-g4d71cc9
Alexander Wirt
formorer at debian.org
Sat Mar 9 07:56:27 UTC 2013
The following commit has been merged in the master branch:
commit 4d71cc911d69388b99314423a0ef421b34040833
Author: Alexander Wirt <formorer at debian.org>
Date: Sat Mar 9 08:52:22 2013 +0100
Finalize changelog
diff --git a/debian/changelog b/debian/changelog
index 5bb8f53..8a6d752 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,14 @@
+nagios-nrpe (2.13-3) unstable; urgency=high
+
+ * [e55afd1] Add 08_CVE-2013-1362.dpatch patch.
+ If command arguments are enabled in the NRPE configuration, it was
+ possible to pass $() as arguments as the checking for nasty caracters
+ was not strict enough to catch $(). This allowed executing shell
+ commands under a subprocess and pass the output as a parameter to the
+ called script (if run under bash). CVE-2013-1362 (Closes: #701227)
+
+ -- Alexander Wirt <formorer at debian.org> Sat, 09 Mar 2013 08:42:05 +0100
+
nagios-nrpe (2.13-2) unstable; urgency=high
[ Thijs Kinkhorst ]
--
Debian packaging for nagios nrpe
More information about the Pkg-nagios-changes
mailing list