[Pkg-nagios-changes] [pkg-nrpe] 10/15: 08_CVE-2013-1362.dpatch is now obsolete

Alexander Wirt formorer at debian.org
Tue Jul 15 16:24:53 UTC 2014 

This is an automated email from the git hooks/post-receive script.

formorer pushed a commit to branch master
in repository pkg-nrpe.

commit 86ea67e5e4f0d0bcca40f658aadec69fff4e6610
Author: Alexander Wirt <formorer at debian.org>
Date:   Tue Jul 15 14:14:35 2014 +0200

    08_CVE-2013-1362.dpatch is now obsolete
---
 debian/patches/08_CVE-2013-1362.dpatch | 26 --------------------------
 1 file changed, 26 deletions(-)

diff --git a/debian/patches/08_CVE-2013-1362.dpatch b/debian/patches/08_CVE-2013-1362.dpatch
deleted file mode 100755
index 3e96194..0000000
--- a/debian/patches/08_CVE-2013-1362.dpatch
+++ /dev/null
@@ -1,26 +0,0 @@
-#! /bin/sh /usr/share/dpatch/dpatch-run
-## 08_CVE-2013-1362.dpatch by Salvatore Bonaccorso <carnil at debian.org>
-##
-## All lines beginning with `## DP:' are a description of the patch.
-## DP: nagios-nrpe prior to 2.14 allows the passing of $() as command
-## DP: arguments to execute shell commands if command arguments are
-## DP: explicitly enabled. Filtering out nasty caracters is not 
-## DP: strict enough to disallow $(), allowing executing shell commands
-## DP: under a subprocess and pass the output as a parameter to the
-## DP: called script (if run under bash).
-
- at DPATCH@
-diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' pkg-nrpe~/src/nrpe.c pkg-nrpe/src/nrpe.c
---- pkg-nrpe~/src/nrpe.c	2013-03-09 08:12:53.000000000 +0100
-+++ pkg-nrpe/src/nrpe.c	2013-03-09 08:15:25.714710355 +0100
-@@ -1746,6 +1746,10 @@
- 				syslog(LOG_ERR,"Error: Request contained an empty command argument");
- 				return ERROR;
- 		                }
-+            if(strstr(macro_argv[x],"$(")) {
-+                syslog(LOG_ERR,"Error: Request contained a bash command substitution!");
-+                return ERROR;
-+                        }
- 		        }
- 	        }
- #endif

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-nagios/pkg-nrpe.git

More information about the Pkg-nagios-changes mailing list