[ubuntu/saucy-proposed] nagios-nrpe 2.13-3ubuntu1 (Accepted)

Michael Terry mterry at ubuntu.com
Tue Apr 30 16:40:41 UTC 2013 

nagios-nrpe (2.13-3ubuntu1) saucy; urgency=low

  * Merge from Debian unstable.  Remaining changes:
    - debian/{rules,control}: Add hardening-includes to gain PIE security
      builds.
    - debian/rules: Use dpkg-buildflags.

nagios-nrpe (2.13-3) unstable; urgency=high

  * [e55afd1] Add 08_CVE-2013-1362.dpatch patch.
    If command arguments are enabled in the NRPE configuration, it was
    possible to pass $() as arguments as the checking for nasty caracters
    was not strict enough to catch $(). This allowed executing shell
    commands under a subprocess and pass the output as a parameter to the
    called script (if run under bash). CVE-2013-1362 (Closes: #701227)

Date: Tue, 30 Apr 2013 09:24:13 -0700
Changed-By: Michael Terry <mterry at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel at lists.ubuntu.com>
https://launchpad.net/ubuntu/saucy/+source/nagios-nrpe/2.13-3ubuntu1
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Tue, 30 Apr 2013 09:24:13 -0700
Source: nagios-nrpe
Binary: nagios-nrpe-server nagios-nrpe-plugin
Architecture: source
Version: 2.13-3ubuntu1
Distribution: saucy
Urgency: high
Maintainer: Ubuntu Developers <ubuntu-devel at lists.ubuntu.com>
Changed-By: Michael Terry <mterry at ubuntu.com>
Description: 
 nagios-nrpe-plugin - Nagios Remote Plugin Executor Plugin
 nagios-nrpe-server - Nagios Remote Plugin Executor Server
Closes: 701227
Changes: 
 nagios-nrpe (2.13-3ubuntu1) saucy; urgency=low
 .
   * Merge from Debian unstable.  Remaining changes:
     - debian/{rules,control}: Add hardening-includes to gain PIE security
       builds.
     - debian/rules: Use dpkg-buildflags.
 .
 nagios-nrpe (2.13-3) unstable; urgency=high
 .
   * [e55afd1] Add 08_CVE-2013-1362.dpatch patch.
     If command arguments are enabled in the NRPE configuration, it was
     possible to pass $() as arguments as the checking for nasty caracters
     was not strict enough to catch $(). This allowed executing shell
     commands under a subprocess and pass the output as a parameter to the
     called script (if run under bash). CVE-2013-1362 (Closes: #701227)
Checksums-Sha1: 
 8397d08ecc26e1f3d7a6e08eb7b46eed14d6f92e 1475 nagios-nrpe_2.13-3ubuntu1.dsc
 6c34709dc47ed0336e25e01a6e0aa86563f6ee0f 11969 nagios-nrpe_2.13-3ubuntu1.diff.gz
Checksums-Sha256: 
 e20fbb2a0939e179a673adac047db5936d8515300bed4a97472ac14afc191292 1475 nagios-nrpe_2.13-3ubuntu1.dsc
 a804d9af2e1b8aa89ae275d4f5f65658f2e5e2cc4cf15285410124d54097df8b 11969 nagios-nrpe_2.13-3ubuntu1.diff.gz
Files: 
 7b1f2eabc391f7b20b7a5cf6bb65babf 1475 net optional nagios-nrpe_2.13-3ubuntu1.dsc
 67d90c1efc6d139bdd5fa26e7f6f956a 11969 net optional nagios-nrpe_2.13-3ubuntu1.diff.gz
Original-Maintainer: Debian Nagios Maintainer Group <pkg-nagios-devel at lists.alioth.debian.org>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlF/8pIACgkQ53i2YxNrdi2kNgCg4jvXV0KR8KaMK1brOFPpJxFN
uKQAn0Wtv8O00PyuoBxcnRiHRfTPythC
=WbJM
-----END PGP SIGNATURE-----

More information about the Saucy-changes mailing list